diff options
author | Anthony G. Basile <blueness@gentoo.org> | 2011-06-15 12:41:51 -0400 |
---|---|---|
committer | Anthony G. Basile <blueness@gentoo.org> | 2011-06-15 12:41:51 -0400 |
commit | f7b78ff5181a2af72e7265fbfc9268ce65a8a259 (patch) | |
tree | 7c9c8df8f1f50b425d1ce7d06c22c791399f51f6 /2.6.32 | |
parent | Update Grsec/PaX (diff) | |
download | hardened-patchset-f7b78ff5181a2af72e7265fbfc9268ce65a8a259.tar.gz hardened-patchset-f7b78ff5181a2af72e7265fbfc9268ce65a8a259.tar.bz2 hardened-patchset-f7b78ff5181a2af72e7265fbfc9268ce65a8a259.zip |
Update Grsec/PaX
2.2.2-2.6.32.41-201106132135
2.2.2-2.6.39.1-201106132135
Diffstat (limited to '2.6.32')
-rw-r--r-- | 2.6.32/0000_README | 2 | ||||
-rw-r--r-- | 2.6.32/4420_grsecurity-2.2.2-2.6.32.41-201106132135.patch (renamed from 2.6.32/4420_grsecurity-2.2.2-2.6.32.41-201106071941.patch) | 247 |
2 files changed, 223 insertions, 26 deletions
diff --git a/2.6.32/0000_README b/2.6.32/0000_README index 3c6c9f7..1b0ab21 100644 --- a/2.6.32/0000_README +++ b/2.6.32/0000_README @@ -3,7 +3,7 @@ README Individual Patch Descriptions: ----------------------------------------------------------------------------- -Patch: 4420_grsecurity-2.2.2-2.6.32.41-201106071941.patch +Patch: 4420_grsecurity-2.2.2-2.6.32.41-201106132135.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/2.6.32/4420_grsecurity-2.2.2-2.6.32.41-201106071941.patch b/2.6.32/4420_grsecurity-2.2.2-2.6.32.41-201106132135.patch index 3d01c9c..69e5b91 100644 --- a/2.6.32/4420_grsecurity-2.2.2-2.6.32.41-201106071941.patch +++ b/2.6.32/4420_grsecurity-2.2.2-2.6.32.41-201106132135.patch @@ -50,8 +50,60 @@ diff -urNp linux-2.6.32.41/arch/alpha/kernel/module.c linux-2.6.32.41/arch/alpha for (i = 0; i < n; i++) { diff -urNp linux-2.6.32.41/arch/alpha/kernel/osf_sys.c linux-2.6.32.41/arch/alpha/kernel/osf_sys.c --- linux-2.6.32.41/arch/alpha/kernel/osf_sys.c 2011-03-27 14:31:47.000000000 -0400 -+++ linux-2.6.32.41/arch/alpha/kernel/osf_sys.c 2011-04-17 15:56:45.000000000 -0400 -@@ -1169,7 +1169,7 @@ arch_get_unmapped_area_1(unsigned long a ++++ linux-2.6.32.41/arch/alpha/kernel/osf_sys.c 2011-06-13 17:19:47.000000000 -0400 +@@ -431,7 +431,7 @@ SYSCALL_DEFINE2(osf_getdomainname, char + return -EFAULT; + + len = namelen; +- if (namelen > 32) ++ if (len > 32) + len = 32; + + down_read(&uts_sem); +@@ -618,7 +618,7 @@ SYSCALL_DEFINE3(osf_sysinfo, int, comman + down_read(&uts_sem); + res = sysinfo_table[offset]; + len = strlen(res)+1; +- if (len > count) ++ if ((unsigned long)len > (unsigned long)count) + len = count; + if (copy_to_user(buf, res, len)) + err = -EFAULT; +@@ -673,7 +673,7 @@ SYSCALL_DEFINE5(osf_getsysinfo, unsigned + return 1; + + case GSI_GET_HWRPB: +- if (nbytes < sizeof(*hwrpb)) ++ if (nbytes > sizeof(*hwrpb)) + return -EINVAL; + if (copy_to_user(buffer, hwrpb, nbytes) != 0) + return -EFAULT; +@@ -1035,6 +1035,7 @@ SYSCALL_DEFINE4(osf_wait4, pid_t, pid, i + { + struct rusage r; + long ret, err; ++ unsigned int status = 0; + mm_segment_t old_fs; + + if (!ur) +@@ -1043,13 +1044,15 @@ SYSCALL_DEFINE4(osf_wait4, pid_t, pid, i + old_fs = get_fs(); + + set_fs (KERNEL_DS); +- ret = sys_wait4(pid, ustatus, options, (struct rusage __user *) &r); ++ ret = sys_wait4(pid, (unsigned int __user *) &status, options, ++ (struct rusage __user *) &r); + set_fs (old_fs); + + if (!access_ok(VERIFY_WRITE, ur, sizeof(*ur))) + return -EFAULT; + + err = 0; ++ err |= put_user(status, ustatus); + err |= __put_user(r.ru_utime.tv_sec, &ur->ru_utime.tv_sec); + err |= __put_user(r.ru_utime.tv_usec, &ur->ru_utime.tv_usec); + err |= __put_user(r.ru_stime.tv_sec, &ur->ru_stime.tv_sec); +@@ -1169,7 +1172,7 @@ arch_get_unmapped_area_1(unsigned long a /* At this point: (!vma || addr < vma->vm_end). */ if (limit - len < addr) return -ENOMEM; @@ -60,7 +112,7 @@ diff -urNp linux-2.6.32.41/arch/alpha/kernel/osf_sys.c linux-2.6.32.41/arch/alph return addr; addr = vma->vm_end; vma = vma->vm_next; -@@ -1205,6 +1205,10 @@ arch_get_unmapped_area(struct file *filp +@@ -1205,6 +1208,10 @@ arch_get_unmapped_area(struct file *filp merely specific addresses, but regions of memory -- perhaps this feature should be incorporated into all ports? */ @@ -71,7 +123,7 @@ diff -urNp linux-2.6.32.41/arch/alpha/kernel/osf_sys.c linux-2.6.32.41/arch/alph if (addr) { addr = arch_get_unmapped_area_1 (PAGE_ALIGN(addr), len, limit); if (addr != (unsigned long) -ENOMEM) -@@ -1212,8 +1216,8 @@ arch_get_unmapped_area(struct file *filp +@@ -1212,8 +1219,8 @@ arch_get_unmapped_area(struct file *filp } /* Next, try allocating at TASK_UNMAPPED_BASE. */ @@ -306,6 +358,27 @@ diff -urNp linux-2.6.32.41/arch/arm/kernel/kgdb.c linux-2.6.32.41/arch/arm/kerne #ifndef __ARMEB__ .gdb_bpt_instr = {0xfe, 0xde, 0xff, 0xe7} #else /* ! __ARMEB__ */ +diff -urNp linux-2.6.32.41/arch/arm/kernel/traps.c linux-2.6.32.41/arch/arm/kernel/traps.c +--- linux-2.6.32.41/arch/arm/kernel/traps.c 2011-03-27 14:31:47.000000000 -0400 ++++ linux-2.6.32.41/arch/arm/kernel/traps.c 2011-06-13 21:31:18.000000000 -0400 +@@ -247,6 +247,8 @@ static void __die(const char *str, int e + + DEFINE_SPINLOCK(die_lock); + ++extern void gr_handle_kernel_exploit(void); ++ + /* + * This function is protected against re-entrancy. + */ +@@ -271,6 +273,8 @@ NORET_TYPE void die(const char *str, str + if (panic_on_oops) + panic("Fatal exception"); + ++ gr_handle_kernel_exploit(); ++ + do_exit(SIGSEGV); + } + diff -urNp linux-2.6.32.41/arch/arm/mach-at91/pm.c linux-2.6.32.41/arch/arm/mach-at91/pm.c --- linux-2.6.32.41/arch/arm/mach-at91/pm.c 2011-03-27 14:31:47.000000000 -0400 +++ linux-2.6.32.41/arch/arm/mach-at91/pm.c 2011-04-17 15:56:45.000000000 -0400 @@ -2577,6 +2650,27 @@ diff -urNp linux-2.6.32.41/arch/powerpc/kernel/sys_ppc32.c linux-2.6.32.41/arch/ } return error; } +diff -urNp linux-2.6.32.41/arch/powerpc/kernel/traps.c linux-2.6.32.41/arch/powerpc/kernel/traps.c +--- linux-2.6.32.41/arch/powerpc/kernel/traps.c 2011-03-27 14:31:47.000000000 -0400 ++++ linux-2.6.32.41/arch/powerpc/kernel/traps.c 2011-06-13 21:33:37.000000000 -0400 +@@ -99,6 +99,8 @@ static void pmac_backlight_unblank(void) + static inline void pmac_backlight_unblank(void) { } + #endif + ++extern void gr_handle_kernel_exploit(void); ++ + int die(const char *str, struct pt_regs *regs, long err) + { + static struct { +@@ -168,6 +170,8 @@ int die(const char *str, struct pt_regs + if (panic_on_oops) + panic("Fatal exception"); + ++ gr_handle_kernel_exploit(); ++ + oops_exit(); + do_exit(err); + diff -urNp linux-2.6.32.41/arch/powerpc/kernel/vdso.c linux-2.6.32.41/arch/powerpc/kernel/vdso.c --- linux-2.6.32.41/arch/powerpc/kernel/vdso.c 2011-03-27 14:31:47.000000000 -0400 +++ linux-2.6.32.41/arch/powerpc/kernel/vdso.c 2011-04-17 15:56:45.000000000 -0400 @@ -4257,8 +4351,17 @@ diff -urNp linux-2.6.32.41/arch/sparc/kernel/sys_sparc_64.c linux-2.6.32.41/arch } diff -urNp linux-2.6.32.41/arch/sparc/kernel/traps_32.c linux-2.6.32.41/arch/sparc/kernel/traps_32.c --- linux-2.6.32.41/arch/sparc/kernel/traps_32.c 2011-03-27 14:31:47.000000000 -0400 -+++ linux-2.6.32.41/arch/sparc/kernel/traps_32.c 2011-04-17 15:56:46.000000000 -0400 -@@ -76,7 +76,7 @@ void die_if_kernel(char *str, struct pt_ ++++ linux-2.6.32.41/arch/sparc/kernel/traps_32.c 2011-06-13 21:25:39.000000000 -0400 +@@ -44,6 +44,8 @@ static void instruction_dump(unsigned lo + #define __SAVE __asm__ __volatile__("save %sp, -0x40, %sp\n\t") + #define __RESTORE __asm__ __volatile__("restore %g0, %g0, %g0\n\t") + ++extern void gr_handle_kernel_exploit(void); ++ + void die_if_kernel(char *str, struct pt_regs *regs) + { + static int die_counter; +@@ -76,15 +78,17 @@ void die_if_kernel(char *str, struct pt_ count++ < 30 && (((unsigned long) rw) >= PAGE_OFFSET) && !(((unsigned long) rw) & 0x7)) { @@ -4267,9 +4370,20 @@ diff -urNp linux-2.6.32.41/arch/sparc/kernel/traps_32.c linux-2.6.32.41/arch/spa (void *) rw->ins[7]); rw = (struct reg_window32 *)rw->ins[6]; } + } + printk("Instruction DUMP:"); + instruction_dump ((unsigned long *) regs->pc); +- if(regs->psr & PSR_PS) ++ if(regs->psr & PSR_PS) { ++ gr_handle_kernel_exploit(); + do_exit(SIGKILL); ++ } + do_exit(SIGSEGV); + } + diff -urNp linux-2.6.32.41/arch/sparc/kernel/traps_64.c linux-2.6.32.41/arch/sparc/kernel/traps_64.c --- linux-2.6.32.41/arch/sparc/kernel/traps_64.c 2011-03-27 14:31:47.000000000 -0400 -+++ linux-2.6.32.41/arch/sparc/kernel/traps_64.c 2011-04-17 15:56:46.000000000 -0400 ++++ linux-2.6.32.41/arch/sparc/kernel/traps_64.c 2011-06-13 21:24:11.000000000 -0400 @@ -73,7 +73,7 @@ static void dump_tl1_traplog(struct tl1_ i + 1, p->trapstack[i].tstate, p->trapstack[i].tpc, @@ -4370,7 +4484,16 @@ diff -urNp linux-2.6.32.41/arch/sparc/kernel/traps_64.c linux-2.6.32.41/arch/spa } while (++count < 16); } -@@ -2260,7 +2271,7 @@ void die_if_kernel(char *str, struct pt_ +@@ -2233,6 +2244,8 @@ static inline struct reg_window *kernel_ + return (struct reg_window *) (fp + STACK_BIAS); + } + ++extern void gr_handle_kernel_exploit(void); ++ + void die_if_kernel(char *str, struct pt_regs *regs) + { + static int die_counter; +@@ -2260,7 +2273,7 @@ void die_if_kernel(char *str, struct pt_ while (rw && count++ < 30&& is_kernel_stack(current, rw)) { @@ -4379,6 +4502,19 @@ diff -urNp linux-2.6.32.41/arch/sparc/kernel/traps_64.c linux-2.6.32.41/arch/spa (void *) rw->ins[7]); rw = kernel_stack_up(rw); +@@ -2273,8 +2286,11 @@ void die_if_kernel(char *str, struct pt_ + } + user_instruction_dump ((unsigned int __user *) regs->tpc); + } +- if (regs->tstate & TSTATE_PRIV) ++ if (regs->tstate & TSTATE_PRIV) { ++ gr_handle_kernel_exploit(); + do_exit(SIGKILL); ++ } ++ + do_exit(SIGSEGV); + } + EXPORT_SYMBOL(die_if_kernel); diff -urNp linux-2.6.32.41/arch/sparc/kernel/unaligned_64.c linux-2.6.32.41/arch/sparc/kernel/unaligned_64.c --- linux-2.6.32.41/arch/sparc/kernel/unaligned_64.c 2011-03-27 14:31:47.000000000 -0400 +++ linux-2.6.32.41/arch/sparc/kernel/unaligned_64.c 2011-04-17 15:56:46.000000000 -0400 @@ -36760,6 +36896,20 @@ diff -urNp linux-2.6.32.41/fs/btrfs/extent_io.h linux-2.6.32.41/fs/btrfs/extent_ }; struct extent_state { +diff -urNp linux-2.6.32.41/fs/btrfs/extent-tree.c linux-2.6.32.41/fs/btrfs/extent-tree.c +--- linux-2.6.32.41/fs/btrfs/extent-tree.c 2011-03-27 14:31:47.000000000 -0400 ++++ linux-2.6.32.41/fs/btrfs/extent-tree.c 2011-06-12 06:39:08.000000000 -0400 +@@ -7141,6 +7141,10 @@ static noinline int relocate_one_extent( + u64 group_start = group->key.objectid; + new_extents = kmalloc(sizeof(*new_extents), + GFP_NOFS); ++ if (!new_extents) { ++ ret = -ENOMEM; ++ goto out; ++ } + nr_extents = 1; + ret = get_new_locations(reloc_inode, + extent_key, diff -urNp linux-2.6.32.41/fs/btrfs/free-space-cache.c linux-2.6.32.41/fs/btrfs/free-space-cache.c --- linux-2.6.32.41/fs/btrfs/free-space-cache.c 2011-03-27 14:31:47.000000000 -0400 +++ linux-2.6.32.41/fs/btrfs/free-space-cache.c 2011-04-17 15:56:46.000000000 -0400 @@ -36783,7 +36933,7 @@ diff -urNp linux-2.6.32.41/fs/btrfs/free-space-cache.c linux-2.6.32.41/fs/btrfs/ ret = btrfs_bitmap_cluster(block_group, entry, cluster, diff -urNp linux-2.6.32.41/fs/btrfs/inode.c linux-2.6.32.41/fs/btrfs/inode.c --- linux-2.6.32.41/fs/btrfs/inode.c 2011-03-27 14:31:47.000000000 -0400 -+++ linux-2.6.32.41/fs/btrfs/inode.c 2011-04-17 15:56:46.000000000 -0400 ++++ linux-2.6.32.41/fs/btrfs/inode.c 2011-06-12 06:39:58.000000000 -0400 @@ -63,7 +63,7 @@ static const struct inode_operations btr static const struct address_space_operations btrfs_aops; static const struct address_space_operations btrfs_symlink_aops; @@ -36793,7 +36943,24 @@ diff -urNp linux-2.6.32.41/fs/btrfs/inode.c linux-2.6.32.41/fs/btrfs/inode.c static struct kmem_cache *btrfs_inode_cachep; struct kmem_cache *btrfs_trans_handle_cachep; -@@ -5410,7 +5410,7 @@ fail: +@@ -925,6 +925,7 @@ static int cow_file_range_async(struct i + 1, 0, NULL, GFP_NOFS); + while (start < end) { + async_cow = kmalloc(sizeof(*async_cow), GFP_NOFS); ++ BUG_ON(!async_cow); + async_cow->inode = inode; + async_cow->root = root; + async_cow->locked_page = locked_page; +@@ -4591,6 +4592,8 @@ static noinline int uncompress_inline(st + inline_size = btrfs_file_extent_inline_item_len(leaf, + btrfs_item_nr(leaf, path->slots[0])); + tmp = kmalloc(inline_size, GFP_NOFS); ++ if (!tmp) ++ return -ENOMEM; + ptr = btrfs_file_extent_inline_start(item); + + read_extent_buffer(leaf, tmp, ptr, inline_size); +@@ -5410,7 +5413,7 @@ fail: return -ENOMEM; } @@ -36802,7 +36969,7 @@ diff -urNp linux-2.6.32.41/fs/btrfs/inode.c linux-2.6.32.41/fs/btrfs/inode.c struct dentry *dentry, struct kstat *stat) { struct inode *inode = dentry->d_inode; -@@ -5422,6 +5422,14 @@ static int btrfs_getattr(struct vfsmount +@@ -5422,6 +5425,14 @@ static int btrfs_getattr(struct vfsmount return 0; } @@ -36817,7 +36984,7 @@ diff -urNp linux-2.6.32.41/fs/btrfs/inode.c linux-2.6.32.41/fs/btrfs/inode.c static int btrfs_rename(struct inode *old_dir, struct dentry *old_dentry, struct inode *new_dir, struct dentry *new_dentry) { -@@ -5972,7 +5980,7 @@ static const struct file_operations btrf +@@ -5972,7 +5983,7 @@ static const struct file_operations btrf .fsync = btrfs_sync_file, }; @@ -43625,8 +43792,8 @@ diff -urNp linux-2.6.32.41/grsecurity/gracl_alloc.c linux-2.6.32.41/grsecurity/g +} diff -urNp linux-2.6.32.41/grsecurity/gracl.c linux-2.6.32.41/grsecurity/gracl.c --- linux-2.6.32.41/grsecurity/gracl.c 1969-12-31 19:00:00.000000000 -0500 -+++ linux-2.6.32.41/grsecurity/gracl.c 2011-05-24 20:26:07.000000000 -0400 -@@ -0,0 +1,4079 @@ ++++ linux-2.6.32.41/grsecurity/gracl.c 2011-06-11 16:24:26.000000000 -0400 +@@ -0,0 +1,4085 @@ +#include <linux/kernel.h> +#include <linux/module.h> +#include <linux/sched.h> @@ -43711,7 +43878,8 @@ diff -urNp linux-2.6.32.41/grsecurity/gracl.c linux-2.6.32.41/grsecurity/gracl.c +extern struct vfsmount *hugetlbfs_vfsmount; +#endif + -+static struct acl_object_label *fakefs_obj; ++static struct acl_object_label *fakefs_obj_rw; ++static struct acl_object_label *fakefs_obj_rwx; + +extern int gr_init_uidset(void); +extern void gr_free_uidset(void); @@ -44443,10 +44611,15 @@ diff -urNp linux-2.6.32.41/grsecurity/gracl.c linux-2.6.32.41/grsecurity/gracl.c + printk(KERN_ALERT "Obtained real root device=%d, inode=%lu\n", __get_dev(real_root), real_root->d_inode->i_ino); +#endif + -+ fakefs_obj = acl_alloc(sizeof(struct acl_object_label)); -+ if (fakefs_obj == NULL) ++ fakefs_obj_rw = acl_alloc(sizeof(struct acl_object_label)); ++ if (fakefs_obj_rw == NULL) ++ return 1; ++ fakefs_obj_rw->mode = GR_FIND | GR_READ | GR_WRITE; ++ ++ fakefs_obj_rwx = acl_alloc(sizeof(struct acl_object_label)); ++ if (fakefs_obj_rwx == NULL) + return 1; -+ fakefs_obj->mode = GR_FIND | GR_READ | GR_WRITE | GR_EXEC; ++ fakefs_obj_rwx->mode = GR_FIND | GR_READ | GR_WRITE | GR_EXEC; + + subj_map_set.s_hash = + (struct subject_map **) create_table(&subj_map_set.s_size, sizeof(void *)); @@ -45454,7 +45627,7 @@ diff -urNp linux-2.6.32.41/grsecurity/gracl.c linux-2.6.32.41/grsecurity/gracl.c +#endif + /* ignore Eric Biederman */ + IS_PRIVATE(l_dentry->d_inode))) { -+ retval = fakefs_obj; ++ retval = (subj->mode & GR_SHMEXEC) ? fakefs_obj_rwx : fakefs_obj_rw; + goto out; + } + @@ -52261,7 +52434,7 @@ diff -urNp linux-2.6.32.41/grsecurity/grsum.c linux-2.6.32.41/grsecurity/grsum.c +} diff -urNp linux-2.6.32.41/grsecurity/Kconfig linux-2.6.32.41/grsecurity/Kconfig --- linux-2.6.32.41/grsecurity/Kconfig 1969-12-31 19:00:00.000000000 -0500 -+++ linux-2.6.32.41/grsecurity/Kconfig 2011-04-17 15:56:46.000000000 -0400 ++++ linux-2.6.32.41/grsecurity/Kconfig 2011-06-13 21:34:09.000000000 -0400 @@ -0,0 +1,1045 @@ +# +# grecurity configuration @@ -52405,7 +52578,7 @@ diff -urNp linux-2.6.32.41/grsecurity/Kconfig linux-2.6.32.41/grsecurity/Kconfig + select GRKERNSEC_MODHARDEN if (MODULES) + select GRKERNSEC_HARDEN_PTRACE + select GRKERNSEC_VM86 if (X86_32) -+ select GRKERNSEC_KERN_LOCKOUT if (X86) ++ select GRKERNSEC_KERN_LOCKOUT if (X86 || ARM || PPC || SPARC32 || SPARC64) + select PAX + select PAX_RANDUSTACK + select PAX_ASLR @@ -52605,7 +52778,7 @@ diff -urNp linux-2.6.32.41/grsecurity/Kconfig linux-2.6.32.41/grsecurity/Kconfig + +config GRKERNSEC_KERN_LOCKOUT + bool "Active kernel exploit response" -+ depends on X86 ++ depends on X86 || ARM || PPC || SPARC32 || SPARC64 + help + If you say Y here, when a PaX alert is triggered due to suspicious + activity in the kernel (from KERNEXEC/UDEREF/USERCOPY) @@ -55028,8 +55201,8 @@ diff -urNp linux-2.6.32.41/include/linux/gralloc.h linux-2.6.32.41/include/linux +#endif diff -urNp linux-2.6.32.41/include/linux/grdefs.h linux-2.6.32.41/include/linux/grdefs.h --- linux-2.6.32.41/include/linux/grdefs.h 1969-12-31 19:00:00.000000000 -0500 -+++ linux-2.6.32.41/include/linux/grdefs.h 2011-04-17 15:56:46.000000000 -0400 -@@ -0,0 +1,139 @@ ++++ linux-2.6.32.41/include/linux/grdefs.h 2011-06-11 16:20:26.000000000 -0400 +@@ -0,0 +1,140 @@ +#ifndef GRDEFS_H +#define GRDEFS_H + @@ -55119,7 +55292,8 @@ diff -urNp linux-2.6.32.41/include/linux/grdefs.h linux-2.6.32.41/include/linux/ + GR_PROCFIND = 0x00008000, + GR_POVERRIDE = 0x00010000, + GR_KERNELAUTH = 0x00020000, -+ GR_ATSECURE = 0x00040000 ++ GR_ATSECURE = 0x00040000, ++ GR_SHMEXEC = 0x00080000 +}; + +enum { @@ -66922,6 +67096,29 @@ diff -urNp linux-2.6.32.41/net/atm/resources.c linux-2.6.32.41/net/atm/resources __AAL_STAT_ITEMS #undef __HANDLE_ITEM } +diff -urNp linux-2.6.32.41/net/bluetooth/l2cap.c linux-2.6.32.41/net/bluetooth/l2cap.c +--- linux-2.6.32.41/net/bluetooth/l2cap.c 2011-03-27 14:31:47.000000000 -0400 ++++ linux-2.6.32.41/net/bluetooth/l2cap.c 2011-06-12 06:34:08.000000000 -0400 +@@ -1885,7 +1885,7 @@ static int l2cap_sock_getsockopt_old(str + err = -ENOTCONN; + break; + } +- ++ memset(&cinfo, 0, sizeof(cinfo)); + cinfo.hci_handle = l2cap_pi(sk)->conn->hcon->handle; + memcpy(cinfo.dev_class, l2cap_pi(sk)->conn->hcon->dev_class, 3); + +diff -urNp linux-2.6.32.41/net/bluetooth/rfcomm/sock.c linux-2.6.32.41/net/bluetooth/rfcomm/sock.c +--- linux-2.6.32.41/net/bluetooth/rfcomm/sock.c 2011-03-27 14:31:47.000000000 -0400 ++++ linux-2.6.32.41/net/bluetooth/rfcomm/sock.c 2011-06-12 06:35:00.000000000 -0400 +@@ -878,6 +878,7 @@ static int rfcomm_sock_getsockopt_old(st + + l2cap_sk = rfcomm_pi(sk)->dlc->session->sock->sk; + ++ memset(&cinfo, 0, sizeof(cinfo)); + cinfo.hci_handle = l2cap_pi(l2cap_sk)->conn->hcon->handle; + memcpy(cinfo.dev_class, l2cap_pi(l2cap_sk)->conn->hcon->dev_class, 3); + diff -urNp linux-2.6.32.41/net/bridge/br_private.h linux-2.6.32.41/net/bridge/br_private.h --- linux-2.6.32.41/net/bridge/br_private.h 2011-03-27 14:31:47.000000000 -0400 +++ linux-2.6.32.41/net/bridge/br_private.h 2011-04-17 15:56:46.000000000 -0400 |