Potential DOS in load_elf_library?

From: Yichen Xie
Date: Fri Mar 18 2005 - 03:16:47 EST

Next message: dave: "PROBLEM: 2.6.11.4 vaio z1xmp mouse click"
Previous message: Ingo Molnar: "Re: Real-Time Preemption and RCU"
Next in thread: Andrew Morton: "Re: Potential DOS in load_elf_library?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi guys, I was looking at the load_elf_library function (fs/binfmt_elf.c) in 2.6.10, and noticed the following:

elf_phdata = (struct elf_phdr *) kmalloc(j, GFP_KERNEL);
...
while (elf_phdata->p_type != PT_LOAD) elf_phdata++;
...
kfree(elf_phdata);

Could this be problematic since the pointer being freed might be different from that returned from kmalloc?
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: dave: "PROBLEM: 2.6.11.4 vaio z1xmp mouse click"
Previous message: Ingo Molnar: "Re: Real-Time Preemption and RCU"
Next in thread: Andrew Morton: "Re: Potential DOS in load_elf_library?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]