diff options
Diffstat (limited to 'sys-kernel/usermode-sources/files/usermode-sources-2.6.CAN-2005-0749.patch')
-rw-r--r-- | sys-kernel/usermode-sources/files/usermode-sources-2.6.CAN-2005-0749.patch | 92 |
1 files changed, 0 insertions, 92 deletions
diff --git a/sys-kernel/usermode-sources/files/usermode-sources-2.6.CAN-2005-0749.patch b/sys-kernel/usermode-sources/files/usermode-sources-2.6.CAN-2005-0749.patch deleted file mode 100644 index 46beac7587df..000000000000 --- a/sys-kernel/usermode-sources/files/usermode-sources-2.6.CAN-2005-0749.patch +++ /dev/null @@ -1,92 +0,0 @@ -diff -Naru a/fs/binfmt_elf.c b/fs/binfmt_elf.c ---- a/fs/binfmt_elf.c 2005-04-29 17:13:50 -07:00 -+++ b/fs/binfmt_elf.c 2005-04-29 17:13:50 -07:00 -@@ -1008,6 +1008,7 @@ - static int load_elf_library(struct file *file) - { - struct elf_phdr *elf_phdata; -+ struct elf_phdr *eppnt; - unsigned long elf_bss, bss, len; - int retval, error, i, j; - struct elfhdr elf_ex; -@@ -1031,44 +1032,47 @@ - /* j < ELF_MIN_ALIGN because elf_ex.e_phnum <= 2 */ - - error = -ENOMEM; -- elf_phdata = (struct elf_phdr *) kmalloc(j, GFP_KERNEL); -+ elf_phdata = kmalloc(j, GFP_KERNEL); - if (!elf_phdata) - goto out; - -+ eppnt = elf_phdata; - error = -ENOEXEC; -- retval = kernel_read(file, elf_ex.e_phoff, (char *) elf_phdata, j); -+ retval = kernel_read(file, elf_ex.e_phoff, (char *)eppnt, j); - if (retval != j) - goto out_free_ph; - - for (j = 0, i = 0; i<elf_ex.e_phnum; i++) -- if ((elf_phdata + i)->p_type == PT_LOAD) j++; -+ if ((eppnt + i)->p_type == PT_LOAD) -+ j++; - if (j != 1) - goto out_free_ph; - -- while (elf_phdata->p_type != PT_LOAD) elf_phdata++; -+ while (eppnt->p_type != PT_LOAD) -+ eppnt++; - - /* Now use mmap to map the library into memory. */ - down_write(¤t->mm->mmap_sem); - error = do_mmap(file, -- ELF_PAGESTART(elf_phdata->p_vaddr), -- (elf_phdata->p_filesz + -- ELF_PAGEOFFSET(elf_phdata->p_vaddr)), -+ ELF_PAGESTART(eppnt->p_vaddr), -+ (eppnt->p_filesz + -+ ELF_PAGEOFFSET(eppnt->p_vaddr)), - PROT_READ | PROT_WRITE | PROT_EXEC, - MAP_FIXED | MAP_PRIVATE | MAP_DENYWRITE, -- (elf_phdata->p_offset - -- ELF_PAGEOFFSET(elf_phdata->p_vaddr))); -+ (eppnt->p_offset - -+ ELF_PAGEOFFSET(eppnt->p_vaddr))); - up_write(¤t->mm->mmap_sem); -- if (error != ELF_PAGESTART(elf_phdata->p_vaddr)) -+ if (error != ELF_PAGESTART(eppnt->p_vaddr)) - goto out_free_ph; - -- elf_bss = elf_phdata->p_vaddr + elf_phdata->p_filesz; -+ elf_bss = eppnt->p_vaddr + eppnt->p_filesz; - if (padzero(elf_bss)) { - error = -EFAULT; - goto out_free_ph; - } - -- len = ELF_PAGESTART(elf_phdata->p_filesz + elf_phdata->p_vaddr + ELF_MIN_ALIGN - 1); -- bss = elf_phdata->p_memsz + elf_phdata->p_vaddr; -+ len = ELF_PAGESTART(eppnt->p_filesz + eppnt->p_vaddr + ELF_MIN_ALIGN - 1); -+ bss = eppnt->p_memsz + eppnt->p_vaddr; - if (bss > len) { - down_write(¤t->mm->mmap_sem); - do_brk(len, bss - len); -# This is a BitKeeper generated diff -Nru style patch. -# -# ChangeSet -# 2005/03/25 17:50:52-08:00 akpm@osdl.org -# [PATCH] Potential DOS in load_elf_library -# -# From: Herbert Xu <herbert@gondor.apana.org.au> -# -# Yichen Xie <yxie@cs.stanford.edu> points out that load_elf_library can -# modify `elf_phdata' before freeing it. -# -# CAN-2005-0749 is assigned to this issue. -# -# Signed-off-by: Andrew Morton <akpm@osdl.org> -# Signed-off-by: Chris Wright <chrisw@osdl.org> -# -# fs/binfmt_elf.c -# 2005/03/20 16:56:41-08:00 akpm@osdl.org +17 -13 -# Potential DOS in load_elf_library -# |