r2017 - in trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian: . patches patches/series
Simon Horman
horms@haydn.debian.org
Wed, 22 Dec 2004 06:34:42 -0700
Author: horms
Date: 2004-12-22 06:33:58 -0700 (Wed, 22 Dec 2004)
New Revision: 2017
Added:
trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/097-elf_loader_overflow-3.diff
trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/097-elf_loader_overflow-4.diff
Modified:
trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog
trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-7
Log:
readded elf update
Modified: trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog
===================================================================
--- trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog 2004-12-21 12:48:46 UTC (rev 2016)
+++ trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog 2004-12-22 13:33:58 UTC (rev 2017)
@@ -1,4 +1,4 @@
-kernel-source-2.4.27 (2.4.27-7) unstable; urgency=low
+kernel-source-2.4.27 (2.4.27-7) UNRELEASED; urgency=low
* 113-unix-serialization.diff:
Security: Add missing serialization to unix_dgram_recvmsg() which otherwise
@@ -16,9 +16,12 @@
* 119-acpi_early-build.diff: Build fix for ACPI
(Closes: #286226) (Simon Horman)
* 093-tty_lockup-3.diff: Updateded patch for race conditions in
- linux terminal subsystem from uptream (CAN-2004-0814) (Simon Horman)
+ linux terminal subsystem from uptream (CAN-2004-0814) (Simon Horman)
+ * 097-elf_loader_overflow-3.diff, 097-elf_loader_overflow-4.diff:
+ Update ELF loader error handling and check for invalid binaries.
+ (Simon Horman)
- -- Simon Horman <horms@debian.org> Tue, 21 Dec 2004 21:47:14 +0900
+ -- Simon Horman <horms@debian.org> Wed, 22 Dec 2004 11:17:55 +0900
kernel-source-2.4.27 (2.4.27-6) unstable; urgency=low
Added: trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/097-elf_loader_overflow-3.diff
===================================================================
--- trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/097-elf_loader_overflow-3.diff 2004-12-21 12:48:46 UTC (rev 2016)
+++ trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/097-elf_loader_overflow-3.diff 2004-12-22 13:33:58 UTC (rev 2017)
@@ -0,0 +1,88 @@
+# origin: solar (BitKeeper)
+# cset: 1.1548 (2.4) key=41c67d3cIULXQlKnQTNeoBV6YoTRQw
+# inclusion: upstream
+# descrition: [PATCH] binfmt_elf fix return error codes and early corrupt binary detection
+# revision date: Tue, 21 Dec 2004 18:45:42 +0900
+#
+# S rset: ChangeSet|1.1547..1.1548
+# I rset: fs/binfmt_elf.c|1.35..1.36
+#
+# This is a BitKeeper generated diff -Nru style patch.
+#
+# ChangeSet
+# 2004/12/20 05:20:28-02:00 solar@openwall.com
+# [PATCH] binfmt_elf fix return error codes and early corrupt binary detection
+#
+# fs/binfmt_elf.c
+# 2004/12/17 16:17:46-02:00 solar@openwall.com +17 -7
+# binfmt_elf fix return errors code and early corrupt binary detection
+#
+#
+===== fs/binfmt_elf.c 1.35 vs 1.36 =====
+--- 1.35/fs/binfmt_elf.c 2004-10-16 20:16:38 +09:00
++++ 1.36/fs/binfmt_elf.c 2004-12-18 03:17:46 +09:00
+@@ -383,6 +383,12 @@
+ }
+
+ *interp_load_addr = load_addr;
++ /*
++ * XXX: is everything deallocated properly if this happens
++ * to be ~0UL (that is, we succeeded, but the header is broken
++ * and thus the caller will think that we failed)? We'd better
++ * switch to out-of-band error reporting.
++ */
+ error = ((unsigned long) interp_elf_ex->e_entry) + load_addr;
+
+ out_close:
+@@ -483,12 +489,13 @@
+
+ /* Now read in all of the header information */
+
+- retval = -ENOMEM;
+ if (elf_ex.e_phentsize != sizeof(struct elf_phdr))
+ goto out;
+- if (elf_ex.e_phnum > 65536U / sizeof(struct elf_phdr))
++ if (elf_ex.e_phnum < 1 ||
++ elf_ex.e_phnum > 65536U / sizeof(struct elf_phdr))
+ goto out;
+ size = elf_ex.e_phnum * sizeof(struct elf_phdr);
++ retval = -ENOMEM;
+ elf_phdata = (struct elf_phdr *) kmalloc(size, GFP_KERNEL);
+ if (!elf_phdata)
+ goto out;
+@@ -534,10 +541,12 @@
+ * is an a.out format binary
+ */
+
+- retval = -ENOMEM;
++ retval = -ENOEXEC;
+ if (elf_ppnt->p_filesz > PATH_MAX ||
+- elf_ppnt->p_filesz == 0)
++ elf_ppnt->p_filesz < 2)
+ goto out_free_file;
++
++ retval = -ENOMEM;
+ elf_interpreter = (char *) kmalloc(elf_ppnt->p_filesz,
+ GFP_KERNEL);
+ if (!elf_interpreter)
+@@ -552,7 +561,7 @@
+ goto out_free_interp;
+ }
+ /* make sure path is NULL terminated */
+- retval = -EINVAL;
++ retval = -ENOEXEC;
+ if (elf_interpreter[elf_ppnt->p_filesz - 1] != '\0')
+ goto out_free_interp;
+
+@@ -795,8 +804,9 @@
+ interpreter,
+ &interp_load_addr);
+ if (BAD_ADDR(elf_entry)) {
+- printk(KERN_ERR "Unable to load interpreter\n");
+- send_sig(SIGSEGV, current, 0);
++ printk(KERN_ERR "Unable to load interpreter %.128s\n",
++ elf_interpreter);
++ force_sig(SIGSEGV, current, 0);
+ retval = -ENOEXEC; /* Nobody gets to see this, but.. */
+ goto out_free_dentry;
+ }
Added: trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/097-elf_loader_overflow-4.diff
===================================================================
--- trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/097-elf_loader_overflow-4.diff 2004-12-21 12:48:46 UTC (rev 2016)
+++ trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/097-elf_loader_overflow-4.diff 2004-12-22 13:33:58 UTC (rev 2017)
@@ -0,0 +1,45 @@
+# origin: horms (BitKeeper)
+# cset: 1.1530 (2.4) key=41c7fcec2_zU8vXOtj5_oVAvgUVI0w
+# inclusion: upstream
+# descrition: [PATCH] binfmt_elf force_sig arguments fix
+# revision date: Wed, 22 Dec 2004 11:10:36 +0900
+#
+# S rset: ChangeSet|1.1529..1.1530
+# I rset: fs/binfmt_elf.c|1.36..1.37
+#
+# This is a BitKeeper generated diff -Nru style patch.
+#
+# fs/binfmt_elf.c
+# 2004/12/21 10:21:25-02:00 horms@verge.net.au +1 -1
+# binfmt_elf force_sig arguments fix
+#
+# ChangeSet
+# 2004/12/21 08:37:32-02:00 horms@verge.net.au
+# [PATCH] binfmt_elf force_sig arguments fix
+#
+# There appears to be a small error in the change that was recently
+# applied to fs/binfmt_elf.c to fix error codes and eraly corrupt
+# binary detection.
+#
+# The patch includes changing a send_sig() call to a force_sig() call in
+# load_elf_binary(). However force_sig() only accepts 2 arguments, and
+# thus the patch causes the build to fail.
+#
+# I propose the following patch to simply remove the extra argument to
+# force_sig(), which I beleive will give a sensible result. That or
+# change the call back to send_sig(), though I assume it was changed to
+# force_sig() for a reason.
+#
+#
+===== fs/binfmt_elf.c 1.36 vs 1.37 =====
+--- 1.36/fs/binfmt_elf.c 2004-12-18 03:17:46 +09:00
++++ 1.37/fs/binfmt_elf.c 2004-12-21 21:21:25 +09:00
+@@ -806,7 +806,7 @@
+ if (BAD_ADDR(elf_entry)) {
+ printk(KERN_ERR "Unable to load interpreter %.128s\n",
+ elf_interpreter);
+- force_sig(SIGSEGV, current, 0);
++ force_sig(SIGSEGV, current);
+ retval = -ENOEXEC; /* Nobody gets to see this, but.. */
+ goto out_free_dentry;
+ }
Modified: trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-7
===================================================================
--- trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-7 2004-12-21 12:48:46 UTC (rev 2016)
+++ trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-7 2004-12-22 13:33:58 UTC (rev 2017)
@@ -7,3 +7,5 @@
- 093_tty_lockup.diff
- 093_tty_lockup-2.diff
+ 093-tty_lockup-3.diff
++ 097-elf_loader_overflow-3.diff
++ 097-elf_loader_overflow-4.diff