Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6:
  security: testing the wrong variable in create_by_name()
  CRED: Fix a race in creds_are_invalid() in credentials debugging
  CRED: Fix double free in prepare_usermodehelper_creds() error handling

2 files changed, 4 insertions, 4 deletions

diff --git a/kernel/cred.c b/kernel/cred.c
index e1dbe9eef800..62af1816c235 100644
--- a/kernel/cred.c
+++ b/kernel/cred.c
@@ -398,6 +398,8 @@ struct cred *prepare_usermodehelper_creds(void)
 
 error:
         put_cred(new);
+        return NULL;
+
 free_tgcred:
 #ifdef CONFIG_KEYS
         kfree(tgcred);
@@ -791,8 +793,6 @@ bool creds_are_invalid(const struct cred *cred)
 {
         if (cred->magic != CRED_MAGIC)
                 return true;
-        if (atomic_read(&cred->usage) < atomic_read(&cred->subscribers))
-                return true;
 #ifdef CONFIG_SECURITY_SELINUX
         if (selinux_is_enabled()) {
                 if ((unsigned long) cred->security < PAGE_SIZE)
diff --git a/security/inode.c b/security/inode.c
index c3a793881d04..1c812e874504 100644
--- a/security/inode.c
+++ b/security/inode.c
@@ -161,13 +161,13 @@ static int create_by_name(const char *name, mode_t mode,
 
         mutex_lock(&parent->d_inode->i_mutex);
         *dentry = lookup_one_len(name, parent, strlen(name));
-        if (!IS_ERR(dentry)) {
+        if (!IS_ERR(*dentry)) {
                 if ((mode & S_IFMT) == S_IFDIR)
                         error = mkdir(parent->d_inode, *dentry, mode);
                 else
                         error = create(parent->d_inode, *dentry, mode);
         } else
-                error = PTR_ERR(dentry);
+                error = PTR_ERR(*dentry);
         mutex_unlock(&parent->d_inode->i_mutex);
 
         return error;