aboutsummaryrefslogtreecommitdiffstats
path: root/main/linux-grsec
diff options
context:
space:
mode:
Diffstat (limited to 'main/linux-grsec')
-rw-r--r--main/linux-grsec/0021-xfrm-do-not-assume-that-template-resolving-always-returns-xfrms.patch66
-rw-r--r--main/linux-grsec/APKBUILD4
2 files changed, 69 insertions, 1 deletions
diff --git a/main/linux-grsec/0021-xfrm-do-not-assume-that-template-resolving-always-returns-xfrms.patch b/main/linux-grsec/0021-xfrm-do-not-assume-that-template-resolving-always-returns-xfrms.patch
new file mode 100644
index 0000000000..bc660dd5cc
--- /dev/null
+++ b/main/linux-grsec/0021-xfrm-do-not-assume-that-template-resolving-always-returns-xfrms.patch
@@ -0,0 +1,66 @@
+From d809ec895505e6f35fb1965f0946381ab4eaa474 Mon Sep 17 00:00:00 2001
+From: =?utf8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi>
+Date: Mon, 12 Jul 2010 21:29:42 +0000
+Subject: [PATCH] xfrm: do not assume that template resolving always returns xfrms
+MIME-Version: 1.0
+Content-Type: text/plain; charset=utf8
+Content-Transfer-Encoding: 8bit
+
+xfrm_resolve_and_create_bundle() assumed that, if policies indicated
+presence of xfrms, bundle template resolution would always return
+some xfrms. This is not true for 'use' level policies which can
+result in no xfrm's being applied if there is no suitable xfrm states.
+This fixes a crash by this incorrect assumption.
+
+Reported-by: George Spelvin <linux@horizon.com>
+Bisected-by: George Spelvin <linux@horizon.com>
+Tested-by: George Spelvin <linux@horizon.com>
+Signed-off-by: Timo Teräs <timo.teras@iki.fi>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+---
+ net/xfrm/xfrm_policy.c | 15 +++++++++++++--
+ 1 files changed, 13 insertions(+), 2 deletions(-)
+
+diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
+index af1c173..a7ec5a8 100644
+--- a/net/xfrm/xfrm_policy.c
++++ b/net/xfrm/xfrm_policy.c
+@@ -1594,8 +1594,8 @@ xfrm_resolve_and_create_bundle(struct xfrm_policy **pols, int num_pols,
+
+ /* Try to instantiate a bundle */
+ err = xfrm_tmpl_resolve(pols, num_pols, fl, xfrm, family);
+- if (err < 0) {
+- if (err != -EAGAIN)
++ if (err <= 0) {
++ if (err != 0 && err != -EAGAIN)
+ XFRM_INC_STATS(net, LINUX_MIB_XFRMOUTPOLERROR);
+ return ERR_PTR(err);
+ }
+@@ -1678,6 +1678,13 @@ xfrm_bundle_lookup(struct net *net, struct flowi *fl, u16 family, u8 dir,
+ goto make_dummy_bundle;
+ dst_hold(&xdst->u.dst);
+ return oldflo;
++ } else if (new_xdst == NULL) {
++ num_xfrms = 0;
++ if (oldflo == NULL)
++ goto make_dummy_bundle;
++ xdst->num_xfrms = 0;
++ dst_hold(&xdst->u.dst);
++ return oldflo;
+ }
+
+ /* Kill the previous bundle */
+@@ -1760,6 +1767,10 @@ restart:
+ xfrm_pols_put(pols, num_pols);
+ err = PTR_ERR(xdst);
+ goto dropdst;
++ } else if (xdst == NULL) {
++ num_xfrms = 0;
++ drop_pols = num_pols;
++ goto no_transform;
+ }
+
+ spin_lock_bh(&xfrm_policy_sk_bundle_lock);
+--
+1.7.1.1
+
diff --git a/main/linux-grsec/APKBUILD b/main/linux-grsec/APKBUILD
index 110551aef9..93137a7cd9 100644
--- a/main/linux-grsec/APKBUILD
+++ b/main/linux-grsec/APKBUILD
@@ -4,7 +4,7 @@ _flavor=grsec
pkgname=linux-${_flavor}
pkgver=2.6.32.16
_kernver=2.6.32
-pkgrel=1
+pkgrel=2
pkgdesc="Linux kernel with grsecurity"
url=http://grsecurity.net
depends="mkinitfs linux-firmware"
@@ -32,6 +32,7 @@ source="ftp://ftp.kernel.org/pub/linux/kernel/v2.6/linux-$_kernver.tar.bz2
0018-xfrm-Fix-crashes-in-xfrm_lookup.patch
0019-ipv4-check-rt_genid-in-dst_check.patch
0020-xfrm-check-bundle-policy-existance-before-dereferencing-it.patch
+ 0021-xfrm-do-not-assume-that-template-resolving-always-returns-xfrms.patch
xfrm-fix-policy-unreferencing-on-larval-drop.patch
r8169-fix-random-mdio_write-failures.patch
r8169-fix-mdio_read-and-update-mdio_write-according-to-hw-specs.patch
@@ -166,6 +167,7 @@ c09b82b89a49ba2a3836a0bc3a3312f4 0015-xfrm-cache-bundles-instead-of-policies-fo
45a676c7a1759fec60b724d557b4e295 0018-xfrm-Fix-crashes-in-xfrm_lookup.patch
74e511f12854972db08d3fddc4df0f52 0019-ipv4-check-rt_genid-in-dst_check.patch
edfac5844f91721d49a00a09b6ef258b 0020-xfrm-check-bundle-policy-existance-before-dereferencing-it.patch
+b39bccb5a1124f5a3f2f209edb21aba5 0021-xfrm-do-not-assume-that-template-resolving-always-returns-xfrms.patch
c7e606c11c05ff03012b21c3fe0ece47 xfrm-fix-policy-unreferencing-on-larval-drop.patch
ce4a74190febe13713bab1b886dd5bee r8169-fix-random-mdio_write-failures.patch
b41ee19f13498fb25992fd60cd1126d4 r8169-fix-mdio_read-and-update-mdio_write-according-to-hw-specs.patch