summaryrefslogtreecommitdiff
path: root/2.6.32
diff options
context:
space:
mode:
authorAnthony G. Basile <blueness@gentoo.org>2013-06-05 16:08:19 -0400
committerAnthony G. Basile <blueness@gentoo.org>2013-06-05 16:08:19 -0400
commit7613b2514cbb5fd2e7956f2facabe3204b4449bc (patch)
tree733e7d165dd875be2966355b95e948f77a5ac948 /2.6.32
parentGrsec/PaX: 2.9.1-{2.6.32.60,3.2.45,3.9.4}-201306011536 (diff)
downloadhardened-patchset-7613b2514cbb5fd2e7956f2facabe3204b4449bc.tar.gz
hardened-patchset-7613b2514cbb5fd2e7956f2facabe3204b4449bc.tar.bz2
hardened-patchset-7613b2514cbb5fd2e7956f2facabe3204b4449bc.zip
Grsec/PaX: 2.9.1-{2.6.32.60,3.2.45,3.9.4}-201306041949
Diffstat (limited to '2.6.32')
-rw-r--r--2.6.32/0000_README2
-rw-r--r--2.6.32/4420_grsecurity-2.9.1-2.6.32.60-201306041946.patch (renamed from 2.6.32/4420_grsecurity-2.9.1-2.6.32.60-201306011535.patch)137
2 files changed, 136 insertions, 3 deletions
diff --git a/2.6.32/0000_README b/2.6.32/0000_README
index 4edfd58..797feaa 100644
--- a/2.6.32/0000_README
+++ b/2.6.32/0000_README
@@ -34,7 +34,7 @@ Patch: 1059_linux-2.6.32.60.patch
From: http://www.kernel.org
Desc: Linux 2.6.32.59
-Patch: 4420_grsecurity-2.9.1-2.6.32.60-201306011535.patch
+Patch: 4420_grsecurity-2.9.1-2.6.32.60-201306041946.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/2.6.32/4420_grsecurity-2.9.1-2.6.32.60-201306011535.patch b/2.6.32/4420_grsecurity-2.9.1-2.6.32.60-201306041946.patch
index eb29409..8e09bd0 100644
--- a/2.6.32/4420_grsecurity-2.9.1-2.6.32.60-201306011535.patch
+++ b/2.6.32/4420_grsecurity-2.9.1-2.6.32.60-201306041946.patch
@@ -3605,6 +3605,19 @@ index a27d2e2..18fd845 100644
#define PAGE_KERNEL __pgprot(_PAGE_KERNEL)
#define PAGE_KERNEL_RO __pgprot(_PAGE_KERNEL & ~_PAGE_WRITE)
#define PAGE_KERNEL_UNC __pgprot(_PAGE_KERNEL | _PAGE_NO_CACHE)
+diff --git a/arch/parisc/kernel/drivers.c b/arch/parisc/kernel/drivers.c
+index 994bcd9..f25247a 100644
+--- a/arch/parisc/kernel/drivers.c
++++ b/arch/parisc/kernel/drivers.c
+@@ -393,7 +393,7 @@ EXPORT_SYMBOL(print_pci_hwpath);
+ static void setup_bus_id(struct parisc_device *padev)
+ {
+ struct hardware_path path;
+- char name[20];
++ char name[28];
+ char *output = name;
+ int i;
+
diff --git a/arch/parisc/kernel/module.c b/arch/parisc/kernel/module.c
index 2120746..8d70a5e 100644
--- a/arch/parisc/kernel/module.c
@@ -3708,6 +3721,20 @@ index 2120746..8d70a5e 100644
DEBUGP("register_unwind_table(), sect = %d at 0x%p - 0x%p (gp=0x%lx)\n",
me->arch.unwind_section, table, end, gp);
+diff --git a/arch/parisc/kernel/setup.c b/arch/parisc/kernel/setup.c
+index cb71f3d..306f0c0 100644
+--- a/arch/parisc/kernel/setup.c
++++ b/arch/parisc/kernel/setup.c
+@@ -68,7 +68,8 @@ void __init setup_cmdline(char **cmdline_p)
+ /* called from hpux boot loader */
+ boot_command_line[0] = '\0';
+ } else {
+- strcpy(boot_command_line, (char *)__va(boot_args[1]));
++ strlcpy(boot_command_line, (char *)__va(boot_args[1]),
++ COMMAND_LINE_SIZE);
+
+ #ifdef CONFIG_BLK_DEV_INITRD
+ if (boot_args[2] != 0) /* did palo pass us a ramdisk? */
diff --git a/arch/parisc/kernel/signal32.c b/arch/parisc/kernel/signal32.c
index fb59852..32d43e7 100644
--- a/arch/parisc/kernel/signal32.c
@@ -47545,6 +47572,28 @@ index 0236f0d..c7327f1 100644
serio->dev.bus = &serio_bus;
serio->dev.release = serio_release_port;
if (serio->parent) {
+diff --git a/drivers/isdn/capi/kcapi.c b/drivers/isdn/capi/kcapi.c
+index dc506ab..af04b54 100644
+--- a/drivers/isdn/capi/kcapi.c
++++ b/drivers/isdn/capi/kcapi.c
+@@ -95,7 +95,7 @@ capi_ctr_put(struct capi_ctr *card)
+
+ static inline struct capi_ctr *get_capi_ctr_by_nr(u16 contr)
+ {
+- if (contr - 1 >= CAPI_MAXCONTR)
++ if (contr < 1 || contr - 1 >= CAPI_MAXCONTR)
+ return NULL;
+
+ return capi_cards[contr - 1];
+@@ -103,7 +103,7 @@ static inline struct capi_ctr *get_capi_ctr_by_nr(u16 contr)
+
+ static inline struct capi20_appl *get_capi_appl_by_nr(u16 applid)
+ {
+- if (applid - 1 >= CAPI_MAXAPPL)
++ if (applid < 1 || applid - 1 >= CAPI_MAXAPPL)
+ return NULL;
+
+ return capi_applications[applid - 1];
diff --git a/drivers/isdn/gigaset/common.c b/drivers/isdn/gigaset/common.c
index 33dcd8d..2783d25 100644
--- a/drivers/isdn/gigaset/common.c
@@ -82186,6 +82235,19 @@ index bfaef7b..e9d03ca 100644
}
void nfs_fattr_init(struct nfs_fattr *fattr)
+diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c
+index 21c7190..22688d5 100644
+--- a/fs/nfs/nfs4proc.c
++++ b/fs/nfs/nfs4proc.c
+@@ -915,7 +915,7 @@ static struct nfs4_state *nfs4_try_open_cached(struct nfs4_opendata *opendata)
+ struct nfs4_state *state = opendata->state;
+ struct nfs_inode *nfsi = NFS_I(state->inode);
+ struct nfs_delegation *delegation;
+- int open_mode = opendata->o_arg.open_flags & O_EXCL;
++ int open_mode = opendata->o_arg.open_flags;
+ fmode_t fmode = opendata->o_arg.fmode;
+ nfs4_stateid stateid;
+ int ret = -EAGAIN;
diff --git a/fs/nfsd/lockd.c b/fs/nfsd/lockd.c
index cc2f505..f6a236f 100644
--- a/fs/nfsd/lockd.c
@@ -84523,7 +84585,7 @@ index 7723401..30059a6 100644
error = -EFAULT;
else
diff --git a/fs/reiserfs/dir.c b/fs/reiserfs/dir.c
-index d42c30c..4fd8718 100644
+index d42c30c..153b170 100644
--- a/fs/reiserfs/dir.c
+++ b/fs/reiserfs/dir.c
@@ -66,6 +66,8 @@ int reiserfs_readdir_dentry(struct dentry *dentry, void *dirent,
@@ -84535,6 +84597,15 @@ index d42c30c..4fd8718 100644
reiserfs_write_lock(inode->i_sb);
reiserfs_check_lock_depth(inode->i_sb, "readdir");
+@@ -187,6 +189,8 @@ int reiserfs_readdir_dentry(struct dentry *dentry, void *dirent,
+ next_pos = deh_offset(deh) + 1;
+
+ if (item_moved(&tmp_ih, &path_to_entry)) {
++ set_cpu_key_k_offset(&pos_key,
++ next_pos);
+ goto research;
+ }
+ } /* for */
diff --git a/fs/reiserfs/do_balan.c b/fs/reiserfs/do_balan.c
index 128d3f7c..8840d44 100644
--- a/fs/reiserfs/do_balan.c
@@ -84548,6 +84619,29 @@ index 128d3f7c..8840d44 100644
do_balance_starts(tb);
/* balance leaf returns 0 except if combining L R and S into
+diff --git a/fs/reiserfs/inode.c b/fs/reiserfs/inode.c
+index d240c15..c38a41a 100644
+--- a/fs/reiserfs/inode.c
++++ b/fs/reiserfs/inode.c
+@@ -1786,11 +1786,16 @@ int reiserfs_new_inode(struct reiserfs_transaction_handle *th,
+ TYPE_STAT_DATA, SD_SIZE, MAX_US_INT);
+ memcpy(INODE_PKEY(inode), &(ih.ih_key), KEY_SIZE);
+ args.dirid = le32_to_cpu(ih.ih_key.k_dir_id);
+- if (insert_inode_locked4(inode, args.objectid,
+- reiserfs_find_actor, &args) < 0) {
++
++ reiserfs_write_unlock(inode->i_sb);
++ err = insert_inode_locked4(inode, args.objectid,
++ reiserfs_find_actor, &args);
++ reiserfs_write_lock(inode->i_sb);
++ if (err) {
+ err = -EINVAL;
+ goto out_bad_inode;
+ }
++
+ if (old_format_only(sb))
+ /* not a perfect generation count, as object ids can be reused, but
+ ** this is as good as reiserfs can do right now.
diff --git a/fs/reiserfs/item_ops.c b/fs/reiserfs/item_ops.c
index 72cb1cc..d0e3181 100644
--- a/fs/reiserfs/item_ops.c
@@ -115872,7 +115966,7 @@ index 2dcf04d..4656638 100644
{
.ctl_name = NET_TCP_DMA_COPYBREAK,
diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c
-index b9644d8..537313b 100644
+index b9644d8..8e66b8e 100644
--- a/net/ipv4/tcp.c
+++ b/net/ipv4/tcp.c
@@ -2084,6 +2084,8 @@ static int do_tcp_setsockopt(struct sock *sk, int level,
@@ -115893,6 +115987,19 @@ index b9644d8..537313b 100644
if (get_user(len, optlen))
return -EFAULT;
+@@ -2826,7 +2830,11 @@ int tcp_md5_hash_skb_data(struct tcp_md5sig_pool *hp,
+
+ for (i = 0; i < shi->nr_frags; ++i) {
+ const struct skb_frag_struct *f = &shi->frags[i];
+- sg_set_page(&sg, f->page, f->size, f->page_offset);
++ unsigned int offset = f->page_offset;
++ struct page *page = f->page + (offset >> PAGE_SHIFT);
++
++ sg_set_page(&sg, page, f->size,
++ offset_in_page(offset));
+ if (crypto_hash_update(desc, &sg, f->size))
+ return 1;
+ }
diff --git a/net/ipv4/tcp_illinois.c b/net/ipv4/tcp_illinois.c
index 1eba160b..c35d91f 100644
--- a/net/ipv4/tcp_illinois.c
@@ -116507,6 +116614,19 @@ index 093e9b2..f72cddb 100644
const unsigned short hnum,
const struct in6_addr *daddr,
const int dif)
+diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c
+index 9ad5792..fa406b9 100644
+--- a/net/ipv6/ip6_output.c
++++ b/net/ipv6/ip6_output.c
+@@ -1138,7 +1138,7 @@ int ip6_append_data(struct sock *sk, int getfrag(void *from, char *to,
+ if (WARN_ON(np->cork.opt))
+ return -EINVAL;
+
+- np->cork.opt = kmalloc(opt->tot_len, sk->sk_allocation);
++ np->cork.opt = kzalloc(opt->tot_len, sk->sk_allocation);
+ if (unlikely(np->cork.opt == NULL))
+ return -ENOBUFS;
+
diff --git a/net/ipv6/ipv6_sockglue.c b/net/ipv6/ipv6_sockglue.c
index 4f7aaf6..f7acf45 100644
--- a/net/ipv6/ipv6_sockglue.c
@@ -117047,6 +117167,19 @@ index 35a338b..62102d6 100644
/* Aborting, close connection! */
iriap_disconnect_request(self);
+diff --git a/net/irda/irlap_frame.c b/net/irda/irlap_frame.c
+index 7af2e74..143ae58 100644
+--- a/net/irda/irlap_frame.c
++++ b/net/irda/irlap_frame.c
+@@ -543,7 +543,7 @@ static void irlap_recv_discovery_xid_cmd(struct irlap_cb *self,
+ /*
+ * We now have some discovery info to deliver!
+ */
+- discovery = kmalloc(sizeof(discovery_t), GFP_ATOMIC);
++ discovery = kzalloc(sizeof(discovery_t), GFP_ATOMIC);
+ if (!discovery) {
+ IRDA_WARNING("%s: unable to malloc!\n", __func__);
+ return;
diff --git a/net/irda/irttp.c b/net/irda/irttp.c
index 9cb79f9..d35d057 100644
--- a/net/irda/irttp.c