From: Oleg Nesterov <oleg@redhat.com> Date: Wed, 1 Dec 2010 16:37:46 -0500 Subject: [misc] binfmts: kill bprm->argv_len Message-id: <20101201163746.GB1758@redhat.com> Patchwork-id: 29768 O-Subject: [RHEL5.6 PATCH 1/3] bz625694: kill bprm->argv_len Bugzilla: 625694 CVE: CVE-2010-4243 https://bugzilla.redhat.com/show_bug.cgi?id=625694 Remove bprm->argv_len. do_execve() records it but otherwise it has no users. It was introduced by [misc] remove MAX_ARG_PAGES limit: rework execve audit commit 2ae082bdd5daf663c0ab5e7a175d8900bce73d14 for unknown reason, most probably by accident. This minor cleanup is a bit off-topic in this series, but: - we are going to change do_execve() and compat_do_execve() paths, I'd like to minimize the difference to simplify the review. - bprm->vma_pages (introduced by the next patch) can take this place to minimize the KABI impact. Signed-off-by: Oleg Nesterov <oleg@redhat.com> diff --git a/fs/exec.c b/fs/exec.c index 0881cc4..3fe0248 100644 --- a/fs/exec.c +++ b/fs/exec.c @@ -1368,7 +1368,6 @@ int do_execve(char * filename, { struct linux_binprm *bprm; struct file *file; - unsigned long env_p; int retval; retval = -ENOMEM; @@ -1416,11 +1415,9 @@ int do_execve(char * filename, if (retval < 0) goto out; - env_p = bprm->p; retval = copy_strings(bprm->argc, argv, bprm); if (retval < 0) goto out; - bprm->argv_len = env_p - bprm->p; retval = search_binary_handler(bprm,regs); if (retval >= 0) { diff --git a/include/linux/binfmts.h b/include/linux/binfmts.h index 0833d6e..523963c 100644 --- a/include/linux/binfmts.h +++ b/include/linux/binfmts.h @@ -42,7 +42,6 @@ struct linux_binprm{ unsigned interp_data; unsigned long loader, exec; #ifndef __GENKSYMS__ - unsigned long argv_len; #ifdef CONFIG_MMU struct vm_area_struct *vma; #endif