lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 20 Jul 2016 15:22:32 -0400 From: Nicolas Pitre <nicolas.pitre@...aro.org> To: linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org Cc: Alexander Viro <viro@...iv.linux.org.uk>, David Howells <dhowells@...hat.com>, Greg Ungerer <gerg@...ux-m68k.org> Subject: [PATCH v4 03/12] binfmt_flat: prevent kernel dammage from corrupted executable headers Signed-off-by: Nicolas Pitre <nico@...aro.org> --- fs/binfmt_flat.c | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/fs/binfmt_flat.c b/fs/binfmt_flat.c index c3ccdefdea..03301bad1f 100644 --- a/fs/binfmt_flat.c +++ b/fs/binfmt_flat.c @@ -466,6 +466,17 @@ static int load_flat_file(struct linux_binprm *bprm, } /* + * Make sure the header params are sane. + * 28 bits (256 MB) is way more than reasonable in this case. + * If some top bits are set we have probable binary corruption. + */ + if ((text_len | data_len | bss_len | stack_len | full_data) >> 28) { + pr_err("bad header\n"); + ret = -ENOEXEC; + goto err; + } + + /* * fix up the flags for the older format, there were all kinds * of endian hacks, this only works for the simple cases */ -- 2.7.4
Powered by blists - more mailing lists