• Tetsuo Handa's avatar
    exec: remove argv_len from struct linux_binprm · 175a06ae
    Tetsuo Handa authored
    I noticed that 2.6.24.2 calculates bprm->argv_len at do_execve().  But it
    doesn't update bprm->argv_len after "remove_arg_zero() +
    copy_strings_kernel()" at load_script() etc.
    
    audit_bprm() is called from search_binary_handler() and
    search_binary_handler() is called from load_script() etc.  Thus, I think the
    condition check
    
      if (bprm->argv_len > (audit_argv_kb << 10))
              return -E2BIG;
    
    in audit_bprm() might return wrong result when strlen(removed_arg) !=
    strlen(spliced_args).  Why not update bprm->argv_len at load_script() etc.  ?
    
    By the way, 2.6.25-rc3 seems to not doing the condition check.  Is the field
    bprm->argv_len no longer needed?
    Signed-off-by: default avatarTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
    Cc: Ollie Wild <aaw@google.com>
    Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
    Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
    175a06ae
exec.c 40.6 KB