aboutsummaryrefslogtreecommitdiff
path: root/fs/binfmt_som.c
diff options
context:
space:
mode:
Diffstat (limited to 'fs/binfmt_som.c')
-rw-r--r--fs/binfmt_som.c18
1 files changed, 16 insertions, 2 deletions
diff --git a/fs/binfmt_som.c b/fs/binfmt_som.c
index 32b5d625ce9..5bcdaaf4eae 100644
--- a/fs/binfmt_som.c
+++ b/fs/binfmt_som.c
@@ -29,6 +29,7 @@
#include <linux/personality.h>
#include <linux/init.h>
+#include <asm/a.out.h>
#include <asm/uaccess.h>
#include <asm/pgtable.h>
@@ -194,6 +195,7 @@ load_som_binary(struct linux_binprm * bprm, struct pt_regs * regs)
unsigned long som_entry;
struct som_hdr *som_ex;
struct som_exec_auxhdr *hpuxhdr;
+ struct files_struct *files;
/* Get the exec-header */
som_ex = (struct som_hdr *) bprm->buf;
@@ -208,15 +210,27 @@ load_som_binary(struct linux_binprm * bprm, struct pt_regs * regs)
size = som_ex->aux_header_size;
if (size > SOM_PAGESIZE)
goto out;
- hpuxhdr = (struct som_exec_auxhdr *) kmalloc(size, GFP_KERNEL);
+ hpuxhdr = kmalloc(size, GFP_KERNEL);
if (!hpuxhdr)
goto out;
retval = kernel_read(bprm->file, som_ex->aux_header_location,
(char *) hpuxhdr, size);
+ if (retval != size) {
+ if (retval >= 0)
+ retval = -EIO;
+ goto out_free;
+ }
+
+ files = current->files; /* Refcounted so ok */
+ retval = unshare_files();
if (retval < 0)
goto out_free;
-#error "Fix security hole before enabling me"
+ if (files == current->files) {
+ put_files_struct(files);
+ files = NULL;
+ }
+
retval = get_unused_fd();
if (retval < 0)
goto out_free;