diff options
author | 2014-05-10 12:28:55 -0400 | |
---|---|---|
committer | 2014-05-10 12:28:55 -0400 | |
commit | 080fcb7ea019d5794996859a1e45a83006b6bf41 (patch) | |
tree | 27fc5fee0a13347f0631b8bd65357472852d87b0 /3.2.58 | |
parent | Grsec/PaX: 3.0-{3.2.58,3.14.3}-201405071928 (diff) | |
download | hardened-patchset-080fcb7ea019d5794996859a1e45a83006b6bf41.tar.gz hardened-patchset-080fcb7ea019d5794996859a1e45a83006b6bf41.tar.bz2 hardened-patchset-080fcb7ea019d5794996859a1e45a83006b6bf41.zip |
Grsec/PaX: 3.0-{3.2.58,3.14.3}-20140509233720140509
Diffstat (limited to '3.2.58')
-rw-r--r-- | 3.2.58/0000_README | 2 | ||||
-rw-r--r-- | 3.2.58/4420_grsecurity-3.0-3.2.58-201405092334.patch (renamed from 3.2.58/4420_grsecurity-3.0-3.2.58-201405061705.patch) | 52 |
2 files changed, 50 insertions, 4 deletions
diff --git a/3.2.58/0000_README b/3.2.58/0000_README index f10476b..df97a0f 100644 --- a/3.2.58/0000_README +++ b/3.2.58/0000_README @@ -150,7 +150,7 @@ Patch: 1057_linux-3.2.58.patch From: http://www.kernel.org Desc: Linux 3.2.58 -Patch: 4420_grsecurity-3.0-3.2.58-201405061705.patch +Patch: 4420_grsecurity-3.0-3.2.58-201405092334.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/3.2.58/4420_grsecurity-3.0-3.2.58-201405061705.patch b/3.2.58/4420_grsecurity-3.0-3.2.58-201405092334.patch index fab7860..4f95c38 100644 --- a/3.2.58/4420_grsecurity-3.0-3.2.58-201405061705.patch +++ b/3.2.58/4420_grsecurity-3.0-3.2.58-201405092334.patch @@ -34158,6 +34158,44 @@ index 13cbdd3..d374957 100644 static struct asender_cmd *get_asender_cmd(int cmd) { +diff --git a/drivers/block/floppy.c b/drivers/block/floppy.c +index 7a90d4a..6d0f3e1 100644 +--- a/drivers/block/floppy.c ++++ b/drivers/block/floppy.c +@@ -3060,7 +3060,10 @@ static int raw_cmd_copyout(int cmd, void __user *param, + int ret; + + while (ptr) { +- ret = copy_to_user(param, ptr, sizeof(*ptr)); ++ struct floppy_raw_cmd cmd = *ptr; ++ cmd.next = NULL; ++ cmd.kernel_data = NULL; ++ ret = copy_to_user(param, &cmd, sizeof(cmd)); + if (ret) + return -EFAULT; + param += sizeof(struct floppy_raw_cmd); +@@ -3114,10 +3117,11 @@ loop: + return -ENOMEM; + *rcmd = ptr; + ret = copy_from_user(ptr, param, sizeof(*ptr)); +- if (ret) +- return -EFAULT; + ptr->next = NULL; + ptr->buffer_length = 0; ++ ptr->kernel_data = NULL; ++ if (ret) ++ return -EFAULT; + param += sizeof(struct floppy_raw_cmd); + if (ptr->cmd_count > 33) + /* the command may now also take up the space +@@ -3133,7 +3137,6 @@ loop: + for (i = 0; i < 16; i++) + ptr->reply[i] = 0; + ptr->resultcode = 0; +- ptr->kernel_data = NULL; + + if (ptr->flags & (FD_RAW_READ | FD_RAW_WRITE)) { + if (ptr->length <= 0) diff --git a/drivers/block/loop.c b/drivers/block/loop.c index d659135..45fe633 100644 --- a/drivers/block/loop.c @@ -34367,10 +34405,18 @@ index a48e05b..6bac831 100644 kfree(usegment); kfree(ksegment); diff --git a/drivers/char/agp/frontend.c b/drivers/char/agp/frontend.c -index 2e04433..771f2cc 100644 +index 2e04433..3b8afe7 100644 --- a/drivers/char/agp/frontend.c +++ b/drivers/char/agp/frontend.c -@@ -817,7 +817,7 @@ static int agpioc_reserve_wrap(struct agp_file_private *priv, void __user *arg) +@@ -729,6 +729,7 @@ static int agpioc_info_wrap(struct agp_file_private *priv, void __user *arg) + + agp_copy_info(agp_bridge, &kerninfo); + ++ memset(&userinfo, 0, sizeof(userinfo)); + userinfo.version.major = kerninfo.version.major; + userinfo.version.minor = kerninfo.version.minor; + userinfo.bridge_id = kerninfo.device->vendor | +@@ -817,7 +818,7 @@ static int agpioc_reserve_wrap(struct agp_file_private *priv, void __user *arg) if (copy_from_user(&reserve, arg, sizeof(struct agp_region))) return -EFAULT; @@ -34379,7 +34425,7 @@ index 2e04433..771f2cc 100644 return -EFAULT; client = agp_find_client_by_pid(reserve.pid); -@@ -847,7 +847,7 @@ static int agpioc_reserve_wrap(struct agp_file_private *priv, void __user *arg) +@@ -847,7 +848,7 @@ static int agpioc_reserve_wrap(struct agp_file_private *priv, void __user *arg) if (segment == NULL) return -ENOMEM; |