r2014 - in trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian: . patches patches/series

Simon Horman horms@haydn.debian.org
Tue, 21 Dec 2004 02:56:33 -0700 

Author: horms
Date: 2004-12-21 02:55:58 -0700 (Tue, 21 Dec 2004)
New Revision: 2014

Added:
   trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/097-elf_loader_overflow-3.diff
Modified:
   trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog
   trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-7
Log:
Update ELF loader error handling and check for invalid binaries.

Modified: trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog
===================================================================
--- trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog	2004-12-21 09:34:50 UTC (rev 2013)
+++ trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog	2004-12-21 09:55:58 UTC (rev 2014)
@@ -15,10 +15,13 @@
     (CAN-2004-1137) (dann frazier)
   * 119-acpi_early-build.diff: Build fix for ACPI
     (Closes: #286226) (Simon Horman)
-  * 093-tty_lockup-3.diff: Updateded patch for race conditions in 
+  * 093-tty_lockup-3.diff: Updateded patch for race conditions in
       linux terminal subsystem from uptream (CAN-2004-0814) (Simon Horman)
+  * 097-elf_loader_overflow-3.diff: 
+    Update ELF loader error handling and check for invalid binaries. 
+    (Simon Horman)
 
- -- Simon Horman <horms@debian.org>  Tue, 21 Dec 2004 18:27:09 +0900
+ -- Simon Horman <horms@debian.org>  Tue, 21 Dec 2004 18:49:44 +0900
 
 kernel-source-2.4.27 (2.4.27-6) unstable; urgency=low
 

Added: trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/097-elf_loader_overflow-3.diff
===================================================================
--- trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/097-elf_loader_overflow-3.diff	2004-12-21 09:34:50 UTC (rev 2013)
+++ trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/097-elf_loader_overflow-3.diff	2004-12-21 09:55:58 UTC (rev 2014)
@@ -0,0 +1,88 @@
+# origin: solar (BitKeeper)
+# cset: 1.1548 (2.4) key=41c67d3cIULXQlKnQTNeoBV6YoTRQw
+# inclusion: upstream
+# descrition: [PATCH] binfmt_elf fix return error codes and early corrupt binary detection
+# revision date: Tue, 21 Dec 2004 18:45:42 +0900
+#
+# S rset: ChangeSet|1.1547..1.1548
+# I rset: fs/binfmt_elf.c|1.35..1.36
+#
+# This is a BitKeeper generated diff -Nru style patch.
+#
+# ChangeSet
+#   2004/12/20 05:20:28-02:00 solar@openwall.com 
+#   [PATCH] binfmt_elf fix return error codes and early corrupt binary detection
+# 
+# fs/binfmt_elf.c
+#   2004/12/17 16:17:46-02:00 solar@openwall.com +17 -7
+#   binfmt_elf fix return errors code and early corrupt binary detection
+# 
+#
+===== fs/binfmt_elf.c 1.35 vs 1.36 =====
+--- 1.35/fs/binfmt_elf.c	2004-10-16 20:16:38 +09:00
++++ 1.36/fs/binfmt_elf.c	2004-12-18 03:17:46 +09:00
+@@ -383,6 +383,12 @@
+ 	}
+ 
+ 	*interp_load_addr = load_addr;
++	/*
++	 * XXX: is everything deallocated properly if this happens
++	 * to be ~0UL (that is, we succeeded, but the header is broken
++	 * and thus the caller will think that we failed)? We'd better
++	 * switch to out-of-band error reporting.
++	 */
+ 	error = ((unsigned long) interp_elf_ex->e_entry) + load_addr;
+ 
+ out_close:
+@@ -483,12 +489,13 @@
+ 
+ 	/* Now read in all of the header information */
+ 
+-	retval = -ENOMEM;
+ 	if (elf_ex.e_phentsize != sizeof(struct elf_phdr))
+ 		goto out;
+-	if (elf_ex.e_phnum > 65536U / sizeof(struct elf_phdr))
++	if (elf_ex.e_phnum < 1 ||
++	    elf_ex.e_phnum > 65536U / sizeof(struct elf_phdr))
+ 		goto out;
+ 	size = elf_ex.e_phnum * sizeof(struct elf_phdr);
++	retval = -ENOMEM;
+ 	elf_phdata = (struct elf_phdr *) kmalloc(size, GFP_KERNEL);
+ 	if (!elf_phdata)
+ 		goto out;
+@@ -534,10 +541,12 @@
+ 			 * is an a.out format binary
+ 			 */
+ 
+-			retval = -ENOMEM;
++			retval = -ENOEXEC;
+ 			if (elf_ppnt->p_filesz > PATH_MAX || 
+-			    elf_ppnt->p_filesz == 0)
++			    elf_ppnt->p_filesz < 2)
+ 				goto out_free_file;
++
++			retval = -ENOMEM;
+ 			elf_interpreter = (char *) kmalloc(elf_ppnt->p_filesz,
+ 							   GFP_KERNEL);
+ 			if (!elf_interpreter)
+@@ -552,7 +561,7 @@
+ 				goto out_free_interp;
+ 			}
+ 			/* make sure path is NULL terminated */
+-			retval = -EINVAL;
++			retval = -ENOEXEC;
+ 			if (elf_interpreter[elf_ppnt->p_filesz - 1] != '\0')
+ 				goto out_free_interp;
+ 
+@@ -795,8 +804,9 @@
+ 						    interpreter,
+ 						    &interp_load_addr);
+ 		if (BAD_ADDR(elf_entry)) {
+-			printk(KERN_ERR "Unable to load interpreter\n");
+-			send_sig(SIGSEGV, current, 0);
++			printk(KERN_ERR "Unable to load interpreter %.128s\n",
++				elf_interpreter);
++			force_sig(SIGSEGV, current, 0);
+ 			retval = -ENOEXEC; /* Nobody gets to see this, but.. */
+ 			goto out_free_dentry;
+ 		}

Modified: trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-7
===================================================================
--- trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-7	2004-12-21 09:34:50 UTC (rev 2013)
+++ trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-7	2004-12-21 09:55:58 UTC (rev 2014)
@@ -7,3 +7,4 @@
 - 093_tty_lockup.diff
 - 093_tty_lockup-2.diff
 + 093-tty_lockup-3.diff
++ 097-elf_loader_overflow-3.diff