I can't believe how nonchalant everyone is about this bug. Is there a
definate fix yet? If so, what is it? Will there be a rushed 2.4.11, or
will it languish for a while?
just want to know, so we can patch up our products :)
Tim
In article <200110030040.f930eF921188@http://www.hockin.org>,
Tim Hockin <[email protected]> wrote:
>I can't believe how nonchalant everyone is about this bug. Is there a
>definate fix yet? If so, what is it? Will there be a rushed 2.4.11, or
>will it languish for a while?
Well, the bug is actually ancient. The fix is something along the lines
of the attached, although there are people with prettier versions
(Andrea is looking at other buglets in the ELF loader).
Linus
----
--- pre2/linux/fs/binfmt_elf.c Tue Oct 2 16:24:18 2001
+++ linux/fs/binfmt_elf.c Tue Oct 2 16:23:33 2001
@@ -298,6 +298,8 @@
elf_type |= MAP_FIXED;
map_addr = elf_map(interpreter, load_addr + vaddr, eppnt, elf_prot, elf_type);
+ if (map_addr > TASK_SIZE)
+ goto out_close;
if (!load_addr_set && interp_elf_ex->e_type == ET_DYN) {
load_addr = map_addr - ELF_PAGESTART(vaddr);
@@ -649,6 +651,8 @@
}
error = elf_map(bprm->file, load_bias + vaddr, elf_ppnt, elf_prot, elf_flags);
+ if (error > TASK_SIZE)
+ continue;
if (!load_addr_set) {
load_addr_set = 1;