Skip to content

Commit

Permalink
Revert "exec: load_script: don't blindly truncate shebang string"
Browse files Browse the repository at this point in the history
commit cb5b020 upstream.

This reverts commit 8099b04.

It turns out that people do actually depend on the shebang string being
truncated, and on the fact that an interpreter (like perl) will often
just re-interpret it entirely to get the full argument list.

Reported-by: Samuel Dionne-Riel <samuel@dionne-riel.com>
Acked-by: Kees Cook <keescook@chromium.org>
Cc: Oleg Nesterov <oleg@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  • Loading branch information
Linus Torvalds authored and Greg Kroah-Hartman committed Feb 15, 2019
1 parent 03feb1e commit 90aa9a7
Showing 1 changed file with 3 additions and 7 deletions.
10 changes: 3 additions & 7 deletions fs/binfmt_script.c
Original file line number Diff line number Diff line change
@@ -42,14 +42,10 @@ static int load_script(struct linux_binprm *bprm)
fput(bprm->file);
bprm->file = NULL;

for (cp = bprm->buf+2;; cp++) {
if (cp >= bprm->buf + BINPRM_BUF_SIZE)
return -ENOEXEC;
if (!*cp || (*cp == '\n'))
break;
}
bprm->buf[BINPRM_BUF_SIZE - 1] = '\0';
if ((cp = strchr(bprm->buf, '\n')) == NULL)
cp = bprm->buf+BINPRM_BUF_SIZE-1;
*cp = '\0';

while (cp > bprm->buf) {
cp--;
if ((*cp == ' ') || (*cp == '\t'))

0 comments on commit 90aa9a7

Please sign in to comment.