summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMatthew Wilcox <matthew@wil.cx>2006-09-24 13:35:50 -0600
committerMatthew Wilcox <willy@parisc-linux.org>2006-10-04 06:51:26 -0600
commitdc02747da7897cb89b62bb08aeb06fa0bb1e7319 (patch)
tree8c1c43d4d98b24f92d68592462be8140b7795ba8
parent8d0b7d1055bedca784b143b0af9b37bd971b7cd2 (diff)
downloadlinux-3.10-dc02747da7897cb89b62bb08aeb06fa0bb1e7319.tar.gz
linux-3.10-dc02747da7897cb89b62bb08aeb06fa0bb1e7319.tar.bz2
linux-3.10-dc02747da7897cb89b62bb08aeb06fa0bb1e7319.zip
[PARISC] Fix fs/binfmt_som.c
Fix compilation (missing include of a.out.h) Fix security hole (need to call unshare_files) Signed-off-by: Matthew Wilcox <matthew@wil.cx> Signed-off-by: Kyle McMartin <kyle@parisc-linux.org>
-rw-r--r--fs/binfmt_som.c18
1 files changed, 16 insertions, 2 deletions
diff --git a/fs/binfmt_som.c b/fs/binfmt_som.c
index 32b5d625ce9..5bcdaaf4eae 100644
--- a/fs/binfmt_som.c
+++ b/fs/binfmt_som.c
@@ -29,6 +29,7 @@
#include <linux/personality.h>
#include <linux/init.h>
+#include <asm/a.out.h>
#include <asm/uaccess.h>
#include <asm/pgtable.h>
@@ -194,6 +195,7 @@ load_som_binary(struct linux_binprm * bprm, struct pt_regs * regs)
unsigned long som_entry;
struct som_hdr *som_ex;
struct som_exec_auxhdr *hpuxhdr;
+ struct files_struct *files;
/* Get the exec-header */
som_ex = (struct som_hdr *) bprm->buf;
@@ -208,15 +210,27 @@ load_som_binary(struct linux_binprm * bprm, struct pt_regs * regs)
size = som_ex->aux_header_size;
if (size > SOM_PAGESIZE)
goto out;
- hpuxhdr = (struct som_exec_auxhdr *) kmalloc(size, GFP_KERNEL);
+ hpuxhdr = kmalloc(size, GFP_KERNEL);
if (!hpuxhdr)
goto out;
retval = kernel_read(bprm->file, som_ex->aux_header_location,
(char *) hpuxhdr, size);
+ if (retval != size) {
+ if (retval >= 0)
+ retval = -EIO;
+ goto out_free;
+ }
+
+ files = current->files; /* Refcounted so ok */
+ retval = unshare_files();
if (retval < 0)
goto out_free;
-#error "Fix security hole before enabling me"
+ if (files == current->files) {
+ put_files_struct(files);
+ files = NULL;
+ }
+
retval = get_unused_fd();
if (retval < 0)
goto out_free;