diff options
author | Zoltan HERPAI <wigyori@uid0.hu> | 2016-10-27 15:13:36 +0200 |
---|---|---|
committer | Zoltan HERPAI <wigyori@uid0.hu> | 2016-10-27 15:13:36 +0200 |
commit | f14d3f5d46d9ef534cd51360f066260fb434548f (patch) | |
tree | 81ec5060ed9ba99e9bd1eeb2556737cfe0015158 /target/linux/generic/patches-3.18/610-netfilter_match_bypass_default_checks.patch | |
parent | ce116bc6f997d8d6e6b976cacce5d4c60d705fc6 (diff) | |
download | master-187ad058-f14d3f5d46d9ef534cd51360f066260fb434548f.tar.gz master-187ad058-f14d3f5d46d9ef534cd51360f066260fb434548f.tar.bz2 master-187ad058-f14d3f5d46d9ef534cd51360f066260fb434548f.zip |
generic/3.18: bump kernel to 3.18.44
Patch 610- is updated as check_entry helper was killed in 3.18.37
Patch 666- is updated (thanks to Stijn Tintel)
Fixes CVE-2016-5195 (dirtycow)
Compile-tested on adm5120 and mcs814x
Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
Diffstat (limited to 'target/linux/generic/patches-3.18/610-netfilter_match_bypass_default_checks.patch')
-rw-r--r-- | target/linux/generic/patches-3.18/610-netfilter_match_bypass_default_checks.patch | 25 |
1 files changed, 8 insertions, 17 deletions
diff --git a/target/linux/generic/patches-3.18/610-netfilter_match_bypass_default_checks.patch b/target/linux/generic/patches-3.18/610-netfilter_match_bypass_default_checks.patch index 358d64b1a1..74be425049 100644 --- a/target/linux/generic/patches-3.18/610-netfilter_match_bypass_default_checks.patch +++ b/target/linux/generic/patches-3.18/610-netfilter_match_bypass_default_checks.patch @@ -50,25 +50,16 @@ static bool ip_checkentry(const struct ipt_ip *ip) { -@@ -565,7 +591,7 @@ static void cleanup_match(struct xt_entr - } - - static int --check_entry(const struct ipt_entry *e, const char *name) -+check_entry(struct ipt_entry *e, const char *name) - { - const struct xt_entry_target *t; - -@@ -574,6 +600,8 @@ check_entry(const struct ipt_entry *e, c - return -EINVAL; - } +@@ -650,6 +676,8 @@ find_check_entry(struct ipt_entry *e, st + struct xt_mtchk_param mtpar; + struct xt_entry_match *ematch; + ip_checkdefault(&e->ip); + - if (e->target_offset + sizeof(struct xt_entry_target) > - e->next_offset) - return -EINVAL; -@@ -935,6 +963,7 @@ copy_entries_to_user(unsigned int total_ + j = 0; + mtpar.net = net; + mtpar.table = name; +@@ -942,6 +970,7 @@ copy_entries_to_user(unsigned int total_ const struct xt_table_info *private = table->private; int ret = 0; const void *loc_cpu_entry; @@ -76,7 +67,7 @@ counters = alloc_counters(table); if (IS_ERR(counters)) -@@ -965,6 +994,14 @@ copy_entries_to_user(unsigned int total_ +@@ -972,6 +1001,14 @@ copy_entries_to_user(unsigned int total_ ret = -EFAULT; goto free_counters; } |