PerceptionPointTeam/process_keys.c Secret

## process_keys.c
long join_session_keyring(const char *name)
{
 ...
       new = prepare_creds();
 ...
       keyring = find_keyring_by_name(name, false); //find_keyring_by_name increments  keyring->usage if a keyring was found
       if (PTR_ERR(keyring) == -ENOKEY) {
               /* not found - try and create a new one */
               keyring = keyring_alloc(
                       name, old->uid, old->gid, old,
                       KEY_POS_ALL | KEY_USR_VIEW | KEY_USR_READ | KEY_USR_LINK,
                       KEY_ALLOC_IN_QUOTA, NULL);
               if (IS_ERR(keyring)) {
                       ret = PTR_ERR(keyring);
                       goto error2;
               }
       } else if (IS_ERR(keyring)) {
               ret = PTR_ERR(keyring);
               goto error2;
       } else if (keyring == new->session_keyring) {
               ret = 0;
               goto error2; //<-- The bug is here, skips key_put.
       }

       /* we've got a keyring - now install it */
       ret = install_session_keyring_to_cred(new, keyring);
       if (ret < 0)
               goto error2;

       commit_creds(new);
       mutex_unlock(&key_session_mutex);

       ret = keyring->serial;
       key_put(keyring);
okay:
       return ret;

error2:
       mutex_unlock(&key_session_mutex);
error:
       abort_creds(new);
       return ret;
}
	long join_session_keyring(const char *name)
	{
	...
	new = prepare_creds();
	...
	keyring = find_keyring_by_name(name, false); //find_keyring_by_name increments keyring->usage if a keyring was found
	if (PTR_ERR(keyring) == -ENOKEY) {
	/* not found - try and create a new one */
	keyring = keyring_alloc(
	name, old->uid, old->gid, old,
	KEY_POS_ALL \| KEY_USR_VIEW \| KEY_USR_READ \| KEY_USR_LINK,
	KEY_ALLOC_IN_QUOTA, NULL);
	if (IS_ERR(keyring)) {
	ret = PTR_ERR(keyring);
	goto error2;
	}
	} else if (IS_ERR(keyring)) {
	ret = PTR_ERR(keyring);
	goto error2;
	} else if (keyring == new->session_keyring) {
	ret = 0;
	goto error2; //<-- The bug is here, skips key_put.
	}

	/* we've got a keyring - now install it */
	ret = install_session_keyring_to_cred(new, keyring);
	if (ret < 0)
	goto error2;

	commit_creds(new);
	mutex_unlock(&key_session_mutex);

	ret = keyring->serial;
	key_put(keyring);
	okay:
	return ret;

	error2:
	mutex_unlock(&key_session_mutex);
	error:
	abort_creds(new);
	return ret;
	}