[packages/kernel.git] / linux-2.4-do_mremap.patch

[PATCH] Andrea Arcangeli: malicious users of mremap() syscall can gain priviledges

All diffs for ChangeSet 1.1136.92.4
diff -Nru a/mm/mremap.c b/mm/mremap.c
--- a/mm/mremap.c	Mon Jan  5 06:14:39 2004
+++ b/mm/mremap.c	Mon Jan  5 06:14:39 2004
@@ -241,6 +241,13 @@
 
 		if (new_len > TASK_SIZE || new_addr > TASK_SIZE - new_len)
 			goto out;
+		/*
+		 * Allow new_len == 0 only if new_addr == addr
+		 * to preserve truncation in place (that was working
+		 * safe and some app may depend on it).
+		 */
+		if (unlikely(!new_len && new_addr != addr))
+			goto out;
 
 		/* Check if the location we're moving into overlaps the
 		 * old location at all, and fail if it does.
Commit	Line	Data
f0e96b7d JB	1	[PATCH] Andrea Arcangeli: malicious users of mremap() syscall can gain priviledges
	2
	3	All diffs for ChangeSet 1.1136.92.4
	4	diff -Nru a/mm/mremap.c b/mm/mremap.c
	5	--- a/mm/mremap.c Mon Jan 5 06:14:39 2004
	6	+++ b/mm/mremap.c Mon Jan 5 06:14:39 2004
	7	@@ -241,6 +241,13 @@
	8
	9	if (new_len > TASK_SIZE \|\| new_addr > TASK_SIZE - new_len)
	10	goto out;
	11	+ /*
	12	+ * Allow new_len == 0 only if new_addr == addr
	13	+ * to preserve truncation in place (that was working
	14	+ * safe and some app may depend on it).
	15	+ */
	16	+ if (unlikely(!new_len && new_addr != addr))
	17	+ goto out;
	18
	19	/* Check if the location we're moving into overlaps the
	20	* old location at all, and fail if it does.