Skip to content

Commit

Permalink
Revert "exec: load_script: don't blindly truncate shebang string"
Browse files Browse the repository at this point in the history 
commit cb5b020 upstream.

This reverts commit 8099b04.

It turns out that people do actually depend on the shebang string being
truncated, and on the fact that an interpreter (like perl) will often
just re-interpret it entirely to get the full argument list.

Reported-by: Samuel Dionne-Riel <samuel@dionne-riel.com>
Acked-by: Kees Cook <keescook@chromium.org>
Cc: Oleg Nesterov <oleg@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  • Loading branch information
@torvalds @gregkh
torvalds authored and gregkh committed Feb 15, 2019
1 parent 6f8c14e commit c2109f0
Showing 1 changed file with 3 additions and 7 deletions.
10 changes: 3 additions & 7 deletions fs/binfmt_script.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,14 +42,10 @@ static int load_script(struct linux_binprm *bprm)
fput(bprm->file);
bprm->file = NULL;

for (cp = bprm->buf+2;; cp++) {
if (cp >= bprm->buf + BINPRM_BUF_SIZE)
return -ENOEXEC;
if (!*cp || (*cp == '\n'))
break;
}
bprm->buf[BINPRM_BUF_SIZE - 1] = '\0';
if ((cp = strchr(bprm->buf, '\n')) == NULL)
cp = bprm->buf+BINPRM_BUF_SIZE-1;
*cp = '\0';

while (cp > bprm->buf) {
cp--;
if ((*cp == ' ') || (*cp == '\t'))
Expand Down

0 comments on commit c2109f0

Please sign in to comment.