Re: [PATCH next] binfmt_elf: Fix potential Oops in load_elf_binary()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed 11-12-24 12:21:39, Dan Carpenter wrote:
> This function call was changed from allow_write_access() which has a NULL
> check to exe_file_allow_write_access() which doesn't.  Check for NULL
> before calling it.
> 
> Fixes: 871387b27c20 ("fs: don't block write during exec on pre-content watched files")
> Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>

Thanks for noticing! I've opted to change exe_file_allow_write_access() to
check for NULL instead to be 1:1 replacement for allow_write_access().
Because bugs like this one are very easy to introduce.

								Honza

> ---
>  fs/binfmt_elf.c | 5 +++--
>  1 file changed, 3 insertions(+), 2 deletions(-)
> 
> diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c
> index 8054f44d39cf..db9cb4c20125 100644
> --- a/fs/binfmt_elf.c
> +++ b/fs/binfmt_elf.c
> @@ -1354,9 +1354,10 @@ static int load_elf_binary(struct linux_binprm *bprm)
>  	kfree(interp_elf_ex);
>  	kfree(interp_elf_phdata);
>  out_free_file:
> -	exe_file_allow_write_access(interpreter);
> -	if (interpreter)
> +	if (interpreter) {
> +		exe_file_allow_write_access(interpreter);
>  		fput(interpreter);
> +	}
>  out_free_ph:
>  	kfree(elf_phdata);
>  	goto out;
> -- 
> 2.45.2
> 
-- 
Jan Kara <jack@xxxxxxxx>
SUSE Labs, CR




[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Bugtraq]     [Linux OMAP]     [Linux MIPS]     [eCos]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux