diff options
author | Al Viro <viro@zeniv.linux.org.uk> | 2008-05-10 16:38:25 -0400 |
---|---|---|
committer | Al Viro <viro@zeniv.linux.org.uk> | 2008-05-16 17:23:05 -0400 |
commit | 08a6fac1c63233c87eec129938022f1a9a4d51f6 (patch) | |
tree | 4fd7a2a906cf5ca0a42b3b8cb30351465f0f6cee /fs/exec.c | |
parent | 5f719558edf9c84bfbb1f7ad37e84c483282d09f (diff) | |
download | lwn-08a6fac1c63233c87eec129938022f1a9a4d51f6.tar.gz lwn-08a6fac1c63233c87eec129938022f1a9a4d51f6.zip |
[PATCH] get rid of leak in compat_execve()
Even though copy_compat_strings() doesn't cache the pages,
copy_strings_kernel() and stuff indirectly called by e.g.
->load_binary() is doing that, so we need to drop the
cache contents in the end.
[found by WANG Cong <wangcong@zeuux.org>]
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Diffstat (limited to 'fs/exec.c')
-rw-r--r-- | fs/exec.c | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/fs/exec.c b/fs/exec.c index 1f8a24aa1f8b..3c2ba7ce11d4 100644 --- a/fs/exec.c +++ b/fs/exec.c @@ -1251,6 +1251,12 @@ int search_binary_handler(struct linux_binprm *bprm,struct pt_regs *regs) EXPORT_SYMBOL(search_binary_handler); +void free_bprm(struct linux_binprm *bprm) +{ + free_arg_pages(bprm); + kfree(bprm); +} + /* * sys_execve() executes a new program. */ @@ -1320,17 +1326,15 @@ int do_execve(char * filename, retval = search_binary_handler(bprm,regs); if (retval >= 0) { /* execve success */ - free_arg_pages(bprm); security_bprm_free(bprm); acct_update_integrals(current); - kfree(bprm); + free_bprm(bprm); if (displaced) put_files_struct(displaced); return retval; } out: - free_arg_pages(bprm); if (bprm->security) security_bprm_free(bprm); @@ -1344,7 +1348,7 @@ out_file: fput(bprm->file); } out_kfree: - kfree(bprm); + free_bprm(bprm); out_files: if (displaced) |