Without this fix, if we try to run a script that contains only the
interpreter line, the interpreter is executed with one extra empty
argument.
The code is written so that i_end has to be set to the end of valuable
data in the buffer.
Fixes: ccbb18b67323 ("exec/binfmt_script: Don't modify bprm->buf and then return -ENOEXEC")
Cc: "Eric W. Biederman" <ebiederm@xxxxxxxxxxxx>
Signed-off-by: Andrei Vagin <avagin@xxxxxxxxx>
---
fs/binfmt_script.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/fs/binfmt_script.c b/fs/binfmt_script.c
index 1b6625e95958..e242680f96e1 100644
--- a/fs/binfmt_script.c
+++ b/fs/binfmt_script.c
@@ -68,6 +68,9 @@ static int load_script(struct linux_binprm *bprm)
if (!next_terminator(i_end, buf_end))
return -ENOEXEC;
i_end = buf_end;
+ /* Trim zero bytes from i_end */
+ while (i_end[-1] == 0)
+ i_end--;
}
/* Trim any trailing spaces/tabs from i_end */
while (spacetab(i_end[-1]))
--
2.31.1
