From 1cb9409df2c093aa6770afe57c88a288ea21c363 Mon Sep 17 00:00:00 2001 From: Zoltan HERPAI Date: Thu, 27 Oct 2016 15:47:09 +0200 Subject: generic/4.1: bump kernel to 4.1.35 Patch 610- is updated as check_entry helper was killed Patch 666- is updated (thanks to Stijn Tintel) Fixes CVE-2016-5195 (dirtycow) Compile-tested on brcm47xx and rb532 Signed-off-by: Zoltan HERPAI --- ...610-netfilter_match_bypass_default_checks.patch | 25 +++++++--------------- 1 file changed, 8 insertions(+), 17 deletions(-) (limited to 'target/linux/generic/patches-4.1/610-netfilter_match_bypass_default_checks.patch') diff --git a/target/linux/generic/patches-4.1/610-netfilter_match_bypass_default_checks.patch b/target/linux/generic/patches-4.1/610-netfilter_match_bypass_default_checks.patch index 282cbdd0de..1187845879 100644 --- a/target/linux/generic/patches-4.1/610-netfilter_match_bypass_default_checks.patch +++ b/target/linux/generic/patches-4.1/610-netfilter_match_bypass_default_checks.patch @@ -50,25 +50,16 @@ static bool ip_checkentry(const struct ipt_ip *ip) { -@@ -564,7 +590,7 @@ static void cleanup_match(struct xt_entr - } - - static int --check_entry(const struct ipt_entry *e, const char *name) -+check_entry(struct ipt_entry *e, const char *name) - { - const struct xt_entry_target *t; - -@@ -573,6 +599,8 @@ check_entry(const struct ipt_entry *e, c - return -EINVAL; - } +@@ -649,6 +675,8 @@ find_check_entry(struct ipt_entry *e, st + struct xt_mtchk_param mtpar; + struct xt_entry_match *ematch; + ip_checkdefault(&e->ip); + - if (e->target_offset + sizeof(struct xt_entry_target) > - e->next_offset) - return -EINVAL; -@@ -934,6 +962,7 @@ copy_entries_to_user(unsigned int total_ + j = 0; + mtpar.net = net; + mtpar.table = name; +@@ -941,6 +969,7 @@ copy_entries_to_user(unsigned int total_ const struct xt_table_info *private = table->private; int ret = 0; const void *loc_cpu_entry; @@ -76,7 +67,7 @@ counters = alloc_counters(table); if (IS_ERR(counters)) -@@ -964,6 +993,14 @@ copy_entries_to_user(unsigned int total_ +@@ -971,6 +1000,14 @@ copy_entries_to_user(unsigned int total_ ret = -EFAULT; goto free_counters; } -- cgit v1.2.3