r2014 - in trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian: . patches patches/series
Simon Horman
horms@haydn.debian.org
Tue, 21 Dec 2004 02:56:33 -0700
Author: horms
Date: 2004-12-21 02:55:58 -0700 (Tue, 21 Dec 2004)
New Revision: 2014
Added:
trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/097-elf_loader_overflow-3.diff
Modified:
trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog
trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-7
Log:
Update ELF loader error handling and check for invalid binaries.
Modified: trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog
===================================================================
--- trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog 2004-12-21 09:34:50 UTC (rev 2013)
+++ trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog 2004-12-21 09:55:58 UTC (rev 2014)
@@ -15,10 +15,13 @@
(CAN-2004-1137) (dann frazier)
* 119-acpi_early-build.diff: Build fix for ACPI
(Closes: #286226) (Simon Horman)
- * 093-tty_lockup-3.diff: Updateded patch for race conditions in
+ * 093-tty_lockup-3.diff: Updateded patch for race conditions in
linux terminal subsystem from uptream (CAN-2004-0814) (Simon Horman)
+ * 097-elf_loader_overflow-3.diff:
+ Update ELF loader error handling and check for invalid binaries.
+ (Simon Horman)
- -- Simon Horman <horms@debian.org> Tue, 21 Dec 2004 18:27:09 +0900
+ -- Simon Horman <horms@debian.org> Tue, 21 Dec 2004 18:49:44 +0900
kernel-source-2.4.27 (2.4.27-6) unstable; urgency=low
Added: trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/097-elf_loader_overflow-3.diff
===================================================================
--- trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/097-elf_loader_overflow-3.diff 2004-12-21 09:34:50 UTC (rev 2013)
+++ trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/097-elf_loader_overflow-3.diff 2004-12-21 09:55:58 UTC (rev 2014)
@@ -0,0 +1,88 @@
+# origin: solar (BitKeeper)
+# cset: 1.1548 (2.4) key=41c67d3cIULXQlKnQTNeoBV6YoTRQw
+# inclusion: upstream
+# descrition: [PATCH] binfmt_elf fix return error codes and early corrupt binary detection
+# revision date: Tue, 21 Dec 2004 18:45:42 +0900
+#
+# S rset: ChangeSet|1.1547..1.1548
+# I rset: fs/binfmt_elf.c|1.35..1.36
+#
+# This is a BitKeeper generated diff -Nru style patch.
+#
+# ChangeSet
+# 2004/12/20 05:20:28-02:00 solar@openwall.com
+# [PATCH] binfmt_elf fix return error codes and early corrupt binary detection
+#
+# fs/binfmt_elf.c
+# 2004/12/17 16:17:46-02:00 solar@openwall.com +17 -7
+# binfmt_elf fix return errors code and early corrupt binary detection
+#
+#
+===== fs/binfmt_elf.c 1.35 vs 1.36 =====
+--- 1.35/fs/binfmt_elf.c 2004-10-16 20:16:38 +09:00
++++ 1.36/fs/binfmt_elf.c 2004-12-18 03:17:46 +09:00
+@@ -383,6 +383,12 @@
+ }
+
+ *interp_load_addr = load_addr;
++ /*
++ * XXX: is everything deallocated properly if this happens
++ * to be ~0UL (that is, we succeeded, but the header is broken
++ * and thus the caller will think that we failed)? We'd better
++ * switch to out-of-band error reporting.
++ */
+ error = ((unsigned long) interp_elf_ex->e_entry) + load_addr;
+
+ out_close:
+@@ -483,12 +489,13 @@
+
+ /* Now read in all of the header information */
+
+- retval = -ENOMEM;
+ if (elf_ex.e_phentsize != sizeof(struct elf_phdr))
+ goto out;
+- if (elf_ex.e_phnum > 65536U / sizeof(struct elf_phdr))
++ if (elf_ex.e_phnum < 1 ||
++ elf_ex.e_phnum > 65536U / sizeof(struct elf_phdr))
+ goto out;
+ size = elf_ex.e_phnum * sizeof(struct elf_phdr);
++ retval = -ENOMEM;
+ elf_phdata = (struct elf_phdr *) kmalloc(size, GFP_KERNEL);
+ if (!elf_phdata)
+ goto out;
+@@ -534,10 +541,12 @@
+ * is an a.out format binary
+ */
+
+- retval = -ENOMEM;
++ retval = -ENOEXEC;
+ if (elf_ppnt->p_filesz > PATH_MAX ||
+- elf_ppnt->p_filesz == 0)
++ elf_ppnt->p_filesz < 2)
+ goto out_free_file;
++
++ retval = -ENOMEM;
+ elf_interpreter = (char *) kmalloc(elf_ppnt->p_filesz,
+ GFP_KERNEL);
+ if (!elf_interpreter)
+@@ -552,7 +561,7 @@
+ goto out_free_interp;
+ }
+ /* make sure path is NULL terminated */
+- retval = -EINVAL;
++ retval = -ENOEXEC;
+ if (elf_interpreter[elf_ppnt->p_filesz - 1] != '\0')
+ goto out_free_interp;
+
+@@ -795,8 +804,9 @@
+ interpreter,
+ &interp_load_addr);
+ if (BAD_ADDR(elf_entry)) {
+- printk(KERN_ERR "Unable to load interpreter\n");
+- send_sig(SIGSEGV, current, 0);
++ printk(KERN_ERR "Unable to load interpreter %.128s\n",
++ elf_interpreter);
++ force_sig(SIGSEGV, current, 0);
+ retval = -ENOEXEC; /* Nobody gets to see this, but.. */
+ goto out_free_dentry;
+ }
Modified: trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-7
===================================================================
--- trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-7 2004-12-21 09:34:50 UTC (rev 2013)
+++ trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-7 2004-12-21 09:55:58 UTC (rev 2014)
@@ -7,3 +7,4 @@
- 093_tty_lockup.diff
- 093_tty_lockup-2.diff
+ 093-tty_lockup-3.diff
++ 097-elf_loader_overflow-3.diff