grsecurity-3.1-4.5.4-20160512203920160512

2 files changed, 66 insertions, 12 deletions

diff --git a/4.5.4/0000_README b/4.5.4/0000_README
index 585ee5a..c80ae26 100644
--- a/4.5.4/0000_README
+++ b/4.5.4/0000_README
@@ -6,7 +6,7 @@ Patch: 1003_linux-4.5.4.patch
 From:  http://www.kernel.org
 Desc:  Linux 4.5.4
 
-Patch:	4420_grsecurity-3.1-4.5.4-201605112030.patch
+Patch:	4420_grsecurity-3.1-4.5.4-201605122039.patch
 From:	http://www.grsecurity.net
 Desc:	hardened-sources base patch from upstream grsecurity
 
diff --git a/4.5.4/4420_grsecurity-3.1-4.5.4-201605112030.patch b/4.5.4/4420_grsecurity-3.1-4.5.4-201605122039.patch
index 98cc4a6..392d870 100644
--- a/4.5.4/4420_grsecurity-3.1-4.5.4-201605112030.patch
+++ b/4.5.4/4420_grsecurity-3.1-4.5.4-201605122039.patch
@@ -61548,13 +61548,14 @@ index aafe237..5a65f90 100644
  		err = 0;
  		break;
 diff --git a/drivers/net/ppp/pptp.c b/drivers/net/ppp/pptp.c
-index ae0905e..7a7d9b2 100644
+index ae0905e..f22c8e9d 100644
 --- a/drivers/net/ppp/pptp.c
 +++ b/drivers/net/ppp/pptp.c
-@@ -369,6 +369,7 @@ allow_packet:
+@@ -368,7 +368,7 @@ allow_packet:
+ 		}
  
  		skb->ip_summed = CHECKSUM_NONE;
- 		skb_set_network_header(skb, skb->head-skb->data);
+-		skb_set_network_header(skb, skb->head-skb->data);
 +		skb->network_header = 0;
  		ppp_input(&po->chan, skb);
  
@@ -143301,6 +143302,53 @@ index a7c26a4..6747b22 100644
  obj-$(CONFIG_DEBUG_OBJECTS) += debugobjects.o
  
  ifneq ($(CONFIG_HAVE_DEC_LOCK),y)
+diff --git a/lib/asn1_decoder.c b/lib/asn1_decoder.c
+index 2b3f46c..5545229 100644
+--- a/lib/asn1_decoder.c
++++ b/lib/asn1_decoder.c
+@@ -74,7 +74,7 @@ next_tag:
+ 
+ 	/* Extract a tag from the data */
+ 	tag = data[dp++];
+-	if (tag == 0) {
++	if (tag == ASN1_EOC) {
+ 		/* It appears to be an EOC. */
+ 		if (data[dp++] != 0)
+ 			goto invalid_eoc;
+@@ -96,10 +96,8 @@ next_tag:
+ 
+ 	/* Extract the length */
+ 	len = data[dp++];
+-	if (len <= 0x7f) {
+-		dp += len;
+-		goto next_tag;
+-	}
++	if (len <= 0x7f)
++		goto check_length;
+ 
+ 	if (unlikely(len == ASN1_INDEFINITE_LENGTH)) {
+ 		/* Indefinite length */
+@@ -110,14 +108,18 @@ next_tag:
+ 	}
+ 
+ 	n = len - 0x80;
+-	if (unlikely(n > sizeof(size_t) - 1))
++	if (unlikely(n > sizeof(len) - 1))
+ 		goto length_too_long;
+ 	if (unlikely(n > datalen - dp))
+ 		goto data_overrun_error;
+-	for (len = 0; n > 0; n--) {
++	len = 0;
++	for (; n > 0; n--) {
+ 		len <<= 8;
+ 		len |= data[dp++];
+ 	}
++check_length:
++	if (len > datalen - dp)
++		goto data_overrun_error;
+ 	dp += len;
+ 	goto next_tag;
+ 
 diff --git a/lib/bitmap.c b/lib/bitmap.c
 index 8148143..d132f7e9 100644
 --- a/lib/bitmap.c
@@ -169312,7 +169360,7 @@ index 0000000..f6a284d
 +#endif
 diff --git a/tools/gcc/rap_plugin/rap_fptr_pass.c b/tools/gcc/rap_plugin/rap_fptr_pass.c
 new file mode 100644
-index 0000000..828b7c3
+index 0000000..2f53f14
 --- /dev/null
 +++ b/tools/gcc/rap_plugin/rap_fptr_pass.c
 @@ -0,0 +1,220 @@
@@ -169367,7 +169415,7 @@ index 0000000..828b7c3
 +#endif
 +	basic_block cond_bb, join_bb, true_bb;
 +	edge e;
-+	const int rap_hash_offset = TARGET_64BIT ? 2 * sizeof(rap_hash_t) : sizeof(rap_hash_t);
++	const HOST_WIDE_INT rap_hash_offset = TARGET_64BIT ? 2 * sizeof(rap_hash_t) : sizeof(rap_hash_t);
 +
 +	call_stmt = gsi_stmt(*gsi);
 +	loc = gimple_location(call_stmt);
@@ -169926,10 +169974,10 @@ index 0000000..7c59f38
 +}
 diff --git a/tools/gcc/rap_plugin/rap_plugin.c b/tools/gcc/rap_plugin/rap_plugin.c
 new file mode 100644
-index 0000000..afdc89d
+index 0000000..cdac9c1
 --- /dev/null
 +++ b/tools/gcc/rap_plugin/rap_plugin.c
-@@ -0,0 +1,480 @@
+@@ -0,0 +1,486 @@
 +/*
 + * Copyright 2012-2016 by PaX Team <pageexec@freemail.hu>
 + * Licensed under the GPL v2
@@ -170062,7 +170110,7 @@ index 0000000..afdc89d
 +	cgraph_node_ptr node;
 +	rap_hash_t imprecise_rap_hash;
 +	unsigned HOST_WIDE_INT skip;
-+	const int rap_hash_offset = TARGET_64BIT ? 2 * sizeof(rap_hash_t) : sizeof(rap_hash_t);
++	const unsigned HOST_WIDE_INT rap_hash_offset = TARGET_64BIT ? 2 * sizeof(rap_hash_t) : sizeof(rap_hash_t);
 +
 +	gcc_assert(debug_hooks == &rap_debug_hooks);
 +
@@ -170090,7 +170138,7 @@ index 0000000..afdc89d
 +	if (TARGET_64BIT)
 +		fprintf(asm_out_file, ".quad %#lx\t%s __rap_hash_%s\n", (long)imprecise_rap_hash.hash, ASM_COMMENT_START, IDENTIFIER_POINTER(DECL_ASSEMBLER_NAME(decl)));
 +	else
-+		fprintf(asm_out_file, ".long %#lx\t%s __rap_hash_%s\n", imprecise_rap_hash.hash, ASM_COMMENT_START, IDENTIFIER_POINTER(DECL_ASSEMBLER_NAME(decl)));
++		fprintf(asm_out_file, ".long %#x\t%s __rap_hash_%s\n", imprecise_rap_hash.hash, ASM_COMMENT_START, IDENTIFIER_POINTER(DECL_ASSEMBLER_NAME(decl)));
 +}
 +
 +static void rap_start_unit_common(void *gcc_data __unused, void *user_data __unused)
@@ -170170,7 +170218,10 @@ index 0000000..afdc89d
 +			inform(DECL_SOURCE_LOCATION(fndecl), "abs rap_hash: %x %s", hash.hash, IDENTIFIER_POINTER(DECL_ASSEMBLER_NAME(fndecl)));
 +
 +		fprintf(asm_out_file, GLOBAL_ASM_OP " %s\n", name);
-+		fprintf(asm_out_file, "\t.offset %#lx\n", (long)hash.hash);
++		if (TARGET_64BIT)
++			fprintf(asm_out_file, "\t.offset %#lx\n", (long)hash.hash);
++		else
++			fprintf(asm_out_file, "\t.offset %#x\n", hash.hash);
 +		ASM_OUTPUT_TYPE_DIRECTIVE(asm_out_file, name, "object");
 +		ASM_OUTPUT_LABEL(asm_out_file, name);
 +		free(name);
@@ -170218,7 +170269,10 @@ index 0000000..afdc89d
 +		inform(DECL_SOURCE_LOCATION(fndecl), "abs rap_hash: %x %s", hash.hash, asmname);
 +
 +	fprintf(asm_out_file, GLOBAL_ASM_OP " %s\n", name);
-+	fprintf(asm_out_file, "\t.offset %#lx\n", (long)hash.hash);
++	if (TARGET_64BIT)
++		fprintf(asm_out_file, "\t.offset %#lx\n", (long)hash.hash);
++	else
++		fprintf(asm_out_file, "\t.offset %#x\n", hash.hash);
 +	ASM_OUTPUT_TYPE_DIRECTIVE(asm_out_file, name, "object");
 +	ASM_OUTPUT_LABEL(asm_out_file, name);
 +	free(name);