- Fix an error-path leak of memory and a dentry in load_elf_binary()
  (spotted by Oleg Drokin).

- Tidy up the handling of bad executable images: return -ENOEXEC rather
  than 0.  (We've committed suicide anyway, so probably nobody gets to see
  this).

- Fix upthe logic in load_aout_interp().  It gets itself all set up to
  return -ENOEXEC but there is in fact no path by which it can do this.  Just
  return ~0UL on errors, like load_elf_interp().


 fs/binfmt_elf.c |   10 ++++------
 1 files changed, 4 insertions(+), 6 deletions(-)

diff -puN fs/binfmt_elf.c~load_elf_binary-memleak-fix fs/binfmt_elf.c
--- 25/fs/binfmt_elf.c~load_elf_binary-memleak-fix	2003-03-07 04:01:46.000000000 -0800
+++ 25-akpm/fs/binfmt_elf.c	2003-03-07 04:02:41.000000000 -0800
@@ -390,7 +390,6 @@ static unsigned long load_aout_interp(st
 	unsigned long text_data, elf_entry = ~0UL;
 	char * addr;
 	loff_t offset;
-	int retval;
 
 	current->mm->end_code = interp_ex->a_text;
 	text_data = interp_ex->a_text + interp_ex->a_data;
@@ -412,11 +411,9 @@ static unsigned long load_aout_interp(st
 	}
 
 	do_brk(0, text_data);
-	retval = -ENOEXEC;
 	if (!interpreter->f_op || !interpreter->f_op->read)
 		goto out;
-	retval = interpreter->f_op->read(interpreter, addr, text_data, &offset);
-	if (retval < 0)
+	if (interpreter->f_op->read(interpreter, addr, text_data, &offset) < 0)
 		goto out;
 	flush_icache_range((unsigned long)addr,
 	                   (unsigned long)addr + text_data);
@@ -639,7 +636,7 @@ static int load_elf_binary(struct linux_
 	retval = setup_arg_pages(bprm);
 	if (retval < 0) {
 		send_sig(SIGKILL, current, 0);
-		return retval;
+		goto out_free_dentry;
 	}
 	
 	current->mm->start_stack = bprm->p;
@@ -744,7 +741,8 @@ static int load_elf_binary(struct linux_
 			printk(KERN_ERR "Unable to load interpreter\n");
 			kfree(elf_phdata);
 			send_sig(SIGSEGV, current, 0);
-			return 0;
+			retval = -ENOEXEC; /* Nobody gets to see this, but.. */
+			goto out;
 		}
 		reloc_func_desc = interp_load_addr;
 	} else {

_