Received: by 2002:ac0:946b:0:0:0:0:0 with SMTP id j40csp2441983imj; Mon, 18 Feb 2019 06:08:44 -0800 (PST) X-Google-Smtp-Source: AHgI3IZ/Crd4h5tOrNwPGVImNcGxkUDdZPjGcWG68NFlh0YPMMBOQNr3lHi1GYSqBIr5bUCPLx++ X-Received: by 2002:a17:902:8348:: with SMTP id z8mr3602213pln.151.1550498924612; Mon, 18 Feb 2019 06:08:44 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1550498924; cv=none; d=google.com; s=arc-20160816; b=BXb1C6rvY6xqnOwJa9t9CZs82uqBlYSnmKZlJzgZjoWbeU23wAgbd7wYHTxPrBi8XY 5E4AE8JBjsiE5iX7z6McIESgE0pscb/cg33fqvQ6T4x136JjUyxZW2+9dV6+zGAThSET QPB0CxSZIfZS7O2andRM+bdQsw/1/yQYP7JPUL0PFeluNd/5EH1oAED2Ce/NaqCIwn2U svgi+5QC5j6PGn3EFepgx3X+qf7ZtQg0ZRfZiCI9WbLC3Vs6gh2yZwnbbNu9r1S4o9wI zx8PO3+Azw2NZYBsJ7E1aLF9UwPusonN45SdTEP+eFvWxvv+vMwYNqGL8RvW8WKaPvcb MYQA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=PgG0BAxNr8qGl9tMkvtGYEYX5Bmd/+7hB4eUgwLYy44=; b=TtOnXsVXahpGFCb9v5iObs0Qkts7z5PWWcJBVuE4F2RV2Ytu1NRO2SskaDxOYA1yZG kZtc9Jzk3wx/S9IrbOQ+o9bK7f3cvcfEA9XV5NRkGMZMsfaqarBPtHfYWnw/1wHyaDcL clCPINozicCtjsTqcWx9DyqOjo0H1pa9OmwSDDbnq6DGCF8U8PDKNNLj23AmdQbq/F4a q84xMpYM/JrQInvxlz274xaXWlrVsOahKxeaqE8yfZF2z6xVWhglwbFAR108uvPNY8Mm n4FDPPn82q97YxMOnvyoJYw+ljkL6pho0jdiZ+oLPvuIfD0KE0w1q9oic4XEUTyuW5kb nH5g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=vfunnmJw; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id v12si5393330pfj.72.2019.02.18.06.08.28; Mon, 18 Feb 2019 06:08:44 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=vfunnmJw; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2389888AbfBROGX (ORCPT + 99 others); Mon, 18 Feb 2019 09:06:23 -0500 Received: from mail.kernel.org ([198.145.29.99]:49404 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2390373AbfBROGV (ORCPT ); Mon, 18 Feb 2019 09:06:21 -0500 Received: from localhost (5356596B.cm-6-7b.dynamic.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 37E65204FD; Mon, 18 Feb 2019 14:06:20 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1550498780; bh=bxUCsppKQQliRysLywHvhkN/35vomT6tbdJNIQWqiMM=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=vfunnmJws7kcK3EPD3eLGruOTYtK3rE3n5mN28CFL/nfqXs4FhjIJQkR6QGuqyLR5 sx/OwRBvWdAZSa97otLxpDw86b6NAnPyCppBzHGpedTyYJLeYh7NJW78Dqw0pQ178j g0/tgAu9lrXfLebGefz//Ol8A2Z8s9q16i81d4ZY= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Samuel Dionne-Riel , Kees Cook , Oleg Nesterov , Linus Torvalds Subject: [PATCH 4.4 118/143] Revert "exec: load_script: dont blindly truncate shebang string" Date: Mon, 18 Feb 2019 14:44:06 +0100 Message-Id: <20190218133533.321469480@linuxfoundation.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190218133529.099444112@linuxfoundation.org> References: <20190218133529.099444112@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review X-Patchwork-Hint: ignore MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.4-stable review patch. If anyone has any objections, please let me know. ------------------ From: Linus Torvalds commit cb5b020a8d38f77209d0472a0fea755299a8ec78 upstream. This reverts commit 8099b047ecc431518b9bb6bdbba3549bbecdc343. It turns out that people do actually depend on the shebang string being truncated, and on the fact that an interpreter (like perl) will often just re-interpret it entirely to get the full argument list. Reported-by: Samuel Dionne-Riel Acked-by: Kees Cook Cc: Oleg Nesterov Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman --- fs/binfmt_script.c | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) --- a/fs/binfmt_script.c +++ b/fs/binfmt_script.c @@ -43,14 +43,10 @@ static int load_script(struct linux_binp fput(bprm->file); bprm->file = NULL; - for (cp = bprm->buf+2;; cp++) { - if (cp >= bprm->buf + BINPRM_BUF_SIZE) - return -ENOEXEC; - if (!*cp || (*cp == '\n')) - break; - } + bprm->buf[BINPRM_BUF_SIZE - 1] = '\0'; + if ((cp = strchr(bprm->buf, '\n')) == NULL) + cp = bprm->buf+BINPRM_BUF_SIZE-1; *cp = '\0'; - while (cp > bprm->buf) { cp--; if ((*cp == ' ') || (*cp == '\t'))