]>
Commit | Line | Data |
---|---|---|
f0e96b7d JB |
1 | [PATCH] Andrea Arcangeli: malicious users of mremap() syscall can gain priviledges |
2 | ||
3 | All diffs for ChangeSet 1.1136.92.4 | |
4 | diff -Nru a/mm/mremap.c b/mm/mremap.c | |
5 | --- a/mm/mremap.c Mon Jan 5 06:14:39 2004 | |
6 | +++ b/mm/mremap.c Mon Jan 5 06:14:39 2004 | |
7 | @@ -241,6 +241,13 @@ | |
8 | ||
9 | if (new_len > TASK_SIZE || new_addr > TASK_SIZE - new_len) | |
10 | goto out; | |
11 | + /* | |
12 | + * Allow new_len == 0 only if new_addr == addr | |
13 | + * to preserve truncation in place (that was working | |
14 | + * safe and some app may depend on it). | |
15 | + */ | |
16 | + if (unlikely(!new_len && new_addr != addr)) | |
17 | + goto out; | |
18 | ||
19 | /* Check if the location we're moving into overlaps the | |
20 | * old location at all, and fail if it does. |