package/base/linux/hotfix-exec.patch

   1 # --- T2-COPYRIGHT-NOTE-BEGIN ---
   2 # T2 SDE: package/*/linux/hotfix-exec.patch
   3 # Copyright (C) 2022 The T2 SDE Project
   4 #
   5 # This Copyright note is generated by scripts/Create-CopyPatch,
   6 # more information can be found in the files COPYING and README.
   7 #
   8 # This patch file is dual-licensed. It is available under the license the
   9 # patched project is licensed under, as long as it is an OpenSource license
  10 # as defined at http://www.opensource.org/ (e.g. BSD, X11) or under the terms
  11 # of the GNU General Public License version 2 as used by the T2 SDE.
  12 # --- T2-COPYRIGHT-NOTE-END ---
  13
  14 Prevert PwnKit class of vulnerabilities by not allowing 0 argv, like OpenBSD.
  15
  16 https://bugzilla.kernel.org/show_bug.cgi?id=8408
  17
  18 --- linux-5.15/fs/exec.c.vanilla        2022-01-27 17:12:37.390020117 +0100
  19 +++ linux-5.15/fs/exec.c        2022-01-27 17:12:38.727020064 +0100
  20 @@ -1897,6 +1897,10 @@
  21         retval = count(argv, MAX_ARG_STRINGS);
  22         if (retval < 0)
  23                 goto out_free;
  24 +       else if (retval == 0) {
  25 +               retval = -EINVAL;
  26 +               goto out_free;
  27 +       }
  28         bprm->argc = retval;
  29
  30         retval = count(envp, MAX_ARG_STRINGS);