Re: No need for 2.4.23 (re compromise)
On Sat, Dec 06, 2003 at 01:07:31AM +0000, Mark C wrote:
> On Fri, 2003-12-05 at 15:47, Bill Moseley wrote:
>
> > I'm using that last one, 2.4.20.
>
> same here from the debian sources, but with a few added patches,
> there is no need to download a new kernel, just get the source you have
> for the currently running kernel, apply this patch:
I already built 2.4.23. Good to get my cpu a bit of exercise once in a
while.
>
> ---------------------- cut ---------------------
> --- 1.31/mm/mmap.c Fri Sep 12 06:44:06 2003
> +++ 1.32/mm/mmap.c Thu Oct 2 01:18:19 2003
> @@ -1041,6 +1041,9 @@
> if (!len)
> return addr;
>
> + if ((addr + len) > TASK_SIZE || (addr + len) < addr)
> + return -EINVAL;
> +
So that's the brk bug? Doesn't take much code to wreck havoc, does it.
|| (addr + len) < addr. Hum. So, wrap around overflow?
--
Bill Moseley
moseley@hank.org
Reply to: