exec: Fix min/max typo in stack space calculation

Message ID	20220201190700.3147041-1-keescook@chromium.org (mailing list archive)
State	Mainlined
Commit	d3e645ef08e8d7ccb9dcedf78cb4b9b3708a3360
Headers	show Return-Path: <linux-hardening-owner@kernel.org> From: Kees Cook <keescook@chromium.org> To: Andrew Morton <akpm@linux-foundation.org> Cc: Kees Cook <keescook@chromium.org>, Ariadne Conill <ariadne@dereferenced.org>, Michael Kerrisk <mtk.manpages@gmail.com>, Matthew Wilcox <willy@infradead.org>, Christian Brauner <brauner@kernel.org>, Rich Felker <dalias@libc.org>, Eric Biederman <ebiederm@xmission.com>, Alexander Viro <viro@zeniv.linux.org.uk>, linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-hardening@vger.kernel.org Subject: [PATCH] exec: Fix min/max typo in stack space calculation Date: Tue, 1 Feb 2022 11:07:00 -0800 Message-Id: <20220201190700.3147041-1-keescook@chromium.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk
Series	exec: Fix min/max typo in stack space calculation \| expand exec: Fix min/max typo in stack space calculation

Message ID

20220201190700.3147041-1-keescook@chromium.org (mailing list archive)

State

Mainlined

Commit

d3e645ef08e8d7ccb9dcedf78cb4b9b3708a3360

Headers

From: Kees Cook <keescook@chromium.org>
To: Andrew Morton <akpm@linux-foundation.org>
Cc: Kees Cook <keescook@chromium.org>,
        Ariadne Conill <ariadne@dereferenced.org>,
        Michael Kerrisk <mtk.manpages@gmail.com>,
        Matthew Wilcox <willy@infradead.org>,
        Christian Brauner <brauner@kernel.org>,
        Rich Felker <dalias@libc.org>,
        Eric Biederman <ebiederm@xmission.com>,
        Alexander Viro <viro@zeniv.linux.org.uk>,
        linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org,
        linux-hardening@vger.kernel.org
Subject: [PATCH] exec: Fix min/max typo in stack space calculation
Date: Tue,  1 Feb 2022 11:07:00 -0800
Message-Id: <20220201190700.3147041-1-keescook@chromium.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Precedence: bulk

Series

exec: Fix min/max typo in stack space calculation | expand

Commit Message

Kees Cook Feb. 1, 2022, 7:07 p.m. UTC

When handling the argc == 0 case, the stack space calculation should be
using max() not min().

Signed-off-by: Kees Cook <keescook@chromium.org>
---
This is a fix for exec-force-single-empty-string-when-argv-is-empty.patch
https://lore.kernel.org/mm-commits/20220201004100.BF6D6C340E8@smtp.kernel.org/
---
 fs/exec.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fs/exec.c b/fs/exec.c
index bbf3aadf7ce1..40b1008fb0f7 100644
--- a/fs/exec.c
+++ b/fs/exec.c
@@ -502,7 +502,7 @@  static int bprm_stack_limits(struct linux_binprm *bprm)
 	 * argc can never be 0, to keep them from walking envp by accident.
 	 * See do_execveat_common().
 	 */
-	ptr_size = (min(bprm->argc, 1) + bprm->envc) * sizeof(void *);
+	ptr_size = (max(bprm->argc, 1) + bprm->envc) * sizeof(void *);
 	if (limit <= ptr_size)
 		return -E2BIG;
 	limit -= ptr_size;

exec: Fix min/max typo in stack space calculation

Commit Message

Patch