[PARISC] Fix fs/binfmt_som.c

Fix compilation (missing include of a.out.h) Fix security hole (need to call unshare_files) Signed-off-by: Matthew Wilcox <matthew@wil.cx> Signed-off-by: Kyle McMartin <kyle@parisc-linux.org>

[PARISC] Fix fs/binfmt_som.c
Fix compilation (missing include of a.out.h) Fix security hole (need to call unshare_files) Signed-off-by: Matthew Wilcox <matthew@wil.cx> Signed-off-by: Kyle McMartin <kyle@parisc-linux.org>
Matthew Wilcox · Matthew Wilcox
1 parent 8d0b7d1055
Showing 1 changed file with 16 additions and 2 deletions Side-by-side Diff
fs/binfmt_som.c
@@ -29,6 +29,7 @@
 #include <linux/personality.h>
 #include <linux/init.h>
  
+#include <asm/a.out.h>
 #include <asm/uaccess.h>
 #include <asm/pgtable.h>
  
@@ -194,6 +195,7 @@
 	unsigned long som_entry;
 	struct som_hdr *som_ex;
 	struct som_exec_auxhdr *hpuxhdr;
+	struct files_struct *files;
  
 	/* Get the exec-header */
 	som_ex = (struct som_hdr *) bprm->buf;
  
  
@@ -208,15 +210,27 @@
 	size = som_ex->aux_header_size;
 	if (size > SOM_PAGESIZE)
 		goto out;
-	hpuxhdr = (struct som_exec_auxhdr *) kmalloc(size, GFP_KERNEL);
+	hpuxhdr = kmalloc(size, GFP_KERNEL);
 	if (!hpuxhdr)
 		goto out;
  
 	retval = kernel_read(bprm->file, som_ex->aux_header_location,
 			(char *) hpuxhdr, size);
+	if (retval != size) {
+		if (retval >= 0)
+			retval = -EIO;
+		goto out_free;
+	}
+
+	files = current->files; /* Refcounted so ok */
+	retval = unshare_files();
 	if (retval < 0)
 		goto out_free;
-#error "Fix security hole before enabling me"
+	if (files == current->files) {
+		put_files_struct(files);
+		files = NULL;
+	}
+
 	retval = get_unused_fd();
 	if (retval < 0)
 		goto out_free;
...	...	@@ -29,6 +29,7 @@
29	29	#include <linux/personality.h>
30	30	#include <linux/init.h>
31	31
	32	+#include <asm/a.out.h>
32	33	#include <asm/uaccess.h>
33	34	#include <asm/pgtable.h>
34	35
...	...	@@ -194,6 +195,7 @@
194	195	unsigned long som_entry;
195	196	struct som_hdr *som_ex;
196	197	struct som_exec_auxhdr *hpuxhdr;
	198	+ struct files_struct *files;
197	199
198	200	/* Get the exec-header */
199	201	som_ex = (struct som_hdr *) bprm->buf;
200	202
201	203
...	...	@@ -208,15 +210,27 @@
208	210	size = som_ex->aux_header_size;
209	211	if (size > SOM_PAGESIZE)
210	212	goto out;
211		- hpuxhdr = (struct som_exec_auxhdr *) kmalloc(size, GFP_KERNEL);
	213	+ hpuxhdr = kmalloc(size, GFP_KERNEL);
212	214	if (!hpuxhdr)
213	215	goto out;
214	216
215	217	retval = kernel_read(bprm->file, som_ex->aux_header_location,
216	218	(char *) hpuxhdr, size);
	219	+ if (retval != size) {
	220	+ if (retval >= 0)
	221	+ retval = -EIO;
	222	+ goto out_free;
	223	+ }
	224	+
	225	+ files = current->files; /* Refcounted so ok */
	226	+ retval = unshare_files();
217	227	if (retval < 0)
218	228	goto out_free;
219		-#error "Fix security hole before enabling me"
	229	+ if (files == current->files) {
	230	+ put_files_struct(files);
	231	+ files = NULL;
	232	+ }
	233	+
220	234	retval = get_unused_fd();
221	235	if (retval < 0)
222	236	goto out_free;