git://ftp.safe.ca
/
safe
/
jmp
/
linux-2.6
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
CRED: Make execve() take advantage of copy-on-write credentials
[safe/jmp/linux-2.6]
/
fs
/
binfmt_flat.c
diff --git
a/fs/binfmt_flat.c
b/fs/binfmt_flat.c
index
dfc0197
..
7bbd5c6
100644
(file)
--- a/
fs/binfmt_flat.c
+++ b/
fs/binfmt_flat.c
@@
-229,13
+229,13
@@
static int decompress_exec(
ret = 10;
if (buf[3] & EXTRA_FIELD) {
ret += 2 + buf[10] + (buf[11] << 8);
ret = 10;
if (buf[3] & EXTRA_FIELD) {
ret += 2 + buf[10] + (buf[11] << 8);
- if (unlikely(LBUFSIZE
=
= ret)) {
+ if (unlikely(LBUFSIZE
<
= ret)) {
DBG_FLT("binfmt_flat: buffer overflow (EXTRA)?\n");
goto out_free_buf;
}
}
if (buf[3] & ORIG_NAME) {
DBG_FLT("binfmt_flat: buffer overflow (EXTRA)?\n");
goto out_free_buf;
}
}
if (buf[3] & ORIG_NAME) {
-
for (; ret < LBUFSIZE && (buf[ret] != 0); ret++
)
+
while (ret < LBUFSIZE && buf[ret++] != 0
)
;
if (unlikely(LBUFSIZE == ret)) {
DBG_FLT("binfmt_flat: buffer overflow (ORIG_NAME)?\n");
;
if (unlikely(LBUFSIZE == ret)) {
DBG_FLT("binfmt_flat: buffer overflow (ORIG_NAME)?\n");
@@
-243,7
+243,7
@@
static int decompress_exec(
}
}
if (buf[3] & COMMENT) {
}
}
if (buf[3] & COMMENT) {
-
for (; ret < LBUFSIZE && (buf[ret] != 0); ret++
)
+
while (ret < LBUFSIZE && buf[ret++] != 0
)
;
if (unlikely(LBUFSIZE == ret)) {
DBG_FLT("binfmt_flat: buffer overflow (COMMENT)?\n");
;
if (unlikely(LBUFSIZE == ret)) {
DBG_FLT("binfmt_flat: buffer overflow (COMMENT)?\n");
@@
-880,7
+880,7
@@
static int load_flat_binary(struct linux_binprm * bprm, struct pt_regs * regs)
(libinfo.lib_list[j].loaded)?
libinfo.lib_list[j].start_data:UNLOADED_LIB;
(libinfo.lib_list[j].loaded)?
libinfo.lib_list[j].start_data:UNLOADED_LIB;
-
compute
_creds(bprm);
+
install_exec
_creds(bprm);
current->flags &= ~PF_FORKNOEXEC;
set_binfmt(&flat_format);
current->flags &= ~PF_FORKNOEXEC;
set_binfmt(&flat_format);