diff options
| author | Matthew Wilcox <matthew@wil.cx> | 2006-09-24 15:35:50 -0400 |
|---|---|---|
| committer | Matthew Wilcox <willy@parisc-linux.org> | 2006-10-04 08:51:26 -0400 |
| commit | dc02747da7897cb89b62bb08aeb06fa0bb1e7319 (patch) | |
| tree | 8c1c43d4d98b24f92d68592462be8140b7795ba8 /fs/binfmt_som.c | |
| parent | 8d0b7d1055bedca784b143b0af9b37bd971b7cd2 (diff) | |
[PARISC] Fix fs/binfmt_som.c
Fix compilation (missing include of a.out.h)
Fix security hole (need to call unshare_files)
Signed-off-by: Matthew Wilcox <matthew@wil.cx>
Signed-off-by: Kyle McMartin <kyle@parisc-linux.org>
Diffstat (limited to 'fs/binfmt_som.c')
| -rw-r--r-- | fs/binfmt_som.c | 18 |
1 files changed, 16 insertions, 2 deletions
diff --git a/fs/binfmt_som.c b/fs/binfmt_som.c index 32b5d625ce9c..5bcdaaf4eae0 100644 --- a/fs/binfmt_som.c +++ b/fs/binfmt_som.c | |||
| @@ -29,6 +29,7 @@ | |||
| 29 | #include <linux/personality.h> | 29 | #include <linux/personality.h> |
| 30 | #include <linux/init.h> | 30 | #include <linux/init.h> |
| 31 | 31 | ||
| 32 | #include <asm/a.out.h> | ||
| 32 | #include <asm/uaccess.h> | 33 | #include <asm/uaccess.h> |
| 33 | #include <asm/pgtable.h> | 34 | #include <asm/pgtable.h> |
| 34 | 35 | ||
| @@ -194,6 +195,7 @@ load_som_binary(struct linux_binprm * bprm, struct pt_regs * regs) | |||
| 194 | unsigned long som_entry; | 195 | unsigned long som_entry; |
| 195 | struct som_hdr *som_ex; | 196 | struct som_hdr *som_ex; |
| 196 | struct som_exec_auxhdr *hpuxhdr; | 197 | struct som_exec_auxhdr *hpuxhdr; |
| 198 | struct files_struct *files; | ||
| 197 | 199 | ||
| 198 | /* Get the exec-header */ | 200 | /* Get the exec-header */ |
| 199 | som_ex = (struct som_hdr *) bprm->buf; | 201 | som_ex = (struct som_hdr *) bprm->buf; |
| @@ -208,15 +210,27 @@ load_som_binary(struct linux_binprm * bprm, struct pt_regs * regs) | |||
| 208 | size = som_ex->aux_header_size; | 210 | size = som_ex->aux_header_size; |
| 209 | if (size > SOM_PAGESIZE) | 211 | if (size > SOM_PAGESIZE) |
| 210 | goto out; | 212 | goto out; |
| 211 | hpuxhdr = (struct som_exec_auxhdr *) kmalloc(size, GFP_KERNEL); | 213 | hpuxhdr = kmalloc(size, GFP_KERNEL); |
| 212 | if (!hpuxhdr) | 214 | if (!hpuxhdr) |
| 213 | goto out; | 215 | goto out; |
| 214 | 216 | ||
| 215 | retval = kernel_read(bprm->file, som_ex->aux_header_location, | 217 | retval = kernel_read(bprm->file, som_ex->aux_header_location, |
| 216 | (char *) hpuxhdr, size); | 218 | (char *) hpuxhdr, size); |
| 219 | if (retval != size) { | ||
| 220 | if (retval >= 0) | ||
| 221 | retval = -EIO; | ||
| 222 | goto out_free; | ||
| 223 | } | ||
| 224 | |||
| 225 | files = current->files; /* Refcounted so ok */ | ||
| 226 | retval = unshare_files(); | ||
| 217 | if (retval < 0) | 227 | if (retval < 0) |
| 218 | goto out_free; | 228 | goto out_free; |
| 219 | #error "Fix security hole before enabling me" | 229 | if (files == current->files) { |
| 230 | put_files_struct(files); | ||
| 231 | files = NULL; | ||
| 232 | } | ||
| 233 | |||
| 220 | retval = get_unused_fd(); | 234 | retval = get_unused_fd(); |
| 221 | if (retval < 0) | 235 | if (retval < 0) |
| 222 | goto out_free; | 236 | goto out_free; |