From b724ef9c2cf376fce5b56fa9fa7a7c08eb0947ff Mon Sep 17 00:00:00 2001
From: Ariadne Conill <ariadne@dereferenced.org>
Date: Tue, 25 Jan 2022 23:31:35 +0000
Subject: [PATCH] fs/exec: require argv[0] presence in do_execveat_common()

The first argument to argv when used with execv family of calls is
required to be the name of the program being executed, per POSIX.

By validating this in do_execveat_common(), we can prevent execution
of shellcode which invokes execv(2) family syscalls with argc < 1,
a scenario which is disallowed by POSIX, thus providing a mitigation
against CVE-2021-4034 and similar bugs in the future.

This has been inspired by OpenBSD's behaviour, which similarly refuses
to execv(2) when argc < 1.

Signed-off-by: Ariadne Conill <ariadne@dereferenced.org>
---
 fs/exec.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fs/exec.c b/fs/exec.c
index 79f2c9483302..77054da78cc4 100644
--- a/fs/exec.c
+++ b/fs/exec.c
@@ -1897,7 +1897,7 @@ static int do_execveat_common(int fd, struct filename *filename,
 	}
 
 	retval = count(argv, MAX_ARG_STRINGS);
-	if (retval < 0)
+	if (retval < 1)
 		goto out_free;
 	bprm->argc = retval;
 
-- 
2.34.1