diff options
author | Anthony G. Basile <basile@opensource.dyc.edu> | 2010-11-17 16:17:14 -0500 |
---|---|---|
committer | Anthony G. Basile <basile@opensource.dyc.edu> | 2010-11-17 16:17:14 -0500 |
commit | 24101317337c4e3de43ef9b50d03349c10e7cc85 (patch) | |
tree | c9b67d02e23c2938bab729648d21bba03f6a0492 /2.6.32 | |
parent | Update Grsec/PaX (diff) | |
download | hardened-patchset-24101317337c4e3de43ef9b50d03349c10e7cc85.tar.gz hardened-patchset-24101317337c4e3de43ef9b50d03349c10e7cc85.tar.bz2 hardened-patchset-24101317337c4e3de43ef9b50d03349c10e7cc85.zip |
Update Grsec/PaX20101115
2.2.0-2.6.32.25-201011151726 against 2.6.32.25
2.2.0-2.6.36-201011151726 against 2.6.36
Diffstat (limited to '2.6.32')
-rw-r--r-- | 2.6.32/0000_README | 2 | ||||
-rw-r--r-- | 2.6.32/4420_grsecurity-2.2.0-2.6.32.25-201011151726.patch (renamed from 2.6.32/4420_grsecurity-2.2.0-2.6.32.25-201011131640.patch) | 74 |
2 files changed, 73 insertions, 3 deletions
diff --git a/2.6.32/0000_README b/2.6.32/0000_README index 745f6ce..fecc43d 100644 --- a/2.6.32/0000_README +++ b/2.6.32/0000_README @@ -3,7 +3,7 @@ README Individual Patch Descriptions: ----------------------------------------------------------------------------- -Patch: 4420_grsecurity-2.2.0-2.6.32.25-201011131640.patch +Patch: 4420_grsecurity-2.2.0-2.6.32.25-201011151726.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/2.6.32/4420_grsecurity-2.2.0-2.6.32.25-201011131640.patch b/2.6.32/4420_grsecurity-2.2.0-2.6.32.25-201011151726.patch index 817174f..3ea1d8f 100644 --- a/2.6.32/4420_grsecurity-2.2.0-2.6.32.25-201011131640.patch +++ b/2.6.32/4420_grsecurity-2.2.0-2.6.32.25-201011151726.patch @@ -47954,13 +47954,13 @@ diff -urNp linux-2.6.32.25/include/linux/jbd.h linux-2.6.32.25/include/linux/jbd static inline void *jbd_alloc(size_t size, gfp_t flags) diff -urNp linux-2.6.32.25/include/linux/kallsyms.h linux-2.6.32.25/include/linux/kallsyms.h --- linux-2.6.32.25/include/linux/kallsyms.h 2010-08-13 16:24:37.000000000 -0400 -+++ linux-2.6.32.25/include/linux/kallsyms.h 2010-11-13 16:38:15.000000000 -0500 ++++ linux-2.6.32.25/include/linux/kallsyms.h 2010-11-15 17:10:03.000000000 -0500 @@ -15,7 +15,8 @@ struct module; -#ifdef CONFIG_KALLSYMS -+#if !defined(__INCLUDED_BY_HIDESYM) && defined(CONFIG_KALLSYMS) ++#if !defined(__INCLUDED_BY_HIDESYM) || !defined(CONFIG_KALLSYMS) +#if defined(CONFIG_KALLSYMS) && !defined(CONFIG_GRKERNSEC_HIDESYM) /* Lookup the address for a symbol. Returns 0 if not found. */ unsigned long kallsyms_lookup_name(const char *name); @@ -49008,6 +49008,18 @@ diff -urNp linux-2.6.32.25/include/linux/slub_def.h linux-2.6.32.25/include/linu void (*ctor)(void *); int inuse; /* Offset to metadata */ int align; /* Alignment */ +diff -urNp linux-2.6.32.25/include/linux/socket.h linux-2.6.32.25/include/linux/socket.h +--- linux-2.6.32.25/include/linux/socket.h 2010-10-31 16:44:11.000000000 -0400 ++++ linux-2.6.32.25/include/linux/socket.h 2010-11-15 17:11:27.000000000 -0500 +@@ -304,7 +304,7 @@ extern int csum_partial_copy_fromiovecen + int offset, + unsigned int len, __wsum *csump); + +-extern long verify_iovec(struct msghdr *m, struct iovec *iov, struct sockaddr *address, int mode); ++extern int verify_iovec(struct msghdr *m, struct iovec *iov, struct sockaddr *address, int mode); + extern int memcpy_toiovec(struct iovec *v, unsigned char *kdata, int len); + extern int memcpy_toiovecend(const struct iovec *v, unsigned char *kdata, + int offset, int len); diff -urNp linux-2.6.32.25/include/linux/sonet.h linux-2.6.32.25/include/linux/sonet.h --- linux-2.6.32.25/include/linux/sonet.h 2010-08-13 16:24:37.000000000 -0400 +++ linux-2.6.32.25/include/linux/sonet.h 2010-10-23 19:59:20.000000000 -0400 @@ -56672,6 +56684,26 @@ diff -urNp linux-2.6.32.25/net/bridge/br_sysfs_if.c linux-2.6.32.25/net/bridge/b .show = brport_show, .store = brport_store, }; +diff -urNp linux-2.6.32.25/net/compat.c linux-2.6.32.25/net/compat.c +--- linux-2.6.32.25/net/compat.c 2010-08-13 16:24:37.000000000 -0400 ++++ linux-2.6.32.25/net/compat.c 2010-11-15 17:12:20.000000000 -0500 +@@ -40,10 +40,12 @@ static inline int iov_from_user_compat_t + compat_size_t len; + + if (get_user(len, &uiov32->iov_len) || +- get_user(buf, &uiov32->iov_base)) { +- tot_len = -EFAULT; +- break; +- } ++ get_user(buf, &uiov32->iov_base)) ++ return -EFAULT; ++ ++ if (len > INT_MAX - tot_len) ++ len = INT_MAX - tot_len; ++ + tot_len += len; + kiov->iov_base = compat_ptr(buf); + kiov->iov_len = (__kernel_size_t) len; diff -urNp linux-2.6.32.25/net/core/dev.c linux-2.6.32.25/net/core/dev.c --- linux-2.6.32.25/net/core/dev.c 2010-08-29 21:08:20.000000000 -0400 +++ linux-2.6.32.25/net/core/dev.c 2010-10-23 19:59:20.000000000 -0400 @@ -56735,6 +56767,44 @@ diff -urNp linux-2.6.32.25/net/core/flow.c linux-2.6.32.25/net/core/flow.c #define flow_flush_tasklet(cpu) (&per_cpu(flow_flush_tasklets, cpu)) +diff -urNp linux-2.6.32.25/net/core/iovec.c linux-2.6.32.25/net/core/iovec.c +--- linux-2.6.32.25/net/core/iovec.c 2010-10-31 16:44:11.000000000 -0400 ++++ linux-2.6.32.25/net/core/iovec.c 2010-11-15 17:14:08.000000000 -0500 +@@ -36,10 +36,9 @@ + * in any case. + */ + +-long verify_iovec(struct msghdr *m, struct iovec *iov, struct sockaddr *address, int mode) ++int verify_iovec(struct msghdr *m, struct iovec *iov, struct sockaddr *address, int mode) + { +- int size, ct; +- long err; ++ int size, ct, err; + + if (m->msg_namelen) { + if (mode == VERIFY_READ) { +@@ -61,14 +60,13 @@ long verify_iovec(struct msghdr *m, stru + err = 0; + + for (ct = 0; ct < m->msg_iovlen; ct++) { +- err += iov[ct].iov_len; +- /* +- * Goal is not to verify user data, but to prevent returning +- * negative value, which is interpreted as errno. +- * Overflow is still possible, but it is harmless. +- */ +- if (err < 0) +- return -EMSGSIZE; ++ size_t len = iov[ct].iov_len; ++ ++ if (len > INT_MAX - err) { ++ len = INT_MAX - err; ++ iov[ct].iov_len = len; ++ } ++ err += len; + } + + return err; diff -urNp linux-2.6.32.25/net/dccp/ccids/ccid3.c linux-2.6.32.25/net/dccp/ccids/ccid3.c --- linux-2.6.32.25/net/dccp/ccids/ccid3.c 2010-08-13 16:24:37.000000000 -0400 +++ linux-2.6.32.25/net/dccp/ccids/ccid3.c 2010-10-23 19:59:20.000000000 -0400 |