From 86ce060b468608716193d685392f08030626b367 Mon Sep 17 00:00:00 2001
From: Josh Boyer <jwboyer@redhat.com>
Date: Mar 07 2013 12:56:22 +0000
Subject: CVE-2013-1792 keys: race condition in install_user_keyrings (rhbz 916646 919021)


---

diff --git a/kernel.spec b/kernel.spec
index 8923a71..c88ffab 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -738,6 +738,9 @@ Patch22264: efi-fixes-3.8.patch
 #rhbz 918512 918521
 Patch22265: crypto-user-fix-info-leaks-in-report-API.patch
 
+# CVE-2013-1792 rhbz 916646,919021
+Patch22266: keys-fix-race-with-concurrent-install_user_keyrings.patch
+
 #rhbz 812111
 Patch24000: alps.patch
 
@@ -1452,6 +1455,9 @@ ApplyPatch userns-avoid-recursion-in-put_user_ns.patch
 #rhbz 859346
 ApplyPatch fix-destroy_conntrack-GPF.patch
 
+# CVE-2013-1792 rhbz 916646,919021
+ApplyPatch keys-fix-race-with-concurrent-install_user_keyrings.patch
+
 # END OF PATCH APPLICATIONS
 
 %endif
@@ -2308,6 +2314,9 @@ fi
 #    '-'      |  |
 #              '-'
 %changelog
+* Thu Mar 07 2013 Josh Boyer <jwboyer@redhat.com>
+- CVE-2013-1792 keys: race condition in install_user_keyrings (rhbz 916646 919021)
+
 * Wed Mar 06 2013 Justin M. Forbes <jforbes@redhat.com>
 - Remove Ricoh multifunction DMAR patch as it's no longer needed (rhbz 880051)
 - Fix destroy_conntrack GPF (rhbz 859346)
diff --git a/keys-fix-race-with-concurrent-install_user_keyrings.patch b/keys-fix-race-with-concurrent-install_user_keyrings.patch
new file mode 100644
index 0000000..ba7b30a
--- /dev/null
+++ b/keys-fix-race-with-concurrent-install_user_keyrings.patch
@@ -0,0 +1,15 @@
+diff --git a/security/keys/process_keys.c b/security/keys/process_keys.c
+index 58dfe08..c5ec083 100644
+--- a/security/keys/process_keys.c
++++ b/security/keys/process_keys.c
+@@ -57,7 +57,7 @@ int install_user_keyrings(void)
+ 
+ 	kenter("%p{%u}", user, uid);
+ 
+-	if (user->uid_keyring) {
++	if (user->uid_keyring && user->session_keyring) {
+ 		kleave(" = 0 [exist]");
+ 		return 0;
+ 	}
+
+  
\ No newline at end of file