[PATCH] binfmt_elf: handle p_filesz == 0 on PT_INTERP section

Jakub Jelinek points out that current fix has an underflow problem if elf_ppnt->p_filesz == 0. Fix that up, and also stop overwriting interpreter buffer, simply check that it's NULL-terminated. From: Jakub Jelinek <jakub@redhat.com> Signed-off-by: Chris Wright <chrisw@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>

[PATCH] binfmt_elf: handle p_filesz == 0 on PT_INTERP section
Jakub Jelinek points out that current fix has an underflow problem if elf_ppnt->p_filesz == 0. Fix that up, and also stop overwriting interpreter buffer, simply check that it's NULL-terminated. From: Jakub Jelinek <jakub@redhat.com> Signed-off-by: Chris Wright <chrisw@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
7df2c1ef · Chris Wright · Linus Torvalds · 9cee3a47 · 7df2c1ef
Commit 7df2c1ef authored Nov 16, 2004 by Chris Wright Committed by Linus Torvalds Nov 16, 2004
Hide whitespace changes
Inline Side-by-side

Showing with 5 additions and 2 deletions

fs/binfmt_elf.c fs/binfmt_elf.c +5 -2

No files found.
--- a/fs/binfmt_elf.c
+++ b/fs/binfmt_elf.c
@@ -576,7 +576,8 @@ static int load_elf_binary(struct linux_binprm * bprm, struct pt_regs * regs)
 			 */

 			retval = -ENOMEM;
-			if (elf_ppnt->p_filesz > PATH_MAX)
+			if (elf_ppnt->p_filesz > PATH_MAX || 
+			    elf_ppnt->p_filesz == 0)
 				goto out_free_file;
 			elf_interpreter = (char *) kmalloc(elf_ppnt->p_filesz,
 							   GFP_KERNEL);
@@ -592,7 +593,9 @@ static int load_elf_binary(struct linux_binprm * bprm, struct pt_regs * regs)
 				goto out_free_interp;
 			}
 			/* make sure path is NULL terminated */
-			elf_interpreter[elf_ppnt->p_filesz - 1] = '\0';
+			retval = -EINVAL;
+			if (elf_interpreter[elf_ppnt->p_filesz - 1] != '\0')
+				goto out_free_interp;

 			/* If the program interpreter is one of these two,
 			 * then assume an iBCS2 image. Otherwise assume