summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorHeiko Carstens <heiko.carstens@de.ibm.com>2006-12-06 20:36:35 -0800
committerLinus Torvalds <torvalds@woody.osdl.org>2006-12-07 08:39:33 -0800
commit841d5fb7c75260f76ae682648b28a3dca724940d (patch)
tree126dd9c646f384674c2cb99080c980fad209278b
parentfec1d0115240593b39898289e6e1413ea6e44a84 (diff)
downloadlwn-841d5fb7c75260f76ae682648b28a3dca724940d.tar.gz
lwn-841d5fb7c75260f76ae682648b28a3dca724940d.zip
[PATCH] binfmt: fix uaccess handling
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-rw-r--r--fs/binfmt_elf.c11
1 files changed, 7 insertions, 4 deletions
diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c
index b2efbaead6c3..68e20d5bfe1b 100644
--- a/fs/binfmt_elf.c
+++ b/fs/binfmt_elf.c
@@ -243,8 +243,9 @@ create_elf_tables(struct linux_binprm *bprm, struct elfhdr *exec,
if (interp_aout) {
argv = sp + 2;
envp = argv + argc + 1;
- __put_user((elf_addr_t)(unsigned long)argv, sp++);
- __put_user((elf_addr_t)(unsigned long)envp, sp++);
+ if (__put_user((elf_addr_t)(unsigned long)argv, sp++) ||
+ __put_user((elf_addr_t)(unsigned long)envp, sp++))
+ return -EFAULT;
} else {
argv = sp;
envp = argv + argc + 1;
@@ -254,7 +255,8 @@ create_elf_tables(struct linux_binprm *bprm, struct elfhdr *exec,
p = current->mm->arg_end = current->mm->arg_start;
while (argc-- > 0) {
size_t len;
- __put_user((elf_addr_t)p, argv++);
+ if (__put_user((elf_addr_t)p, argv++))
+ return -EFAULT;
len = strnlen_user((void __user *)p, PAGE_SIZE*MAX_ARG_PAGES);
if (!len || len > PAGE_SIZE*MAX_ARG_PAGES)
return 0;
@@ -265,7 +267,8 @@ create_elf_tables(struct linux_binprm *bprm, struct elfhdr *exec,
current->mm->arg_end = current->mm->env_start = p;
while (envc-- > 0) {
size_t len;
- __put_user((elf_addr_t)p, envp++);
+ if (__put_user((elf_addr_t)p, envp++))
+ return -EFAULT;
len = strnlen_user((void __user *)p, PAGE_SIZE*MAX_ARG_PAGES);
if (!len || len > PAGE_SIZE*MAX_ARG_PAGES)
return 0;