Patching for binfmt_elf security vulnerability, bug #70681.

3 files changed, 81 insertions, 3 deletions

diff --git a/sys-kernel/ac-sources/ChangeLog b/sys-kernel/ac-sources/ChangeLog
index de22b61ece78..7bf201dde612 100644
--- a/sys-kernel/ac-sources/ChangeLog
+++ b/sys-kernel/ac-sources/ChangeLog
@@ -1,6 +1,10 @@
 # ChangeLog for sys-kernel/ac-sources
 # Copyright 1999-2004 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sys-kernel/ac-sources/ChangeLog,v 1.40 2004/11/09 14:22:47 lostlogic Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-kernel/ac-sources/ChangeLog,v 1.41 2004/11/12 17:54:39 plasmaroo Exp $
+
+  12 Nov 2004; <plasmaroo@gentoo.org> ac-sources-2.6.9-r7.ebuild,
+  +files/ac-sources-2.6.9.binfmt_elf.patch:
+  Patching for binfmt_elf security vulnerability, bug #70681.
 
 *ac-sources-2.6.9-r7 (09 Nov 2004)
 
diff --git a/sys-kernel/ac-sources/ac-sources-2.6.9-r7.ebuild b/sys-kernel/ac-sources/ac-sources-2.6.9-r7.ebuild
index cc1653ff995c..5d4ea77760f8 100644
--- a/sys-kernel/ac-sources/ac-sources-2.6.9-r7.ebuild
+++ b/sys-kernel/ac-sources/ac-sources-2.6.9-r7.ebuild
@@ -1,8 +1,10 @@
 # Copyright 1999-2004 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sys-kernel/ac-sources/ac-sources-2.6.9-r7.ebuild,v 1.1 2004/11/09 14:22:47 lostlogic Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-kernel/ac-sources/ac-sources-2.6.9-r7.ebuild,v 1.2 2004/11/12 17:54:39 plasmaroo Exp $
 
-UNIPATCH_LIST="${DISTDIR}/patch-${KV}.bz2"
+UNIPATCH_LIST="
+	${DISTDIR}/patch-${KV}.bz2
+	${FILESDIR}/${P}.binfmt_elf.patch"
 K_PREPATCHED="yes"
 UNIPATCH_STRICTORDER="yes"
 
diff --git a/sys-kernel/ac-sources/files/ac-sources-2.6.9.binfmt_elf.patch b/sys-kernel/ac-sources/files/ac-sources-2.6.9.binfmt_elf.patch
new file mode 100644
index 000000000000..92e5db882eab
--- /dev/null
+++ b/sys-kernel/ac-sources/files/ac-sources-2.6.9.binfmt_elf.patch
@@ -0,0 +1,72 @@
+--- linux-2.4.27/fs/binfmt_elf.c	2004-11-10 12:25:16 -08:00
++++ linux-2.4.27-plasmaroo/fs/binfmt_elf.c	2004-11-10 12:25:16 -08:00
+@@ -335,9 +335,12 @@
+ 		goto out;
+ 
+ 	retval = kernel_read(interpreter,interp_elf_ex->e_phoff,(char *)elf_phdata,size);
+-	error = retval;
+-	if (retval < 0)
++	error = -EIO;
++	if (retval != size) {
++		if (retval < 0)
++			error = retval;	
+ 		goto out_close;
++	}
+ 
+ 	eppnt = elf_phdata;
+ 	for (i=0; i<interp_elf_ex->e_phnum; i++, eppnt++) {
+@@ -532,8 +535,11 @@
+ 		goto out;
+ 
+ 	retval = kernel_read(bprm->file, loc->elf_ex.e_phoff, (char *) elf_phdata, size);
+-	if (retval < 0)
++	if (retval != size) {
++		if (retval >= 0)
++			retval = -EIO;
+ 		goto out_free_ph;
++	}
+ 
+ 	files = current->files;		/* Refcounted so ok */
+ 	retval = unshare_files();
+@@ -580,8 +586,14 @@
+ 			retval = kernel_read(bprm->file, elf_ppnt->p_offset,
+ 					   elf_interpreter,
+ 					   elf_ppnt->p_filesz);
+-			if (retval < 0)
++			if (retval != elf_ppnt->p_filesz) {
++				if (retval >= 0)
++					retval = -EIO;
+ 				goto out_free_interp;
++			}
++			/* make sure path is NULL terminated */
++			elf_interpreter[elf_ppnt->p_filesz - 1] = '\0';
++
+ 			/* If the program interpreter is one of these two,
+ 			 * then assume an iBCS2 image. Otherwise assume
+ 			 * a native linux image.
+@@ -616,8 +628,11 @@
+ 			if (IS_ERR(interpreter))
+ 				goto out_free_interp;
+ 			retval = kernel_read(interpreter, 0, bprm->buf, BINPRM_BUF_SIZE);
+-			if (retval < 0)
++			if (retval != BINPRM_BUF_SIZE) {
++				if (retval >= 0)
++					retval = -EIO;
+ 				goto out_free_dentry;
++			}
+ 
+ 			/* Get the exec headers */
+ 			loc->interp_ex = *((struct exec *) bprm->buf);
+@@ -776,8 +791,10 @@
+ 		}
+ 
+ 		error = elf_map(bprm->file, load_bias + vaddr, elf_ppnt, elf_prot, elf_flags);
+-		if (BAD_ADDR(error))
+-			continue;
++		if (BAD_ADDR(error)) {
++			send_sig(SIGKILL, current, 0);
++			goto out_free_dentry;
++		}
+ 
+ 		if (!load_addr_set) {
+ 			load_addr_set = 1;