summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAnthony G. Basile <blueness@gentoo.org>2011-08-15 12:35:24 -0400
committerAnthony G. Basile <blueness@gentoo.org>2011-08-15 12:35:24 -0400
commit2b31d4fa7384f1a7c4783f57233a1935913d017d (patch)
treeef285a12e63fb468bbe9422b86e72bfebb274df4
parentGrsec/PaX 2.2.2-2.6.39.4-201108071438 (diff)
downloadhardened-patchset-20110814.tar.gz
hardened-patchset-20110814.tar.bz2
hardened-patchset-20110814.zip
Grsec/PaX: 2.2.2-2.6.32.44-201108141242 and 2.2.2-2.6.39.4-20110814124220110814
-rw-r--r--2.6.32/0000_README2
-rw-r--r--2.6.32/4420_grsecurity-2.2.2-2.6.32.44-201108141242.patch (renamed from 2.6.32/4420_grsecurity-2.2.2-2.6.32.44-201108111959.patch)28
-rw-r--r--2.6.39/0000_README2
-rw-r--r--2.6.39/4420_grsecurity-2.2.2-2.6.39.4-201108141242.patch (renamed from 2.6.39/4420_grsecurity-2.2.2-2.6.39.4-201108132040.patch)94
4 files changed, 98 insertions, 28 deletions
diff --git a/2.6.32/0000_README b/2.6.32/0000_README
index 5e4d4d1..3c9e2ca 100644
--- a/2.6.32/0000_README
+++ b/2.6.32/0000_README
@@ -7,7 +7,7 @@ Patch: 1043_linux-2.6.32.44.patch
From: http://www.kernel.org
Desc: Linux 2.6.39.44
-Patch: 4420_grsecurity-2.2.2-2.6.32.44-201108111959.patch
+Patch: 4420_grsecurity-2.2.2-2.6.32.44-201108141242.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/2.6.32/4420_grsecurity-2.2.2-2.6.32.44-201108111959.patch b/2.6.32/4420_grsecurity-2.2.2-2.6.32.44-201108141242.patch
index 39c74d4..09a1d99 100644
--- a/2.6.32/4420_grsecurity-2.2.2-2.6.32.44-201108111959.patch
+++ b/2.6.32/4420_grsecurity-2.2.2-2.6.32.44-201108141242.patch
@@ -72413,7 +72413,7 @@ diff -urNp linux-2.6.32.44/net/ipv4/netfilter/nf_nat_snmp_basic.c linux-2.6.32.4
printk("OOM in bsalg (%d)\n", __LINE__);
diff -urNp linux-2.6.32.44/net/ipv4/raw.c linux-2.6.32.44/net/ipv4/raw.c
--- linux-2.6.32.44/net/ipv4/raw.c 2011-03-27 14:31:47.000000000 -0400
-+++ linux-2.6.32.44/net/ipv4/raw.c 2011-05-04 17:59:08.000000000 -0400
++++ linux-2.6.32.44/net/ipv4/raw.c 2011-08-14 11:46:51.000000000 -0400
@@ -292,7 +292,7 @@ static int raw_rcv_skb(struct sock * sk,
/* Charge it to the socket. */
@@ -72432,7 +72432,7 @@ diff -urNp linux-2.6.32.44/net/ipv4/raw.c linux-2.6.32.44/net/ipv4/raw.c
kfree_skb(skb);
return NET_RX_DROP;
}
-@@ -724,15 +724,22 @@ static int raw_init(struct sock *sk)
+@@ -724,16 +724,23 @@ static int raw_init(struct sock *sk)
static int raw_seticmpfilter(struct sock *sk, char __user *optval, int optlen)
{
@@ -72445,24 +72445,26 @@ diff -urNp linux-2.6.32.44/net/ipv4/raw.c linux-2.6.32.44/net/ipv4/raw.c
- if (copy_from_user(&raw_sk(sk)->filter, optval, optlen))
+ if (copy_from_user(&filter, optval, optlen))
return -EFAULT;
-+ memcpy(&raw_sk(sk)->filter, &filter, optlen);
++ raw_sk(sk)->filter = filter;
+
return 0;
}
static int raw_geticmpfilter(struct sock *sk, char __user *optval, int __user *optlen)
{
-+ struct icmp_filter filter;
int len, ret = -EFAULT;
++ struct icmp_filter filter;
if (get_user(len, optlen))
+ goto out;
@@ -743,8 +750,9 @@ static int raw_geticmpfilter(struct sock
if (len > sizeof(struct icmp_filter))
len = sizeof(struct icmp_filter);
ret = -EFAULT;
-+ memcpy(&filter, &raw_sk(sk)->filter, len);
- if (put_user(len, optlen) ||
+- if (put_user(len, optlen) ||
- copy_to_user(optval, &raw_sk(sk)->filter, len))
++ filter = raw_sk(sk)->filter;
++ if (put_user(len, optlen) || len > sizeof filter ||
+ copy_to_user(optval, &filter, len))
goto out;
ret = 0;
@@ -72942,7 +72944,7 @@ diff -urNp linux-2.6.32.44/net/ipv6/netfilter/ip6_tables.c linux-2.6.32.44/net/i
sizeof(info.hook_entry));
diff -urNp linux-2.6.32.44/net/ipv6/raw.c linux-2.6.32.44/net/ipv6/raw.c
--- linux-2.6.32.44/net/ipv6/raw.c 2011-03-27 14:31:47.000000000 -0400
-+++ linux-2.6.32.44/net/ipv6/raw.c 2011-05-16 21:46:57.000000000 -0400
++++ linux-2.6.32.44/net/ipv6/raw.c 2011-08-14 11:48:20.000000000 -0400
@@ -375,14 +375,14 @@ static inline int rawv6_rcv_skb(struct s
{
if ((raw6_sk(sk)->checksum || sk->sk_filter) &&
@@ -73020,25 +73022,25 @@ diff -urNp linux-2.6.32.44/net/ipv6/raw.c linux-2.6.32.44/net/ipv6/raw.c
- if (copy_from_user(&raw6_sk(sk)->filter, optval, optlen))
+ if (copy_from_user(&filter, optval, optlen))
return -EFAULT;
-+ memcpy(&raw6_sk(sk)->filter, &filter, optlen);
++ raw6_sk(sk)->filter = filter;
return 0;
default:
return -ENOPROTOOPT;
-@@ -933,6 +940,7 @@ static int rawv6_seticmpfilter(struct so
- static int rawv6_geticmpfilter(struct sock *sk, int level, int optname,
+@@ -934,6 +941,7 @@ static int rawv6_geticmpfilter(struct so
char __user *optval, int __user *optlen)
{
-+ struct icmp6_filter filter;
int len;
++ struct icmp6_filter filter;
switch (optname) {
+ case ICMPV6_FILTER:
@@ -945,7 +953,8 @@ static int rawv6_geticmpfilter(struct so
len = sizeof(struct icmp6_filter);
if (put_user(len, optlen))
return -EFAULT;
- if (copy_to_user(optval, &raw6_sk(sk)->filter, len))
-+ memcpy(&filter, &raw6_sk(sk)->filter, len);
-+ if (copy_to_user(optval, &filter, len))
++ filter = raw6_sk(sk)->filter;
++ if (len > sizeof filter || copy_to_user(optval, &filter, len))
return -EFAULT;
return 0;
default:
diff --git a/2.6.39/0000_README b/2.6.39/0000_README
index 3d8bf57..0dac428 100644
--- a/2.6.39/0000_README
+++ b/2.6.39/0000_README
@@ -3,7 +3,7 @@ README
Individual Patch Descriptions:
-----------------------------------------------------------------------------
-Patch: 4420_grsecurity-2.2.2-2.6.39.4-201108132040.patch
+Patch: 4420_grsecurity-2.2.2-2.6.39.4-201108141242.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/2.6.39/4420_grsecurity-2.2.2-2.6.39.4-201108132040.patch b/2.6.39/4420_grsecurity-2.2.2-2.6.39.4-201108141242.patch
index 85fe52d..8d522f2 100644
--- a/2.6.39/4420_grsecurity-2.2.2-2.6.39.4-201108132040.patch
+++ b/2.6.39/4420_grsecurity-2.2.2-2.6.39.4-201108141242.patch
@@ -21239,6 +21239,7 @@ diff -urNp linux-2.6.39.4/arch/x86/power/cpu.c linux-2.6.39.4/arch/x86/power/cpu
syscall_init(); /* This sets MSR_*STAR and related */
#endif
+Binary files linux-2.6.39.4/arch/x86/tools/test_get_len and linux-2.6.39.4/arch/x86/tools/test_get_len differ
diff -urNp linux-2.6.39.4/arch/x86/vdso/Makefile linux-2.6.39.4/arch/x86/vdso/Makefile
--- linux-2.6.39.4/arch/x86/vdso/Makefile 2011-05-19 00:06:34.000000000 -0400
+++ linux-2.6.39.4/arch/x86/vdso/Makefile 2011-08-05 19:44:35.000000000 -0400
@@ -31979,6 +31980,30 @@ diff -urNp linux-2.6.39.4/drivers/spi/spi.c linux-2.6.39.4/drivers/spi/spi.c
static u8 *buf;
+diff -urNp linux-2.6.39.4/drivers/staging/ath6kl/os/linux/ar6000_drv.c linux-2.6.39.4/drivers/staging/ath6kl/os/linux/ar6000_drv.c
+--- linux-2.6.39.4/drivers/staging/ath6kl/os/linux/ar6000_drv.c 2011-05-19 00:06:34.000000000 -0400
++++ linux-2.6.39.4/drivers/staging/ath6kl/os/linux/ar6000_drv.c 2011-08-14 12:12:59.000000000 -0400
+@@ -384,7 +384,7 @@ static struct ar_cookie s_ar_cookie_mem[
+ (((ar)->arTargetType == TARGET_TYPE_AR6003) ? AR6003_HOST_INTEREST_ITEM_ADDRESS(item) : 0))
+
+
+-static struct net_device_ops ar6000_netdev_ops = {
++static net_device_ops_no_const ar6000_netdev_ops = {
+ .ndo_init = NULL,
+ .ndo_open = ar6000_open,
+ .ndo_stop = ar6000_close,
+diff -urNp linux-2.6.39.4/drivers/staging/ath6kl/os/linux/include/ar6k_pal.h linux-2.6.39.4/drivers/staging/ath6kl/os/linux/include/ar6k_pal.h
+--- linux-2.6.39.4/drivers/staging/ath6kl/os/linux/include/ar6k_pal.h 2011-05-19 00:06:34.000000000 -0400
++++ linux-2.6.39.4/drivers/staging/ath6kl/os/linux/include/ar6k_pal.h 2011-08-14 09:32:05.000000000 -0400
+@@ -30,7 +30,7 @@ typedef bool (*ar6k_pal_recv_pkt_t)(void
+ typedef struct ar6k_pal_config_s
+ {
+ ar6k_pal_recv_pkt_t fpar6k_pal_recv_pkt;
+-}ar6k_pal_config_t;
++} __no_const ar6k_pal_config_t;
+
+ void register_pal_cb(ar6k_pal_config_t *palConfig_p);
+ #endif /* _AR6K_PAL_H_ */
diff -urNp linux-2.6.39.4/drivers/staging/brcm80211/brcmfmac/dhd_linux.c linux-2.6.39.4/drivers/staging/brcm80211/brcmfmac/dhd_linux.c
--- linux-2.6.39.4/drivers/staging/brcm80211/brcmfmac/dhd_linux.c 2011-05-19 00:06:34.000000000 -0400
+++ linux-2.6.39.4/drivers/staging/brcm80211/brcmfmac/dhd_linux.c 2011-08-05 20:34:06.000000000 -0400
@@ -32074,6 +32099,22 @@ diff -urNp linux-2.6.39.4/drivers/staging/et131x/et131x_adapter.h linux-2.6.39.4
u32 norcvbuf; /* # Rx packets discarded */
u32 noxmtbuf; /* # Tx packets discarded */
+diff -urNp linux-2.6.39.4/drivers/staging/gma500/psb_ttm_glue.c linux-2.6.39.4/drivers/staging/gma500/psb_ttm_glue.c
+--- linux-2.6.39.4/drivers/staging/gma500/psb_ttm_glue.c 2011-05-19 00:06:34.000000000 -0400
++++ linux-2.6.39.4/drivers/staging/gma500/psb_ttm_glue.c 2011-08-14 12:25:25.000000000 -0400
+@@ -230,8 +230,10 @@ int psb_mmap(struct file *filp, struct v
+ if (unlikely(dev_priv->ttm_vm_ops == NULL)) {
+ dev_priv->ttm_vm_ops = (struct vm_operations_struct *)
+ vma->vm_ops;
+- psb_ttm_vm_ops = *vma->vm_ops;
+- psb_ttm_vm_ops.fault = &psb_ttm_fault;
++ pax_open_kernel();
++ memcpy((void *)&psb_ttm_vm_ops, vma->vm_ops, sizeof(psb_ttm_vm_ops));
++ *(void **)&psb_ttm_vm_ops.fault = &psb_ttm_fault;
++ pax_close_kernel();
+ }
+
+ vma->vm_ops = &psb_ttm_vm_ops;
diff -urNp linux-2.6.39.4/drivers/staging/hv/channel.c linux-2.6.39.4/drivers/staging/hv/channel.c
--- linux-2.6.39.4/drivers/staging/hv/channel.c 2011-05-19 00:06:34.000000000 -0400
+++ linux-2.6.39.4/drivers/staging/hv/channel.c 2011-08-05 19:44:37.000000000 -0400
@@ -32326,6 +32367,18 @@ diff -urNp linux-2.6.39.4/drivers/staging/rtl8712/rtl871x_io.h linux-2.6.39.4/dr
struct io_req {
struct list_head list;
+diff -urNp linux-2.6.39.4/drivers/staging/sbe-2t3e3/netdev.c linux-2.6.39.4/drivers/staging/sbe-2t3e3/netdev.c
+--- linux-2.6.39.4/drivers/staging/sbe-2t3e3/netdev.c 2011-05-19 00:06:34.000000000 -0400
++++ linux-2.6.39.4/drivers/staging/sbe-2t3e3/netdev.c 2011-08-14 12:29:10.000000000 -0400
+@@ -51,7 +51,7 @@ int t3e3_ioctl(struct net_device *dev, s
+ t3e3_if_config(sc, cmd_2t3e3, (char *)&param, &resp, &rlen);
+
+ if (rlen)
+- if (copy_to_user(data, &resp, rlen))
++ if (rlen > sizeof resp || copy_to_user(data, &resp, rlen))
+ return -EFAULT;
+
+ return 0;
diff -urNp linux-2.6.39.4/drivers/staging/tty/istallion.c linux-2.6.39.4/drivers/staging/tty/istallion.c
--- linux-2.6.39.4/drivers/staging/tty/istallion.c 2011-05-19 00:06:34.000000000 -0400
+++ linux-2.6.39.4/drivers/staging/tty/istallion.c 2011-08-05 19:44:37.000000000 -0400
@@ -39060,6 +39113,19 @@ diff -urNp linux-2.6.39.4/fs/nfsd/vfs.c linux-2.6.39.4/fs/nfsd/vfs.c
set_fs(oldfs);
if (host_err < 0)
+diff -urNp linux-2.6.39.4/fs/notify/fanotify/fanotify_user.c linux-2.6.39.4/fs/notify/fanotify/fanotify_user.c
+--- linux-2.6.39.4/fs/notify/fanotify/fanotify_user.c 2011-05-19 00:06:34.000000000 -0400
++++ linux-2.6.39.4/fs/notify/fanotify/fanotify_user.c 2011-08-14 11:28:46.000000000 -0400
+@@ -276,7 +276,8 @@ static ssize_t copy_event_to_user(struct
+ goto out_close_fd;
+
+ ret = -EFAULT;
+- if (copy_to_user(buf, &fanotify_event_metadata,
++ if (fanotify_event_metadata.event_len > sizeof fanotify_event_metadata ||
++ copy_to_user(buf, &fanotify_event_metadata,
+ fanotify_event_metadata.event_len))
+ goto out_kill_access_response;
+
diff -urNp linux-2.6.39.4/fs/notify/notification.c linux-2.6.39.4/fs/notify/notification.c
--- linux-2.6.39.4/fs/notify/notification.c 2011-05-19 00:06:34.000000000 -0400
+++ linux-2.6.39.4/fs/notify/notification.c 2011-08-05 19:44:37.000000000 -0400
@@ -65813,7 +65879,7 @@ diff -urNp linux-2.6.39.4/net/ipv4/netfilter/nf_nat_snmp_basic.c linux-2.6.39.4/
pr_notice("OOM in bsalg (%d)\n", __LINE__);
diff -urNp linux-2.6.39.4/net/ipv4/raw.c linux-2.6.39.4/net/ipv4/raw.c
--- linux-2.6.39.4/net/ipv4/raw.c 2011-05-19 00:06:34.000000000 -0400
-+++ linux-2.6.39.4/net/ipv4/raw.c 2011-08-05 19:44:37.000000000 -0400
++++ linux-2.6.39.4/net/ipv4/raw.c 2011-08-14 11:22:59.000000000 -0400
@@ -302,7 +302,7 @@ static int raw_rcv_skb(struct sock * sk,
int raw_rcv(struct sock *sk, struct sk_buff *skb)
{
@@ -65823,7 +65889,7 @@ diff -urNp linux-2.6.39.4/net/ipv4/raw.c linux-2.6.39.4/net/ipv4/raw.c
kfree_skb(skb);
return NET_RX_DROP;
}
-@@ -730,15 +730,19 @@ static int raw_init(struct sock *sk)
+@@ -730,16 +730,20 @@ static int raw_init(struct sock *sk)
static int raw_seticmpfilter(struct sock *sk, char __user *optval, int optlen)
{
@@ -65834,23 +65900,25 @@ diff -urNp linux-2.6.39.4/net/ipv4/raw.c linux-2.6.39.4/net/ipv4/raw.c
- if (copy_from_user(&raw_sk(sk)->filter, optval, optlen))
+ if (copy_from_user(&filter, optval, optlen))
return -EFAULT;
-+ memcpy(&raw_sk(sk)->filter, &filter, sizeof(filter));
++ raw_sk(sk)->filter = filter;
return 0;
}
static int raw_geticmpfilter(struct sock *sk, char __user *optval, int __user *optlen)
{
-+ struct icmp_filter filter;
int len, ret = -EFAULT;
++ struct icmp_filter filter;
if (get_user(len, optlen))
+ goto out;
@@ -749,8 +753,9 @@ static int raw_geticmpfilter(struct sock
if (len > sizeof(struct icmp_filter))
len = sizeof(struct icmp_filter);
ret = -EFAULT;
-+ memcpy(&filter, &raw_sk(sk)->filter, len);
- if (put_user(len, optlen) ||
+- if (put_user(len, optlen) ||
- copy_to_user(optval, &raw_sk(sk)->filter, len))
++ filter = raw_sk(sk)->filter;
++ if (put_user(len, optlen) || len > sizeof filter ||
+ copy_to_user(optval, &filter, len))
goto out;
ret = 0;
@@ -66255,7 +66323,7 @@ diff -urNp linux-2.6.39.4/net/ipv6/ipv6_sockglue.c linux-2.6.39.4/net/ipv6/ipv6_
diff -urNp linux-2.6.39.4/net/ipv6/raw.c linux-2.6.39.4/net/ipv6/raw.c
--- linux-2.6.39.4/net/ipv6/raw.c 2011-05-19 00:06:34.000000000 -0400
-+++ linux-2.6.39.4/net/ipv6/raw.c 2011-08-05 19:44:37.000000000 -0400
++++ linux-2.6.39.4/net/ipv6/raw.c 2011-08-14 11:25:44.000000000 -0400
@@ -376,7 +376,7 @@ static inline int rawv6_rcv_skb(struct s
{
if ((raw6_sk(sk)->checksum || rcu_dereference_raw(sk->sk_filter)) &&
@@ -66314,25 +66382,25 @@ diff -urNp linux-2.6.39.4/net/ipv6/raw.c linux-2.6.39.4/net/ipv6/raw.c
- if (copy_from_user(&raw6_sk(sk)->filter, optval, optlen))
+ if (copy_from_user(&filter, optval, optlen))
return -EFAULT;
-+ memcpy(&raw6_sk(sk)->filter, &filter, optlen);
++ raw6_sk(sk)->filter = filter;
return 0;
default:
return -ENOPROTOOPT;
-@@ -926,6 +931,7 @@ static int rawv6_seticmpfilter(struct so
- static int rawv6_geticmpfilter(struct sock *sk, int level, int optname,
+@@ -927,6 +932,7 @@ static int rawv6_geticmpfilter(struct so
char __user *optval, int __user *optlen)
{
-+ struct icmp6_filter filter;
int len;
++ struct icmp6_filter filter;
switch (optname) {
+ case ICMPV6_FILTER:
@@ -938,7 +944,8 @@ static int rawv6_geticmpfilter(struct so
len = sizeof(struct icmp6_filter);
if (put_user(len, optlen))
return -EFAULT;
- if (copy_to_user(optval, &raw6_sk(sk)->filter, len))
-+ memcpy(&filter, &raw6_sk(sk)->filter, len);
-+ if (copy_to_user(optval, &filter, len))
++ filter = raw6_sk(sk)->filter;
++ if (len > sizeof filter || copy_to_user(optval, &filter, len))
return -EFAULT;
return 0;
default: