From: Chris Wright <chrisw@osdl.org>

Fix for CAN-2003-0462:  A race condition in the way env_start and
env_end pointers are initialized in the execve system call and used in
fs/proc/base.c on Linux 2.4 allows local users to cause a denial of
service (crash).



 25-akpm/fs/proc/base.c |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

diff -puN fs/proc/base.c~env-signedness-fixes fs/proc/base.c
--- 25/fs/proc/base.c~env-signedness-fixes	Thu Dec 18 13:57:32 2003
+++ 25-akpm/fs/proc/base.c	Thu Dec 18 13:57:32 2003
@@ -282,7 +282,7 @@ static int proc_pid_environ(struct task_
 	int res = 0;
 	struct mm_struct *mm = get_task_mm(task);
 	if (mm) {
-		int len = mm->env_end - mm->env_start;
+		unsigned int len = mm->env_end - mm->env_start;
 		if (len > PAGE_SIZE)
 			len = PAGE_SIZE;
 		res = access_process_vm(task, mm->env_start, buffer, len, 0);
@@ -294,7 +294,7 @@ static int proc_pid_environ(struct task_
 static int proc_pid_cmdline(struct task_struct *task, char * buffer)
 {
 	int res = 0;
-	int len;
+	unsigned int len;
 	struct mm_struct *mm = get_task_mm(task);
 	if (!mm)
 		goto out;

_