leandrof/linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
8099b047ec
linux/fs
History
Oleg Nesterov 8099b047ec exec: load_script: don't blindly truncate shebang string 
load_script() simply truncates bprm->buf and this is very wrong if the
length of shebang string exceeds BINPRM_BUF_SIZE-2.  This can silently
truncate i_arg or (worse) we can execute the wrong binary if buf[2:126]
happens to be the valid executable path.

Change load_script() to return ENOEXEC if it can't find '\n' or zero in
bprm->buf.  Note that '\0' can come from either
prepare_binprm()->memset() or from kernel_read(), we do not care.

Link: http://lkml.kernel.org/r/20181112160931.GA28463@redhat.com
Signed-off-by: Oleg Nesterov <oleg@redhat.com>
Acked-by: Kees Cook <keescook@chromium.org>
Acked-by: Michal Hocko <mhocko@suse.com>
Cc: Ben Woodard <woodard@redhat.com>
Cc: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2019-01-04 13:13:47 -08:00
..
9p Merge branch 'work.afs' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2018-11-01 19:58:52 -07:00
adfs
affs
afs Merge branch 'fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2018-11-30 10:47:50 -08:00
autofs autofs: add strictexpire mount option 2019-01-04 13:13:47 -08:00
befs
bfs bfs: add sanity check at bfs_fill_super() 2018-11-03 10:09:38 -07:00
btrfs btrfs: Fix typos in comments and strings 2018-12-17 14:51:50 +01:00
cachefiles fscache, cachefiles: remove redundant variable 'cache' 2018-11-30 16:00:58 +00:00
ceph mm: convert totalram_pages and totalhigh_pages variables to atomic 2018-12-28 12:11:47 -08:00
cifs 4 fixes for stable, improvements to DFS including allowing failover to alternate targets, and some small performance improvements 2019-01-02 12:08:29 -08:00
coda
configfs
cramfs Make the Cramfs code more robust against filesystem corruptions, 2018-10-30 12:46:25 -07:00
crypto
debugfs
devpts
dlm dlm: fix invalid cluster name warning 2018-12-03 15:30:24 -06:00
ecryptfs ecryptfs_rename(): verify that lower dentries are still OK after lock_rename() 2018-10-09 23:33:17 -04:00
efivarfs
efs
exofs fs/exofs: only use true/false for asignment of bool type variable 2018-10-18 02:04:59 -04:00
exportfs exportfs: do not read dentry after free 2018-11-23 09:08:17 -05:00
ext2 \n 2018-12-27 17:00:35 -08:00
ext4 for-4.21/block-20181221 2018-12-28 13:19:59 -08:00
f2fs f2fs-for-4.21-rc1 2018-12-31 09:41:37 -08:00
fat fat: new inline functions to determine the FAT variant (32, 16 or 12) 2019-01-04 13:13:47 -08:00
freevxfs
fscache fscache: fix race between enablement and dropping of object 2018-11-30 15:57:31 +00:00
fuse mm: convert totalram_pages and totalhigh_pages variables to atomic 2018-12-28 12:11:47 -08:00
gfs2 File locking changes for v4.21 2018-12-27 17:12:30 -08:00
hfs hfs: do not free node before using 2018-11-30 14:56:14 -08:00
hfsplus hfsplus: return file attributes on statx 2019-01-04 13:13:47 -08:00
hostfs
hpfs
hugetlbfs hugetlbfs: Use i_mmap_rwsem to fix page fault/truncate race 2018-12-28 12:11:52 -08:00
isofs
jbd2 jbd2: clean up indentation issue, replace spaces with tab 2018-12-04 00:20:10 -05:00
jffs2 jffs2: Fix use of uninitialized delayed_work, lockdep breakage 2018-12-02 09:20:34 +01:00
jfs
kernfs kernfs: Improve kernfs_notify() poll notification latency 2018-11-27 11:59:33 +01:00
lockd NFS client updates for Linux 4.21 2019-01-02 16:35:23 -08:00
minix
nfs NFS client updates for Linux 4.21 2019-01-02 16:35:23 -08:00
nfs_common
nfsd NFS client updates for Linux 4.21 2019-01-02 16:35:23 -08:00
nilfs2 nilfs2: Use xa_erase_irq 2018-11-05 14:57:05 -05:00
nls
notify fanotify: Use inode_is_open_for_write 2018-12-11 10:55:45 +01:00
ntfs mm: convert totalram_pages and totalhigh_pages variables to atomic 2018-12-28 12:11:47 -08:00
ocfs2 ocfs2: don't clear bh uptodate for block read 2018-12-28 12:11:46 -08:00
omfs
openpromfs fs/openpromfs: Use of_node_name_eq for node name comparisons 2018-11-18 13:35:19 -08:00
orangefs Merge branch 'work.afs' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2018-11-01 19:58:52 -07:00
overlayfs Revert "ovl: relax permission checking on underlying layers" 2018-12-04 11:31:30 +01:00
proc fs/proc/base.c: slightly faster /proc/*/limits 2019-01-04 13:13:45 -08:00
pstore pstore/ram: Avoid NULL deref in ftrace merging failure path 2018-12-03 17:11:02 -08:00
qnx4
qnx6
quota quota: Lock s_umount in exclusive mode for Q_XQUOTA{ON,OFF} quotactls. 2018-12-18 18:29:15 +01:00
ramfs
reiserfs reiserfs: remove workaround code for GCC 3.x 2018-10-31 08:54:14 -07:00
romfs
squashfs
sysfs sysfs: constify sysfs create/remove files harder 2018-12-03 18:18:19 +02:00
sysv sysv: return 'err' instead of 0 in __sysv_write_inode 2018-11-10 08:02:40 -05:00
tracefs
ubifs mm: migrate: drop unused argument of migrate_page_move_mapping() 2018-12-28 12:11:51 -08:00
udf \n 2018-12-27 17:00:35 -08:00
ufs
xfs xfs: reallocate realtime summary cache on growfs 2018-12-21 18:45:18 -08:00
aio.c Merge branch 'akpm' (patches from Andrew) 2018-12-28 16:55:46 -08:00
anon_inodes.c
attr.c
bad_inode.c
binfmt_aout.c
binfmt_elf_fdpic.c
binfmt_elf.c signal: Distinguish between kernel_siginfo and siginfo 2018-10-03 16:47:43 +02:00
binfmt_em86.c
binfmt_flat.c
binfmt_misc.c
binfmt_script.c exec: load_script: don't blindly truncate shebang string 2019-01-04 13:13:47 -08:00
block_dev.c block: don't use un-ordered __set_current_state(TASK_UNINTERRUPTIBLE) 2019-01-02 10:46:03 -08:00
buffer.c blkcg: associate writeback bios with a blkg 2018-12-07 22:26:37 -07:00
char_dev.c
compat_binfmt_elf.c
compat_ioctl.c media updates for v4.20-rc1 2018-10-29 14:29:58 -07:00
compat.c
coredump.c signal: Distinguish between kernel_siginfo and siginfo 2018-10-03 16:47:43 +02:00
d_path.c
dax.c dax fix 4.21 2018-12-31 09:46:39 -08:00
dcache.c mm: remove include/linux/bootmem.h 2018-10-31 08:54:16 -07:00
dcookies.c
direct-io.c Linux 4.20-rc5 2018-12-04 09:38:05 -07:00
drop_caches.c
eventfd.c
eventpoll.c fs/epoll: deal with wait_queue only once 2019-01-04 13:13:46 -08:00
exec.c Revert "exec: make de_thread() freezable" 2018-12-04 16:04:20 +01:00
fcntl.c signal: Distinguish between kernel_siginfo and siginfo 2018-10-03 16:47:43 +02:00
fhandle.c
file_table.c mm: convert totalram_pages and totalhigh_pages variables to atomic 2018-12-28 12:11:47 -08:00
file.c Char/Misc driver patches for 4.21-rc1 2018-12-28 20:54:57 -08:00
filesystems.c
fs_pin.c
fs_struct.c
fs-writeback.c fs: Convert writeback to XArray 2018-10-21 10:46:42 -04:00
inode.c y2038: more syscalls and cleanups 2018-12-28 12:45:04 -08:00
internal.h
ioctl.c vfs: rework data cloning infrastructure 2018-11-02 09:33:08 -07:00
iomap.c block: don't use un-ordered __set_current_state(TASK_UNINTERRUPTIBLE) 2019-01-02 10:46:03 -08:00
Kconfig
Kconfig.binfmt
libfs.c
locks.c locks: Use inode_is_open_for_write 2018-12-17 07:19:46 -05:00
Makefile
mbcache.c
mount.h
mpage.c
namei.c Revert "vfs: Allow userns root to call mknod on owned filesystems." 2018-12-22 14:18:34 -08:00
namespace.c mnt: fix __detach_mounts infinite loop 2018-11-12 01:02:34 -06:00
no-block.c
nsfs.c
open.c
pipe.c
pnode.c
pnode.h
posix_acl.c
proc_namespace.c
read_write.c vfs: allow some remap flags to be passed to vfs_clone_file_range 2018-12-04 08:50:49 -08:00
readdir.c
select.c pselect6: use __kernel_timespec 2018-12-06 17:23:18 +01:00
seq_file.c
signalfd.c signal: Distinguish between kernel_siginfo and siginfo 2018-10-03 16:47:43 +02:00
splice.c splice: don't read more than available pipe space 2018-12-04 08:50:49 -08:00
stack.c
stat.c
statfs.c
super.c
sync.c
timerfd.c
userfaultfd.c userfaultfd: clear flag if remap event not enabled 2018-12-28 12:11:51 -08:00
utimes.c
xattr.c