summaryrefslogtreecommitdiff
path: root/kernel/Kconfig.locks
diff options
context:
space:
mode:
authorKees Cook <keescook@chromium.org>2017-07-11 01:52:54 +0300
committerLinus Torvalds <torvalds@linux-foundation.org>2017-07-11 02:32:36 +0300
commit67c6777a5d331dda32a4c4a1bf0cac85bdaaaed8 (patch)
treec5ae9869b8e0a3e81091bb08597ea54346655824 /kernel/Kconfig.locks
parenta73dc5370e153ac63718d850bddf0c9aa9d871e6 (diff)
downloadlinux-67c6777a5d331dda32a4c4a1bf0cac85bdaaaed8.tar.xz
binfmt_elf: safely increment argv pointers
When building the argv/envp pointers, the envp is needlessly pre-incremented instead of just continuing after the argv pointers are finished. In some (likely impossible) race where the strings could be changed from userspace between copy_strings() and here, it might be possible to confuse the envp position. Instead, just use sp like everything else. Link: http://lkml.kernel.org/r/20170622173838.GA43308@beast Signed-off-by: Kees Cook <keescook@chromium.org> Cc: Rik van Riel <riel@redhat.com> Cc: Daniel Micay <danielmicay@gmail.com> Cc: Qualys Security Advisory <qsa@qualys.com> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: Ingo Molnar <mingo@redhat.com> Cc: "H. Peter Anvin" <hpa@zytor.com> Cc: Alexander Viro <viro@zeniv.linux.org.uk> Cc: Dmitry Safonov <dsafonov@virtuozzo.com> Cc: Andy Lutomirski <luto@amacapital.net> Cc: Grzegorz Andrejczuk <grzegorz.andrejczuk@intel.com> Cc: Masahiro Yamada <yamada.masahiro@socionext.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'kernel/Kconfig.locks')
0 files changed, 0 insertions, 0 deletions