Adding SELinux fixes for the AF_UNIX patch; bug #72317. Also fixing security bug #73000.

5 files changed, 109 insertions, 2 deletions

diff --git a/sys-kernel/win4lin-sources/ChangeLog b/sys-kernel/win4lin-sources/ChangeLog
index 4b0b048b05f0..b2e78ccc17ed 100644
--- a/sys-kernel/win4lin-sources/ChangeLog
+++ b/sys-kernel/win4lin-sources/ChangeLog
@@ -1,6 +1,15 @@
 # ChangeLog for sys-kernel/win4lin-sources
 # Copyright 2002-2004 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sys-kernel/win4lin-sources/ChangeLog,v 1.45 2004/12/04 00:19:09 plasmaroo Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-kernel/win4lin-sources/ChangeLog,v 1.46 2004/12/19 20:27:50 plasmaroo Exp $
+
+*win4lin-sources-2.6.9-r4 (19 Dec 2004)
+
+  19 Dec 2004; <plasmaroo@gentoo.org> -win4lin-sources-2.6.9-r3.ebuild,
+  +win4lin-sources-2.6.9-r4.ebuild,
+  +files/win4lin-sources-2.6.9.AF_UNIX.SELinux.patch,
+  +files/win4lin-sources-2.6.9.CAN-2004-1151.patch:
+  Adding SELinux fixes for the AF_UNIX patch; bug #72317. Also fixing security
+  bug #73000.
 
 *win4lin-sources-2.6.9-r3 (04 Dec 2004)
 
diff --git a/sys-kernel/win4lin-sources/files/digest-win4lin-sources-2.6.9-r3 b/sys-kernel/win4lin-sources/files/digest-win4lin-sources-2.6.9-r4
index 12075686996a..12075686996a 100644
--- a/sys-kernel/win4lin-sources/files/digest-win4lin-sources-2.6.9-r3
+++ b/sys-kernel/win4lin-sources/files/digest-win4lin-sources-2.6.9-r4
diff --git a/sys-kernel/win4lin-sources/files/win4lin-sources-2.6.9.AF_UNIX.SELinux.patch b/sys-kernel/win4lin-sources/files/win4lin-sources-2.6.9.AF_UNIX.SELinux.patch
new file mode 100644
index 000000000000..dbb8b2329a28
--- /dev/null
+++ b/sys-kernel/win4lin-sources/files/win4lin-sources-2.6.9.AF_UNIX.SELinux.patch
@@ -0,0 +1,61 @@
+--- a/net/unix/af_unix.c	2004-10-18 22:54:37.000000000 +0100
++++ b/net/unix/af_unix.c	2004-12-19 18:33:12.000000000 +0000
+@@ -477,6 +477,8 @@
+ 			      struct msghdr *, size_t, int);
+ static int unix_dgram_connect(struct socket *, struct sockaddr *,
+ 			      int, int);
++static int unix_seqpacket_sendmsg(struct kiocb *, struct socket *,
++				  struct msghdr *, size_t);
+ 
+ static struct proto_ops unix_stream_ops = {
+ 	.family =	PF_UNIX,
+@@ -535,7 +537,7 @@
+ 	.shutdown =	unix_shutdown,
+ 	.setsockopt =	sock_no_setsockopt,
+ 	.getsockopt =	sock_no_getsockopt,
+-	.sendmsg =	unix_dgram_sendmsg,
++	.sendmsg =	unix_seqpacket_sendmsg,
+ 	.recvmsg =	unix_dgram_recvmsg,
+ 	.mmap =		sock_no_mmap,
+ 	.sendpage =	sock_no_sendpage,
+@@ -1365,9 +1367,11 @@
+ 	if (other->sk_shutdown & RCV_SHUTDOWN)
+ 		goto out_unlock;
+ 
+-	err = security_unix_may_send(sk->sk_socket, other->sk_socket);
+-	if (err)
+-		goto out_unlock;
++	if (sk->sk_type != SOCK_SEQPACKET) {
++		err = security_unix_may_send(sk->sk_socket, other->sk_socket);
++		if (err)
++			goto out_unlock;
++	}
+ 
+ 	if (unix_peer(other) != sk &&
+ 	    (skb_queue_len(&other->sk_receive_queue) >
+@@ -1517,6 +1521,25 @@
+ 	return sent ? : err;
+ }
+ 
++static int unix_seqpacket_sendmsg(struct kiocb *kiocb, struct socket *sock,
++				  struct msghdr *msg, size_t len)
++{
++	int err;
++	struct sock *sk = sock->sk;
++	
++	err = sock_error(sk);
++	if (err)
++		return err;
++
++	if (sk->sk_state != TCP_ESTABLISHED)
++		return -ENOTCONN;
++
++	if (msg->msg_namelen)
++		msg->msg_namelen = 0;
++
++	return unix_dgram_sendmsg(kiocb, sock, msg, len);
++}
++                                                                                            
+ static void unix_copy_addr(struct msghdr *msg, struct sock *sk)
+ {
+ 	struct unix_sock *u = unix_sk(sk);
diff --git a/sys-kernel/win4lin-sources/files/win4lin-sources-2.6.9.CAN-2004-1151.patch b/sys-kernel/win4lin-sources/files/win4lin-sources-2.6.9.CAN-2004-1151.patch
new file mode 100644
index 000000000000..fc4289e4f444
--- /dev/null
+++ b/sys-kernel/win4lin-sources/files/win4lin-sources-2.6.9.CAN-2004-1151.patch
@@ -0,0 +1,35 @@
+--- 1.74/arch/x86_64/ia32/sys_ia32.c	2004-12-19 10:58:02 -08:00
++++ 1.75/arch/x86_64/ia32/sys_ia32.c	2004-12-19 10:58:02 -08:00
+@@ -525,11 +525,12 @@
+ int sys32_ni_syscall(int call)
+ { 
+ 	struct task_struct *me = current;
+-	static char lastcomm[8];
+-	if (strcmp(lastcomm, me->comm)) {
+-	printk(KERN_INFO "IA32 syscall %d from %s not implemented\n", call,
+-	       current->comm);
+-		strcpy(lastcomm, me->comm); 
++	static char lastcomm[sizeof(me->comm)];
++
++	if (strncmp(lastcomm, me->comm, sizeof(lastcomm))) {
++		printk(KERN_INFO "IA32 syscall %d from %s not implemented\n",
++		       call, me->comm);
++		strncpy(lastcomm, me->comm, sizeof(lastcomm));
+ 	} 
+ 	return -ENOSYS;	       
+ } 
+@@ -1125,11 +1126,11 @@
+ long sys32_vm86_warning(void)
+ { 
+ 	struct task_struct *me = current;
+-	static char lastcomm[8];
+-	if (strcmp(lastcomm, me->comm)) {
++	static char lastcomm[sizeof(me->comm)];
++	if (strncmp(lastcomm, me->comm, sizeof(lastcomm))) {
+ 		printk(KERN_INFO "%s: vm86 mode not supported on 64 bit kernel\n",
+ 		       me->comm);
+-		strcpy(lastcomm, me->comm); 
++		strncpy(lastcomm, me->comm, sizeof(lastcomm));
+ 	} 
+ 	return -ENOSYS;
+ } 
diff --git a/sys-kernel/win4lin-sources/win4lin-sources-2.6.9-r3.ebuild b/sys-kernel/win4lin-sources/win4lin-sources-2.6.9-r4.ebuild
index 2dc82c7692e5..a552cde4b666 100644
--- a/sys-kernel/win4lin-sources/win4lin-sources-2.6.9-r3.ebuild
+++ b/sys-kernel/win4lin-sources/win4lin-sources-2.6.9-r4.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2004 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sys-kernel/win4lin-sources/win4lin-sources-2.6.9-r3.ebuild,v 1.1 2004/12/04 00:19:09 plasmaroo Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-kernel/win4lin-sources/win4lin-sources-2.6.9-r4.ebuild,v 1.1 2004/12/19 20:27:50 plasmaroo Exp $
 
 ETYPE="sources"
 inherit kernel-2
@@ -14,6 +14,8 @@ UNIPATCH_LIST="
 	${FILESDIR}/${P}.binfmt_a.out.patch
 	${FILESDIR}/${P}.smbfs.patch
 	${FILESDIR}/${P}.AF_UNIX.patch
+	${FILESDIR}/${P}.AF_UNIX.SELinux.patch
+	${FILESDIR}/${P}.CAN-2004-1151.patch
 	${FILESDIR}/${P}.vma.patch"
 
 S=${WORKDIR}/linux-${KV}