exec: kill "int depth" in search_binary_handler()
Nobody except search_binary_handler() should touch ->recursion_depth, "int depth" buys nothing but complicates the code, kill it. Probably we should also kill "fn" and the !NULL check, ->load_binary should be always defined. And it can not go away after read_unlock() or this code is buggy anyway. Signed-off-by: Oleg Nesterov <oleg@redhat.com> Acked-by: Kees Cook <keescook@chromium.org> Cc: Al Viro <viro@ZenIV.linux.org.uk> Cc: Evgeniy Polyakov <zbr@ioremap.net> Cc: Zach Levis <zml@linux.vnet.ibm.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
This commit is contained in:
parent
5d1baf3b63
commit
131b2f9f12
@ -1370,12 +1370,11 @@ EXPORT_SYMBOL(remove_arg_zero);
|
||||
*/
|
||||
int search_binary_handler(struct linux_binprm *bprm)
|
||||
{
|
||||
unsigned int depth = bprm->recursion_depth;
|
||||
int try,retval;
|
||||
int try, retval;
|
||||
struct linux_binfmt *fmt;
|
||||
|
||||
/* This allows 4 levels of binfmt rewrites before failing hard. */
|
||||
if (depth > 5)
|
||||
if (bprm->recursion_depth > 5)
|
||||
return -ELOOP;
|
||||
|
||||
retval = security_bprm_check(bprm);
|
||||
@ -1396,9 +1395,9 @@ int search_binary_handler(struct linux_binprm *bprm)
|
||||
if (!try_module_get(fmt->module))
|
||||
continue;
|
||||
read_unlock(&binfmt_lock);
|
||||
bprm->recursion_depth = depth + 1;
|
||||
bprm->recursion_depth++;
|
||||
retval = fn(bprm);
|
||||
bprm->recursion_depth = depth;
|
||||
bprm->recursion_depth--;
|
||||
if (retval >= 0) {
|
||||
put_binfmt(fmt);
|
||||
allow_write_access(bprm->file);
|
||||
|
@ -31,7 +31,7 @@ struct linux_binprm {
|
||||
#ifdef __alpha__
|
||||
unsigned int taso:1;
|
||||
#endif
|
||||
unsigned int recursion_depth;
|
||||
unsigned int recursion_depth; /* only for search_binary_handler() */
|
||||
struct file * file;
|
||||
struct cred *cred; /* new credentials */
|
||||
int unsafe; /* how unsafe this exec is (mask of LSM_UNSAFE_*) */
|
||||
|
Loading…
Reference in New Issue
Block a user