2.4.10 bad ELF kills system bug

2.4.10 bad ELF kills system bug

[Tim Hockin]

I can't believe how nonchalant everyone is about this bug.  Is there a
definate fix yet?  If so, what is it?  Will there be a rushed 2.4.11, or
will it languish for a while?

just want to know, so we can patch up our products :)

Tim

Re: 2.4.10 bad ELF kills system bug

[Linus Torvalds]

In article <200110030040.f930eF921188@www.hockin.org>,
Tim Hockin  <thockin@hockin.org> wrote:
>I can't believe how nonchalant everyone is about this bug.  Is there a
>definate fix yet?  If so, what is it?  Will there be a rushed 2.4.11, or
>will it languish for a while?

Well, the bug is actually ancient. The fix is something along the lines
of the attached, although there are people with prettier versions
(Andrea is looking at other buglets in the ELF loader).

		Linus

----
--- pre2/linux/fs/binfmt_elf.c	Tue Oct  2 16:24:18 2001
+++ linux/fs/binfmt_elf.c	Tue Oct  2 16:23:33 2001
@@ -298,6 +298,8 @@
 	    	elf_type |= MAP_FIXED;
 
 	    map_addr = elf_map(interpreter, load_addr + vaddr, eppnt, elf_prot, elf_type);
+	    if (map_addr > TASK_SIZE)
+	    	goto out_close;
 
 	    if (!load_addr_set && interp_elf_ex->e_type == ET_DYN) {
 		load_addr = map_addr - ELF_PAGESTART(vaddr);
@@ -649,6 +651,8 @@
 		}
 
 		error = elf_map(bprm->file, load_bias + vaddr, elf_ppnt, elf_prot, elf_flags);
+		if (error > TASK_SIZE)
+			continue;
 
 		if (!load_addr_set) {
 			load_addr_set = 1;