CRED: Fix load_flat_shared_library() to initialise bprm correctly

Fix binfmt_flag's load_flat_shared_library() to initialise bprm correctly.

Currently, prepare_binprm() is called with only .filename .file and .cred
fields set in bprm, but the .cred_prepared and .per_clear fields at least need
initialising.

Reported-by: Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: James Morris <jmorris@namei.org>

diff --git a/fs/binfmt_flat.c b/fs/binfmt_flat.c
index 397d3057d336a201b744a6ceadec16eaed651c0e..1bffbe0ed7787d96bd8b36cc25d2bd74a1c3572f 100644 (file)
--- a/fs/binfmt_flat.c
+++ b/fs/binfmt_flat.c
@@ -820,6 +820,8 @@ static int load_flat_shared_library(int id, struct lib_info *libs)
        int res;
        char buf[16];
 
+       memset(&bprm, 0, sizeof(bprm));
+
        /* Create the file name */
        sprintf(buf, "/lib/lib%d.so", id);
 
@@ -835,6 +837,12 @@ static int load_flat_shared_library(int id, struct lib_info *libs)
        if (!bprm.cred)
                goto out;
 
+       /* We don't really care about recalculating credentials at this point
+        * as we're past the point of no return and are dealing with shared
+        * libraries.
+        */
+       bprm.cred_prepared = 1;
+
        res = prepare_binprm(&bprm);
 
        if (!IS_ERR_VALUE(res))