| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20240320182607.1472887-1-jcmvbkbc@gmail.com> Date: Wed, 20 Mar 2024 11:26:07 -0700 From: Max Filippov <jcmvbkbc@...il.com> To: linux-kernel@...r.kernel.org Cc: linux-mm@...ck.org, linux-fsdevel@...r.kernel.org, Eric Biederman <ebiederm@...ssion.com>, Kees Cook <keescook@...omium.org>, Alexander Viro <viro@...iv.linux.org.uk>, Christian Brauner <brauner@...nel.org>, Jan Kara <jack@...e.cz>, Rich Felker <dalias@...c.org>, Max Filippov <jcmvbkbc@...il.com>, stable@...r.kernel.org Subject: [PATCH] exec: fix linux_binprm::exec in transfer_args_to_stack() In NUMMU kernel the value of linux_binprm::p is the offset inside the temporary program arguments array maintained in separate pages in the linux_binprm::page. linux_binprm::exec being a copy of linux_binprm::p thus must be adjusted when that array is copied to the user stack. Without that adjustment the value passed by the NOMMU kernel to the ELF program in the AT_EXECFN entry of the aux array doesn't make any sense and it may break programs that try to access memory pointed to by that entry. Adjust linux_binprm::exec before the successful return from the transfer_args_to_stack(). Cc: stable@...r.kernel.org Signed-off-by: Max Filippov <jcmvbkbc@...il.com> --- fs/exec.c | 1 + 1 file changed, 1 insertion(+) diff --git a/fs/exec.c b/fs/exec.c index af4fbb61cd53..5ee2545c3e18 100644 --- a/fs/exec.c +++ b/fs/exec.c @@ -895,6 +895,7 @@ int transfer_args_to_stack(struct linux_binprm *bprm, goto out; } + bprm->exec += *sp_location - MAX_ARG_PAGES * PAGE_SIZE; *sp_location = sp; out: -- 2.39.2
Powered by blists - more mailing lists