[PATCH] mv64630_pic NULL noise removal

[linux.git] / fs / binfmt_aout.c

diff --git a/fs/binfmt_aout.c b/fs/binfmt_aout.c
index dd9baabaf0166afff7a55c5692f48660553b9bfa..517e111bb7ef4acbb94f95fb560cb4c2734f4d5b 100644 (file)
--- a/fs/binfmt_aout.c
+++ b/fs/binfmt_aout.c
@@ -33,8 +33,6 @@ static int load_aout_binary(struct linux_binprm *, struct pt_regs * regs);
 static int load_aout_library(struct file*);
 static int aout_core_dump(long signr, struct pt_regs * regs, struct file *file);
 
-extern void dump_thread(struct pt_regs *, struct user *);
-
 static struct linux_binfmt aout_format = {
        .module         = THIS_MODULE,
        .load_binary    = load_aout_binary,
@@ -280,6 +278,13 @@ static int load_aout_binary(struct linux_binprm * bprm, struct pt_regs * regs)
                return -ENOEXEC;
        }
 
+       /*
+        * Requires a mmap handler. This prevents people from using a.out
+        * as part of an exploit attack against /proc-related vulnerabilities.
+        */
+       if (!bprm->file->f_op || !bprm->file->f_op->mmap)
+               return -ENOEXEC;
+
        fd_offset = N_TXTOFF(ex);
 
        /* Check initial limits. This avoids letting people circumvent
@@ -318,7 +323,6 @@ static int load_aout_binary(struct linux_binprm * bprm, struct pt_regs * regs)
        current->mm->free_area_cache = current->mm->mmap_base;
        current->mm->cached_hole_size = 0;
 
-       set_mm_counter(current->mm, rss, 0);
        current->mm->mmap = NULL;
        compute_creds(bprm);
        current->flags &= ~PF_FORKNOEXEC;
@@ -479,6 +483,13 @@ static int load_aout_library(struct file *file)
                goto out;
        }
 
+       /*
+        * Requires a mmap handler. This prevents people from using a.out
+        * as part of an exploit attack against /proc-related vulnerabilities.
+        */
+       if (!file->f_op || !file->f_op->mmap)
+               goto out;
+
        if (N_FLAGS(ex))
                goto out;