diff options
Diffstat (limited to 'main/linux-grsec')
-rw-r--r-- | main/linux-grsec/0021-xfrm-do-not-assume-that-template-resolving-always-returns-xfrms.patch | 66 | ||||
-rw-r--r-- | main/linux-grsec/APKBUILD | 4 |
2 files changed, 69 insertions, 1 deletions
diff --git a/main/linux-grsec/0021-xfrm-do-not-assume-that-template-resolving-always-returns-xfrms.patch b/main/linux-grsec/0021-xfrm-do-not-assume-that-template-resolving-always-returns-xfrms.patch new file mode 100644 index 0000000000..bc660dd5cc --- /dev/null +++ b/main/linux-grsec/0021-xfrm-do-not-assume-that-template-resolving-always-returns-xfrms.patch @@ -0,0 +1,66 @@ +From d809ec895505e6f35fb1965f0946381ab4eaa474 Mon Sep 17 00:00:00 2001 +From: =?utf8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi> +Date: Mon, 12 Jul 2010 21:29:42 +0000 +Subject: [PATCH] xfrm: do not assume that template resolving always returns xfrms +MIME-Version: 1.0 +Content-Type: text/plain; charset=utf8 +Content-Transfer-Encoding: 8bit + +xfrm_resolve_and_create_bundle() assumed that, if policies indicated +presence of xfrms, bundle template resolution would always return +some xfrms. This is not true for 'use' level policies which can +result in no xfrm's being applied if there is no suitable xfrm states. +This fixes a crash by this incorrect assumption. + +Reported-by: George Spelvin <linux@horizon.com> +Bisected-by: George Spelvin <linux@horizon.com> +Tested-by: George Spelvin <linux@horizon.com> +Signed-off-by: Timo Teräs <timo.teras@iki.fi> +Signed-off-by: David S. Miller <davem@davemloft.net> +--- + net/xfrm/xfrm_policy.c | 15 +++++++++++++-- + 1 files changed, 13 insertions(+), 2 deletions(-) + +diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c +index af1c173..a7ec5a8 100644 +--- a/net/xfrm/xfrm_policy.c ++++ b/net/xfrm/xfrm_policy.c +@@ -1594,8 +1594,8 @@ xfrm_resolve_and_create_bundle(struct xfrm_policy **pols, int num_pols, + + /* Try to instantiate a bundle */ + err = xfrm_tmpl_resolve(pols, num_pols, fl, xfrm, family); +- if (err < 0) { +- if (err != -EAGAIN) ++ if (err <= 0) { ++ if (err != 0 && err != -EAGAIN) + XFRM_INC_STATS(net, LINUX_MIB_XFRMOUTPOLERROR); + return ERR_PTR(err); + } +@@ -1678,6 +1678,13 @@ xfrm_bundle_lookup(struct net *net, struct flowi *fl, u16 family, u8 dir, + goto make_dummy_bundle; + dst_hold(&xdst->u.dst); + return oldflo; ++ } else if (new_xdst == NULL) { ++ num_xfrms = 0; ++ if (oldflo == NULL) ++ goto make_dummy_bundle; ++ xdst->num_xfrms = 0; ++ dst_hold(&xdst->u.dst); ++ return oldflo; + } + + /* Kill the previous bundle */ +@@ -1760,6 +1767,10 @@ restart: + xfrm_pols_put(pols, num_pols); + err = PTR_ERR(xdst); + goto dropdst; ++ } else if (xdst == NULL) { ++ num_xfrms = 0; ++ drop_pols = num_pols; ++ goto no_transform; + } + + spin_lock_bh(&xfrm_policy_sk_bundle_lock); +-- +1.7.1.1 + diff --git a/main/linux-grsec/APKBUILD b/main/linux-grsec/APKBUILD index 110551aef9..93137a7cd9 100644 --- a/main/linux-grsec/APKBUILD +++ b/main/linux-grsec/APKBUILD @@ -4,7 +4,7 @@ _flavor=grsec pkgname=linux-${_flavor} pkgver=2.6.32.16 _kernver=2.6.32 -pkgrel=1 +pkgrel=2 pkgdesc="Linux kernel with grsecurity" url=http://grsecurity.net depends="mkinitfs linux-firmware" @@ -32,6 +32,7 @@ source="ftp://ftp.kernel.org/pub/linux/kernel/v2.6/linux-$_kernver.tar.bz2 0018-xfrm-Fix-crashes-in-xfrm_lookup.patch 0019-ipv4-check-rt_genid-in-dst_check.patch 0020-xfrm-check-bundle-policy-existance-before-dereferencing-it.patch + 0021-xfrm-do-not-assume-that-template-resolving-always-returns-xfrms.patch xfrm-fix-policy-unreferencing-on-larval-drop.patch r8169-fix-random-mdio_write-failures.patch r8169-fix-mdio_read-and-update-mdio_write-according-to-hw-specs.patch @@ -166,6 +167,7 @@ c09b82b89a49ba2a3836a0bc3a3312f4 0015-xfrm-cache-bundles-instead-of-policies-fo 45a676c7a1759fec60b724d557b4e295 0018-xfrm-Fix-crashes-in-xfrm_lookup.patch 74e511f12854972db08d3fddc4df0f52 0019-ipv4-check-rt_genid-in-dst_check.patch edfac5844f91721d49a00a09b6ef258b 0020-xfrm-check-bundle-policy-existance-before-dereferencing-it.patch +b39bccb5a1124f5a3f2f209edb21aba5 0021-xfrm-do-not-assume-that-template-resolving-always-returns-xfrms.patch c7e606c11c05ff03012b21c3fe0ece47 xfrm-fix-policy-unreferencing-on-larval-drop.patch ce4a74190febe13713bab1b886dd5bee r8169-fix-random-mdio_write-failures.patch b41ee19f13498fb25992fd60cd1126d4 r8169-fix-mdio_read-and-update-mdio_write-according-to-hw-specs.patch |