Sophie

Sophie

distrib > Scientific%20Linux > 5x > x86_64 > by-pkgid > 27922b4260f65d317aabda37e42bbbff > files > 1857

kernel-2.6.18-238.el5.src.rpm

From: Oleg Nesterov <oleg@redhat.com>
Date: Wed, 1 Dec 2010 16:37:46 -0500
Subject: [misc] binfmts: kill bprm->argv_len
Message-id: <20101201163746.GB1758@redhat.com>
Patchwork-id: 29768
O-Subject: [RHEL5.6 PATCH 1/3] bz625694: kill bprm->argv_len
Bugzilla: 625694
CVE: CVE-2010-4243

https://bugzilla.redhat.com/show_bug.cgi?id=625694

Remove bprm->argv_len. do_execve() records it but otherwise it has
no users. It was introduced by

	[misc] remove MAX_ARG_PAGES limit: rework execve audit
	commit 2ae082bdd5daf663c0ab5e7a175d8900bce73d14

for unknown reason, most probably by accident.

This minor cleanup is a bit off-topic in this series, but:

	- we are going to change do_execve() and compat_do_execve()
	  paths, I'd like to minimize the difference to simplify the
	  review.

	- bprm->vma_pages (introduced by the next patch) can take
	  this place to minimize the KABI impact.

Signed-off-by: Oleg Nesterov <oleg@redhat.com>

diff --git a/fs/exec.c b/fs/exec.c
index 0881cc4..3fe0248 100644
--- a/fs/exec.c
+++ b/fs/exec.c
@@ -1368,7 +1368,6 @@ int do_execve(char * filename,
 {
 	struct linux_binprm *bprm;
 	struct file *file;
-	unsigned long env_p;
 	int retval;
 
 	retval = -ENOMEM;
@@ -1416,11 +1415,9 @@ int do_execve(char * filename,
 	if (retval < 0)
 		goto out;
 
-	env_p = bprm->p;
 	retval = copy_strings(bprm->argc, argv, bprm);
 	if (retval < 0)
 		goto out;
-	bprm->argv_len = env_p - bprm->p;
 
 	retval = search_binary_handler(bprm,regs);
 	if (retval >= 0) {
diff --git a/include/linux/binfmts.h b/include/linux/binfmts.h
index 0833d6e..523963c 100644
--- a/include/linux/binfmts.h
+++ b/include/linux/binfmts.h
@@ -42,7 +42,6 @@ struct linux_binprm{
 	unsigned interp_data;
 	unsigned long loader, exec;
 #ifndef __GENKSYMS__
-	unsigned long argv_len;
 #ifdef CONFIG_MMU
 	struct vm_area_struct *vma;
 #endif