- local kernel DoS CAN-2004-1016

author: Ned Ludd <solar@gentoo.org> 2004-12-15 06:59:46 +0000
committer: Ned Ludd <solar@gentoo.org> 2004-12-15 06:59:46 +0000
commit: dfdccf179218745402a44b0f0857a968dcd01188 (patch)
tree: 374260d74b2be9cee5d0aec93764b376ec2e0a03 /sys-kernel/grsec-sources
parent: stable on ppc gsla: 74303 (Manifest recommit) (diff)
download: gentoo-2-dfdccf179218745402a44b0f0857a968dcd01188.tar.gz
gentoo-2-dfdccf179218745402a44b0f0857a968dcd01188.tar.bz2
gentoo-2-dfdccf179218745402a44b0f0857a968dcd01188.zip
7 files changed, 90 insertions, 70 deletions
diff --git a/sys-kernel/grsec-sources/ChangeLog b/sys-kernel/grsec-sources/ChangeLog
index 9e41d9d00e08..0bc594da810a 100644
--- a/sys-kernel/grsec-sources/ChangeLog
+++ b/sys-kernel/grsec-sources/ChangeLog
@@ -1,6 +1,13 @@
 # ChangeLog for sys-kernel/grsec-sources
 # Copyright 2000-2004 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sys-kernel/grsec-sources/ChangeLog,v 1.38 2004/12/13 17:36:09 solar Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-kernel/grsec-sources/ChangeLog,v 1.39 2004/12/15 06:59:46 solar Exp $
+
+*grsec-sources-2.4.28.2.0.2-r2 (15 Dec 2004)
+
+  15 Dec 2004; <solar@gentoo.org> +files/CAN-2004-1016.patch,
+  -grsec-sources-2.4.27.2.0.1-r4.ebuild,
+  +grsec-sources-2.4.28.2.0.2-r2.ebuild, -grsec-sources-2.4.28.2.0.2.ebuild:
+  - local kernel DoS CAN-2004-1016
 
 *grsec-sources-2.4.28.2.0.2-r1 (13 Dec 2004)
 
diff --git a/sys-kernel/grsec-sources/Manifest b/sys-kernel/grsec-sources/Manifest
index 1cd1a6c25ba4..221c3470b0ee 100644
--- a/sys-kernel/grsec-sources/Manifest
+++ b/sys-kernel/grsec-sources/Manifest
@@ -1,24 +1,11 @@
------BEGIN PGP SIGNED MESSAGE-----
-Hash: SHA1
-
 MD5 cd30257dfb2bafb1560f0ce3b2b68cbf grsec-sources-2.4.28.2.0.2-r1.ebuild 1253
-MD5 17008d2d71faef9a97b8a2ce86f455ef grsec-sources-2.4.27.2.0.1-r4.ebuild 1738
-MD5 7b224fc44044267d7d658337926ef322 grsec-sources-2.4.28.2.0.2.ebuild 1202
+MD5 e7f167901168e2329f2a69fdd012b3a4 grsec-sources-2.4.28.2.0.2-r2.ebuild 1281
 MD5 a78dc3d996298501c32772e017ba18b2 ChangeLog 8435
 MD5 0b2ea9b53b5d526e39afbdc5040ff07a metadata.xml 487
 MD5 3dac23b6e285462a7cda41505cc698e1 files/2.4.26-CAN-2004-0394.patch 319
-MD5 f0aff4d717032ce77283fe63d6df94ec files/digest-grsec-sources-2.4.27.2.0.1-r4 462
 MD5 b293289df61d6f42ff54e4e0ceae53cf files/2.4.24-x86.config 2397
-MD5 c829ff92477a5a9e4fcbc370303217f8 files/digest-grsec-sources-2.4.28.2.0.2 144
 MD5 4a0215139f9aebfe2cc2747743763f08 files/2.4.28-binfmt_a.out.patch 1887
 MD5 c829ff92477a5a9e4fcbc370303217f8 files/digest-grsec-sources-2.4.28.2.0.2-r1 144
+MD5 c829ff92477a5a9e4fcbc370303217f8 files/digest-grsec-sources-2.4.28.2.0.2-r2 144
+MD5 6aa8f7a7c2d55734389b53d3bcf78570 files/CAN-2004-1016.patch 2835
 MD5 d1ccc2047be533c992f67270a150a210 files/2.4.27-cmdline-race.patch 388
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v1.2.4 (GNU/Linux)
-
-iQCVAwUBQb3S454WFLgrx1GWAQKGdQP/SgFTIMWcUJbFzOIwxhwg0J7iom4l5U3g
-0Yw2VusoMebFa3+fWn4pnXAhFfMdeQ+YVSMBzpOBNJHNNHzJfxAJyxAeA9m0Hu2X
-uJY24HWzT5X7FxneIBuvS0ccOirpNyT7z5aIB1r7DDapyqxgFES3gJ+BY0ImxUZm
-NMTPCI03vlE=
-=bDQL
------END PGP SIGNATURE-----
diff --git a/sys-kernel/grsec-sources/files/CAN-2004-1016.patch b/sys-kernel/grsec-sources/files/CAN-2004-1016.patch
new file mode 100644
index 000000000000..aa25ac95ed61
--- /dev/null
+++ b/sys-kernel/grsec-sources/files/CAN-2004-1016.patch
@@ -0,0 +1,75 @@
+===== include/linux/socket.h 1.12 vs edited =====
+--- 1.12/include/linux/socket.h	2004-09-09 06:40:01 +10:00
++++ edited/include/linux/socket.h	2004-11-27 11:53:40 +11:00
+@@ -90,6 +90,10 @@
+ 				  (struct cmsghdr *)(ctl) : \
+ 				  (struct cmsghdr *)NULL)
+ #define CMSG_FIRSTHDR(msg)	__CMSG_FIRSTHDR((msg)->msg_control, (msg)->msg_controllen)
++#define CMSG_OK(mhdr, cmsg) ((cmsg)->cmsg_len >= sizeof(struct cmsghdr) && \
++			     (cmsg)->cmsg_len <= (unsigned long) \
++			     ((mhdr)->msg_controllen - \
++			      ((char *)(cmsg) - (char *)(mhdr)->msg_control)))
+ 
+ /*
+  *	This mess will go away with glibc
+===== net/core/scm.c 1.10 vs edited =====
+--- 1.10/net/core/scm.c	2004-05-31 05:08:14 +10:00
++++ edited/net/core/scm.c	2004-11-27 11:48:55 +11:00
+@@ -127,9 +127,7 @@
+ 		   for too short ancillary data object at all! Oops.
+ 		   OK, let's add it...
+ 		 */
+-		if (cmsg->cmsg_len < sizeof(struct cmsghdr) ||
+-		    (unsigned long)(((char*)cmsg - (char*)msg->msg_control)
+-				    + cmsg->cmsg_len) > msg->msg_controllen)
++		if (!CMSG_OK(msg, cmsg))
+ 			goto error;
+ 
+ 		if (cmsg->cmsg_level != SOL_SOCKET)
+===== net/ipv4/ip_sockglue.c 1.26 vs edited =====
+--- 1.26/net/ipv4/ip_sockglue.c	2004-07-01 06:10:53 +10:00
++++ edited/net/ipv4/ip_sockglue.c	2004-11-27 11:49:45 +11:00
+@@ -146,11 +146,8 @@
+ 	struct cmsghdr *cmsg;
+ 
+ 	for (cmsg = CMSG_FIRSTHDR(msg); cmsg; cmsg = CMSG_NXTHDR(msg, cmsg)) {
+-		if (cmsg->cmsg_len < sizeof(struct cmsghdr) ||
+-		    (unsigned long)(((char*)cmsg - (char*)msg->msg_control)
+-				    + cmsg->cmsg_len) > msg->msg_controllen) {
++		if (!CMSG_OK(msg, cmsg))
+ 			return -EINVAL;
+-		}
+ 		if (cmsg->cmsg_level != SOL_IP)
+ 			continue;
+ 		switch (cmsg->cmsg_type) {
+===== net/ipv6/datagram.c 1.20 vs edited =====
+--- 1.20/net/ipv6/datagram.c	2004-11-10 17:57:03 +11:00
++++ edited/net/ipv6/datagram.c	2004-11-27 11:51:15 +11:00
+@@ -427,9 +427,7 @@
+ 		int addr_type;
+ 		struct net_device *dev = NULL;
+ 
+-		if (cmsg->cmsg_len < sizeof(struct cmsghdr) ||
+-		    (unsigned long)(((char*)cmsg - (char*)msg->msg_control)
+-				    + cmsg->cmsg_len) > msg->msg_controllen) {
++		if (!CMSG_OK(msg, cmsg)) {
+ 			err = -EINVAL;
+ 			goto exit_f;
+ 		}
+===== net/sctp/socket.c 1.129 vs edited =====
+--- 1.129/net/sctp/socket.c	2004-11-19 08:43:18 +11:00
++++ edited/net/sctp/socket.c	2004-11-27 11:52:11 +11:00
+@@ -4098,12 +4098,8 @@
+ 	for (cmsg = CMSG_FIRSTHDR(msg);
+ 	     cmsg != NULL;
+ 	     cmsg = CMSG_NXTHDR((struct msghdr*)msg, cmsg)) {
+-		/* Check for minimum length.  The SCM code has this check.  */
+-		if (cmsg->cmsg_len < sizeof(struct cmsghdr) ||
+-		    (unsigned long)(((char*)cmsg - (char*)msg->msg_control)
+-				    + cmsg->cmsg_len) > msg->msg_controllen) {
++		if (!CMSG_OK(msg, cmsg))
+ 			return -EINVAL;
+-		}
+ 
+ 		/* Should we parse this header or ignore?  */
+ 		if (cmsg->cmsg_level != IPPROTO_SCTP)
diff --git a/sys-kernel/grsec-sources/files/digest-grsec-sources-2.4.27.2.0.1-r4 b/sys-kernel/grsec-sources/files/digest-grsec-sources-2.4.27.2.0.1-r4
deleted file mode 100644
index 353977b14eda..000000000000
--- a/sys-kernel/grsec-sources/files/digest-grsec-sources-2.4.27.2.0.1-r4
+++ /dev/null
@@ -1,6 +0,0 @@
-MD5 3431156a47f26a1306f69de009941c63 grsecurity-2.0.1-2.4.27.patch 638046
-MD5 59a2e6fde1d110e2ffa20351ac8b4d9e linux-2.4.27.tar.bz2 30898453
-MD5 5bbbb2201b338ebb74f0bf650b639475 linux-2.4.27-nfs3-xdr.patch.bz2 746
-MD5 22860b67a043f4f2d601eab21fb3cfaf grsec-sources-2.4.27-CAN-2004-0814.patch.bz2 18441
-MD5 279f3ba328612167cc8ceb732f1358b1 grsec-sources-2.4.27-binfmt_elf.patch.bz2 1094
-MD5 db88c7886aa8870f20c3498df013ee2b linux-2.4.27-binfmt_aout.patch.bz2 903
diff --git a/sys-kernel/grsec-sources/files/digest-grsec-sources-2.4.28.2.0.2 b/sys-kernel/grsec-sources/files/digest-grsec-sources-2.4.28.2.0.2-r2
index 04b30398565d..04b30398565d 100644
--- a/sys-kernel/grsec-sources/files/digest-grsec-sources-2.4.28.2.0.2
+++ b/sys-kernel/grsec-sources/files/digest-grsec-sources-2.4.28.2.0.2-r2
diff --git a/sys-kernel/grsec-sources/grsec-sources-2.4.27.2.0.1-r4.ebuild b/sys-kernel/grsec-sources/grsec-sources-2.4.27.2.0.1-r4.ebuild
deleted file mode 100644
index 56c3f1d2279b..000000000000
--- a/sys-kernel/grsec-sources/grsec-sources-2.4.27.2.0.1-r4.ebuild
+++ /dev/null
@@ -1,45 +0,0 @@
-# Copyright 1999-2004 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sys-kernel/grsec-sources/grsec-sources-2.4.27.2.0.1-r4.ebuild,v 1.2 2004/11/26 17:10:45 dsd Exp $
-
-ETYPE="sources"
-UNIPATCH_STRICTORDER="yes"
-inherit kernel-2
-detect_version
-
-OKV="${KV_MAJOR}.${KV_MINOR}.${KV_PATCH/.*/}"
-PATCH_BASE="${PV/${OKV}./}"
-PATCH_BASE="${PATCH_BASE/_/-}"
-EXTRAVERSION="-grsec-${PATCH_BASE}"
-KV_FULL="${OKV}${EXTRAVERSION}"
-
-PATCH_SRC_BASE="grsecurity-${PATCH_BASE}-${OKV}.patch"
-DESCRIPTION="Vanilla sources of the linux kernel with the grsecurity ${PATCH_BASE} patch"
-CAN_PATCHES=" \
-	mirror://gentoo/linux-2.4.27-nfs3-xdr.patch.bz2 \
-	mirror://gentoo/grsec-sources-2.4.27-CAN-2004-0814.patch.bz2 \
-	mirror://gentoo/grsec-sources-2.4.27-binfmt_elf.patch.bz2
-	mirror://gentoo/linux-2.4.27-binfmt_aout.patch.bz2"
-SRC_URI="http://grsecurity.net/grsecurity-${PATCH_BASE}-${OKV}.patch \
-	http://www.kernel.org/pub/linux/kernel/v2.4/linux-${OKV}.tar.bz2 ${CAN_PATCHES}"
-
-HOMEPAGE="http://www.kernel.org/ http://www.grsecurity.net"
-KEYWORDS="x86 sparc ppc alpha amd64 -hppa"
-RESTRICT="buildpkg"
-IUSE=""
-
-UNIPATCH_LIST="${DISTDIR}/${PATCH_SRC_BASE}
-	${FILESDIR}/2.4.26-CAN-2004-0394.patch
-	${FILESDIR}/2.4.27-cmdline-race.patch
-	${DISTDIR}/linux-2.4.27-nfs3-xdr.patch.bz2
-	${DISTDIR}/grsec-sources-2.4.27-CAN-2004-0814.patch.bz2
-	${DISTDIR}/grsec-sources-2.4.27-binfmt_elf.patch.bz2
-	${DISTDIR}/linux-2.4.27-binfmt_aout.patch.bz2"
-
-src_unpack() {
-	kernel-2_src_unpack
-
-	# users are often confused by what settings should be set.
-	# so we provide an  example of what a P4 desktop would look like.
-	cp ${FILESDIR}/2.4.24-x86.config gentoo-grsec-custom-example-2.4.2x-x86.config
-}
diff --git a/sys-kernel/grsec-sources/grsec-sources-2.4.28.2.0.2.ebuild b/sys-kernel/grsec-sources/grsec-sources-2.4.28.2.0.2-r2.ebuild
index ce38a2127580..6ff9b2e06ac0 100644
--- a/sys-kernel/grsec-sources/grsec-sources-2.4.28.2.0.2.ebuild
+++ b/sys-kernel/grsec-sources/grsec-sources-2.4.28.2.0.2-r2.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2004 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sys-kernel/grsec-sources/grsec-sources-2.4.28.2.0.2.ebuild,v 1.3 2004/11/26 17:14:49 dsd Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-kernel/grsec-sources/grsec-sources-2.4.28.2.0.2-r2.ebuild,v 1.1 2004/12/15 06:59:46 solar Exp $
 
 ETYPE="sources"
 UNIPATCH_STRICTORDER="yes"
@@ -23,7 +23,9 @@ KEYWORDS="x86 sparc ppc alpha amd64 -hppa"
 RESTRICT="buildpkg"
 IUSE=""
 
-UNIPATCH_LIST="${DISTDIR}/${PATCH_SRC_BASE}"
+UNIPATCH_LIST="${DISTDIR}/${PATCH_SRC_BASE} \
+	${FILESDIR}/2.4.28-binfmt_a.out.patch
+	${FILESDIR}/CAN-2004-1016.patch"
 
 src_unpack() {
 	kernel-2_src_unpack
author	Ned Ludd <solar@gentoo.org>	2004-12-15 06:59:46 +0000
committer	Ned Ludd <solar@gentoo.org>	2004-12-15 06:59:46 +0000
commit	dfdccf179218745402a44b0f0857a968dcd01188 (patch)
tree	374260d74b2be9cee5d0aec93764b376ec2e0a03 /sys-kernel/grsec-sources
parent	stable on ppc gsla: 74303 (Manifest recommit) (diff)
download	gentoo-2-dfdccf179218745402a44b0f0857a968dcd01188.tar.gz gentoo-2-dfdccf179218745402a44b0f0857a968dcd01188.tar.bz2 gentoo-2-dfdccf179218745402a44b0f0857a968dcd01188.zip