security: Protection for exploiting null dereference using mmap
[linux-2.6.git] / mm / mremap.c
index 5d4bd4f..bc7c52e 100644 (file)
@@ -291,6 +291,10 @@ unsigned long do_mremap(unsigned long addr,
                if ((addr <= new_addr) && (addr+old_len) > new_addr)
                        goto out;
 
+               ret = security_file_mmap(0, 0, 0, 0, new_addr, 1);
+               if (ret)
+                       goto out;
+
                ret = do_munmap(mm, new_addr, new_len);
                if (ret)
                        goto out;
@@ -390,8 +394,13 @@ unsigned long do_mremap(unsigned long addr,
 
                        new_addr = get_unmapped_area(vma->vm_file, 0, new_len,
                                                vma->vm_pgoff, map_flags);
-                       ret = new_addr;
-                       if (new_addr & ~PAGE_MASK)
+                       if (new_addr & ~PAGE_MASK) {
+                               ret = new_addr;
+                               goto out;
+                       }
+
+                       ret = security_file_mmap(0, 0, 0, 0, new_addr, 1);
+                       if (ret)
                                goto out;
                }
                ret = move_vma(vma, addr, old_len, new_len, new_addr);