[PATCH][1/2] - catch ignored copy_*_user() - fs/binfmt_elf.c

From: Jeremy Huddleston
Date: Sat Dec 25 2004 - 07:04:34 EST

Next message: Jeremy Huddleston: "[PATCH][2/2] - catch ignored copy_*_user() - fs/compat_ioctl.c"
Previous message: Matan Peled: "Re: Trying out SCHED_BATCH"
Next in thread: Jesper Juhl: "Re: [PATCH][1/2] - catch ignored copy_*_user() - fs/binfmt_elf.c"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Here are a couple patches to cleanup some uncaught copy_*_user() calls.
Catch and handle some previously ignored copy_*_user() calls

Signed-off-by: Jeremy Huddleston <eradicator@xxxxxxxxxx>

diff -Naurp linux-2.6.10-rc3-bk8/fs/binfmt_elf.c linux-2.6.10-rc3-bk8.edit/fs/binfmt_elf.c
--- linux-2.6.10-rc3-bk8/fs/binfmt_elf.c 2004-12-15 00:15:45.000000000 -0800
+++ linux-2.6.10-rc3-bk8.edit/fs/binfmt_elf.c 2004-12-15 12:58:41.000000000 -0800
@@ -103,15 +103,18 @@ static int set_brk(unsigned long start,
be in memory */

-static void padzero(unsigned long elf_bss)
+static int padzero(unsigned long elf_bss)
{
unsigned long nbyte;

nbyte = ELF_PAGEOFFSET(elf_bss);
if (nbyte) {
nbyte = ELF_MIN_ALIGN - nbyte;
- clear_user((void __user *) elf_bss, nbyte);
+ if(clear_user((void __user *) elf_bss, nbyte))
+ return -EFAULT;
}
+
+ return 0;
}

/* Let's use some macros to make this stack manipulation a litle clearer */
@@ -403,7 +406,10 @@ static unsigned long load_elf_interp(str
* that there are zero-mapped pages up to and including the
* last bss page.
*/
- padzero(elf_bss);
+ error = padzero(elf_bss);
+ if(error)
+ goto out_close;
+
elf_bss = ELF_PAGESTART(elf_bss + ELF_MIN_ALIGN - 1); /* What we have mapped so far */

/* Map the last of the bss segment */
@@ -773,7 +779,11 @@ static int load_elf_binary(struct linux_
nbyte = ELF_MIN_ALIGN - nbyte;
if (nbyte > elf_brk - elf_bss)
nbyte = elf_brk - elf_bss;
- clear_user((void __user *) elf_bss + load_bias, nbyte);
+ retval = clear_user((void __user *) elf_bss + load_bias, nbyte);
+ if (retval) {
+ send_sig(SIGKILL, current, 0);
+ goto out_free_dentry;
+ }
}
}

@@ -857,7 +867,11 @@ static int load_elf_binary(struct linux_
send_sig(SIGKILL, current, 0);
goto out_free_dentry;
}
- padzero(elf_bss);
+ retval = padzero(elf_bss);
+ if(retval) {
+ send_sig(SIGKILL, current, 0);
+ goto out_free_dentry;
+ }

if (elf_interpreter) {
if (interpreter_type == INTERPRETER_AOUT)
@@ -1020,7 +1034,9 @@ static int load_elf_library(struct file
goto out_free_ph;

elf_bss = elf_phdata->p_vaddr + elf_phdata->p_filesz;
- padzero(elf_bss);
+ error = padzero(elf_bss);
+ if(error)
+ goto out_free_ph;

len = ELF_PAGESTART(elf_phdata->p_filesz + elf_phdata->p_vaddr + ELF_MIN_ALIGN - 1);
bss = elf_phdata->p_memsz + elf_phdata->p_vaddr;

Attachment: signature.asc
Description: This is a digitally signed message part

Next message: Jeremy Huddleston: "[PATCH][2/2] - catch ignored copy_*_user() - fs/compat_ioctl.c"
Previous message: Matan Peled: "Re: Trying out SCHED_BATCH"
Next in thread: Jesper Juhl: "Re: [PATCH][1/2] - catch ignored copy_*_user() - fs/binfmt_elf.c"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]