Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S261489AbVCRIP4 (ORCPT ); Fri, 18 Mar 2005 03:15:56 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S261490AbVCRIP4 (ORCPT ); Fri, 18 Mar 2005 03:15:56 -0500 Received: from smtp1.Stanford.EDU ([171.67.16.123]:13448 "EHLO smtp1.Stanford.EDU") by vger.kernel.org with ESMTP id S261489AbVCRIPx (ORCPT ); Fri, 18 Mar 2005 03:15:53 -0500 Date: Fri, 18 Mar 2005 00:15:51 -0800 (PST) From: Yichen Xie X-X-Sender: yxie@localhost.localdomain To: linux-kernel@vger.kernel.org Subject: Potential DOS in load_elf_library? Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 614 Lines: 16 Hi guys, I was looking at the load_elf_library function (fs/binfmt_elf.c) in 2.6.10, and noticed the following: elf_phdata = (struct elf_phdr *) kmalloc(j, GFP_KERNEL); ... while (elf_phdata->p_type != PT_LOAD) elf_phdata++; ... kfree(elf_phdata); Could this be problematic since the pointer being freed might be different from that returned from kmalloc? - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/