[PATCH] x86_64: Check for bad elf entry address (CVE-2006-0741)

Fixes a local DOS on Intel systems that lead to an endless
recursive fault.  AMD machines don't seem to be affected.

Signed-off-by: Suresh Siddha <suresh.b.siddha@intel.com>
Signed-off-by: Andi Kleen <ak@suse.de>
Signed-off-by: Chris Wright <chrisw@sous-sol.org>

diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c
index f36f2210204f524b2922fa69ea704295bfbe5a59..02b7298453e4775e637c405c9b3f3905a96a682b 100644 (file)
--- a/fs/binfmt_elf.c
+++ b/fs/binfmt_elf.c
@@ -932,6 +932,11 @@ static int load_elf_binary(struct linux_binprm * bprm, struct pt_regs * regs)
                kfree(elf_interpreter);
        } else {
                elf_entry = loc->elf_ex.e_entry;
+               if (BAD_ADDR(elf_entry)) {
+                       send_sig(SIGSEGV, current, 0);
+                       retval = -ENOEXEC; /* Nobody gets to see this, but.. */
+                       goto out_free_dentry;
+               }
        }
 
        kfree(elf_phdata);