r2011 - in trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches: . series
Simon Horman
horms@haydn.debian.org
Mon, 20 Dec 2004 20:25:07 -0700
Author: horms
Date: 2004-12-20 20:24:50 -0700 (Mon, 20 Dec 2004)
New Revision: 2011
Added:
trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/116-cmsg-validation-checks.diff
trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/117-igmp-source-filter-fixes.diff
trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/118-cmsg-validation-checks-compat.diff
Removed:
trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/116-cmsg-validation-checks.div
trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/117-igmp-source-filter-fixes.patch
trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/118-cmsg-validation-checks-compat.patch
Modified:
trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-7
Log:
patches need to be called .diff
Copied: trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/116-cmsg-validation-checks.diff (from rev 2010, trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/116-cmsg-validation-checks.div)
Deleted: trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/116-cmsg-validation-checks.div
===================================================================
--- trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/116-cmsg-validation-checks.div 2004-12-21 03:23:04 UTC (rev 2010)
+++ trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/116-cmsg-validation-checks.div 2004-12-21 03:24:50 UTC (rev 2011)
@@ -1,112 +0,0 @@
-# origin: herbert@gondor.apana.org.au
-# cset: 1.1516.6.2
-# inclusion: backport
-# revision date: 2004-12-14
-# description: Fix CMSG validation checks wrt. signedness.
-
-# This is a BitKeeper generated diff -Nru style patch.
-#
-# ChangeSet
-# 2004/12/08 13:13:56-08:00 herbert@gondor.apana.org.au
-# [NET]: Fix CMSG validation checks wrt. signedness.
-#
-# Noticed by Georgi Guninski.
-#
-# Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-# Signed-off-by: David S. Miller <davem@davemloft.net>
-#
-# include/linux/socket.h
-# 2004/12/08 13:13:07-08:00 herbert@gondor.apana.org.au +4 -0
-# [NET]: Fix CMSG validation checks wrt. signedness.
-#
-# net/core/scm.c
-# 2004/12/08 13:13:07-08:00 herbert@gondor.apana.org.au +1 -3
-# [NET]: Fix CMSG validation checks wrt. signedness.
-#
-# net/ipv4/ip_sockglue.c
-# 2004/12/08 13:13:07-08:00 herbert@gondor.apana.org.au +1 -4
-# [NET]: Fix CMSG validation checks wrt. signedness.
-#
-# net/ipv6/datagram.c
-# 2004/12/08 13:13:07-08:00 herbert@gondor.apana.org.au +1 -3
-# [NET]: Fix CMSG validation checks wrt. signedness.
-#
-# net/sctp/socket.c
-# 2004/12/08 13:13:08-08:00 herbert@gondor.apana.org.au +1 -5
-# [NET]: Fix CMSG validation checks wrt. signedness.
-#
-diff -Nru a/include/linux/socket.h b/include/linux/socket.h
---- a/include/linux/socket.h 2004-12-15 19:38:09 -08:00
-+++ b/include/linux/socket.h 2004-12-15 19:38:09 -08:00
-@@ -87,6 +87,10 @@
- (struct cmsghdr *)(ctl) : \
- (struct cmsghdr *)NULL)
- #define CMSG_FIRSTHDR(msg) __CMSG_FIRSTHDR((msg)->msg_control, (msg)->msg_controllen)
-+#define CMSG_OK(mhdr, cmsg) ((cmsg)->cmsg_len >= sizeof(struct cmsghdr) && \
-+ (cmsg)->cmsg_len <= (unsigned long) \
-+ ((mhdr)->msg_controllen - \
-+ ((char *)(cmsg) - (char *)(mhdr)->msg_control)))
-
- /*
- * This mess will go away with glibc
-diff -Nru a/net/core/scm.c b/net/core/scm.c
---- a/net/core/scm.c 2004-12-15 19:38:09 -08:00
-+++ b/net/core/scm.c 2004-12-15 19:38:09 -08:00
-@@ -124,9 +124,7 @@
- for too short ancillary data object at all! Oops.
- OK, let's add it...
- */
-- if (cmsg->cmsg_len < sizeof(struct cmsghdr) ||
-- (unsigned long)(((char*)cmsg - (char*)msg->msg_control)
-- + cmsg->cmsg_len) > msg->msg_controllen)
-+ if (!CMSG_OK(msg, cmsg))
- goto error;
-
- if (cmsg->cmsg_level != SOL_SOCKET)
-diff -Nru a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c
---- a/net/ipv4/ip_sockglue.c 2004-12-15 19:38:09 -08:00
-+++ b/net/ipv4/ip_sockglue.c 2004-12-15 19:38:09 -08:00
-@@ -143,11 +143,8 @@
- struct cmsghdr *cmsg;
-
- for (cmsg = CMSG_FIRSTHDR(msg); cmsg; cmsg = CMSG_NXTHDR(msg, cmsg)) {
-- if (cmsg->cmsg_len < sizeof(struct cmsghdr) ||
-- (unsigned long)(((char*)cmsg - (char*)msg->msg_control)
-- + cmsg->cmsg_len) > msg->msg_controllen) {
-+ if (!CMSG_OK(msg, cmsg))
- return -EINVAL;
-- }
- if (cmsg->cmsg_level != SOL_IP)
- continue;
- switch (cmsg->cmsg_type) {
-diff -Nru a/net/ipv6/datagram.c b/net/ipv6/datagram.c
---- a/net/ipv6/datagram.c 2004-12-15 19:38:09 -08:00
-+++ b/net/ipv6/datagram.c 2004-12-15 19:38:09 -08:00
-@@ -260,9 +260,7 @@
-
- for (cmsg = CMSG_FIRSTHDR(msg); cmsg; cmsg = CMSG_NXTHDR(msg, cmsg)) {
-
-- if (cmsg->cmsg_len < sizeof(struct cmsghdr) ||
-- (unsigned long)(((char*)cmsg - (char*)msg->msg_control)
-- + cmsg->cmsg_len) > msg->msg_controllen) {
-+ if (!CMSG_OK(msg, cmsg)) {
- err = -EINVAL;
- goto exit_f;
- }
-diff -Nru a/net/sctp/socket.c b/net/sctp/socket.c
---- a/net/sctp/socket.c 2004-12-15 19:38:09 -08:00
-+++ b/net/sctp/socket.c 2004-12-15 19:38:09 -08:00
-@@ -4090,12 +4090,8 @@
- for (cmsg = CMSG_FIRSTHDR(msg);
- cmsg != NULL;
- cmsg = CMSG_NXTHDR((struct msghdr*)msg, cmsg)) {
-- /* Check for minimum length. The SCM code has this check. */
-- if (cmsg->cmsg_len < sizeof(struct cmsghdr) ||
-- (unsigned long)(((char*)cmsg - (char*)msg->msg_control)
-- + cmsg->cmsg_len) > msg->msg_controllen) {
-+ if (!CMSG_OK(msg, cmsg))
- return -EINVAL;
-- }
-
- /* Should we parse this header or ignore? */
- if (cmsg->cmsg_level != IPPROTO_SCTP)
Copied: trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/117-igmp-source-filter-fixes.diff (from rev 2009, trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/117-igmp-source-filter-fixes.patch)
Deleted: trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/117-igmp-source-filter-fixes.patch
===================================================================
--- trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/117-igmp-source-filter-fixes.patch 2004-12-21 03:23:04 UTC (rev 2010)
+++ trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/117-igmp-source-filter-fixes.patch 2004-12-21 03:24:50 UTC (rev 2011)
@@ -1,93 +0,0 @@
-# origin: chrisw@osdl.org
-# cset: 1.1521.2.4
-# inclusion: backport
-# revision date: 2004-12-14
-# description: IGMP source filter fixes
-
-# This is a BitKeeper generated diff -Nru style patch.
-#
-# ChangeSet
-# 2004/12/14 11:11:21-08:00 chrisw@osdl.org
-# [IPV4/IPV6]: IGMP source filter fixes
-#
-# When adding or deleting from the source list make sure to find matches
-# by comparing against the new source address, not the group address.
-# Also, check each addr in the list rather than just the first one.
-# And, finally, only delete from list when there's a match rather than
-# vice-versa. Drop the effort to keep list sorted, since it's not done
-# on full-state api and can create an sl_addr entry that the delta api
-# won't be able to delete. Without these fixes sl_count can be corrupted
-# which can allow for kernel memory corruption.
-#
-# Signed-off-by: Chris Wright <chrisw@osdl.org>
-# Signed-off-by: David S. Miller <davem@davemloft.net>
-#
-# net/ipv4/igmp.c
-# 2004/12/14 11:10:57-08:00 chrisw@osdl.org +5 -5
-# [IPV4/IPV6]: IGMP source filter fixes
-#
-# net/ipv6/mcast.c
-# 2004/12/14 11:10:57-08:00 chrisw@osdl.org +5 -5
-# [IPV4/IPV6]: IGMP source filter fixes
-#
-diff -Nru a/net/ipv4/igmp.c b/net/ipv4/igmp.c
---- a/net/ipv4/igmp.c 2004-12-15 19:22:13 -08:00
-+++ b/net/ipv4/igmp.c 2004-12-15 19:22:13 -08:00
-@@ -1757,12 +1757,12 @@
- goto done;
- rv = !0;
- for (i=0; i<psl->sl_count; i++) {
-- rv = memcmp(&psl->sl_addr, &mreqs->imr_multiaddr,
-+ rv = memcmp(&psl->sl_addr[i], &mreqs->imr_sourceaddr,
- sizeof(__u32));
-- if (rv >= 0)
-+ if (rv == 0)
- break;
- }
-- if (!rv) /* source not found */
-+ if (rv) /* source not found */
- goto done;
-
- /* update the interface filter */
-@@ -1804,9 +1804,9 @@
- }
- rv = 1; /* > 0 for insert logic below if sl_count is 0 */
- for (i=0; i<psl->sl_count; i++) {
-- rv = memcmp(&psl->sl_addr, &mreqs->imr_multiaddr,
-+ rv = memcmp(&psl->sl_addr[i], &mreqs->imr_sourceaddr,
- sizeof(__u32));
-- if (rv >= 0)
-+ if (rv == 0)
- break;
- }
- if (rv == 0) /* address already there is an error */
-diff -Nru a/net/ipv6/mcast.c b/net/ipv6/mcast.c
---- a/net/ipv6/mcast.c 2004-12-15 19:22:13 -08:00
-+++ b/net/ipv6/mcast.c 2004-12-15 19:22:13 -08:00
-@@ -386,12 +386,12 @@
- goto done;
- rv = !0;
- for (i=0; i<psl->sl_count; i++) {
-- rv = memcmp(&psl->sl_addr, group,
-+ rv = memcmp(&psl->sl_addr[i], source,
- sizeof(struct in6_addr));
-- if (rv >= 0)
-+ if (rv == 0)
- break;
- }
-- if (!rv) /* source not found */
-+ if (rv) /* source not found */
- goto done;
-
- /* update the interface filter */
-@@ -432,8 +432,8 @@
- }
- rv = 1; /* > 0 for insert logic below if sl_count is 0 */
- for (i=0; i<psl->sl_count; i++) {
-- rv = memcmp(&psl->sl_addr, group, sizeof(struct in6_addr));
-- if (rv >= 0)
-+ rv = memcmp(&psl->sl_addr[i], source, sizeof(struct in6_addr));
-+ if (rv == 0)
- break;
- }
- if (rv == 0) /* address already there is an error */
Copied: trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/118-cmsg-validation-checks-compat.diff (from rev 2009, trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/118-cmsg-validation-checks-compat.patch)
Deleted: trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/118-cmsg-validation-checks-compat.patch
===================================================================
--- trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/118-cmsg-validation-checks-compat.patch 2004-12-21 03:23:04 UTC (rev 2010)
+++ trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/118-cmsg-validation-checks-compat.patch 2004-12-21 03:24:50 UTC (rev 2011)
@@ -1,247 +0,0 @@
-# origin: David S. Miller <davem@davemloft.net>
-# cset: 1.1516.6.3
-# inclusion: backport
-# revision date: 2004-12-14
-# description: Fix CMSG validation checks wrt. signedness in compat code
-
-# This is a BitKeeper generated diff -Nru style patch.
-#
-# ChangeSet
-# 2004/12/08 13:33:08-08:00 davem@nuts.davemloft.net
-# [NET]: CMSG compat code needs signedness fixes too.
-#
-# Signed-off-by: David S. Miller <davem@davemloft.net>
-#
-# arch/ia64/ia32/sys_ia32.c
-# 2004/12/08 13:32:46-08:00 davem@nuts.davemloft.net +6 -4
-# [NET]: CMSG compat code needs signedness fixes too.
-#
-# arch/mips64/kernel/linux32.c
-# 2004/12/08 13:32:46-08:00 davem@nuts.davemloft.net +7 -5
-# [NET]: CMSG compat code needs signedness fixes too.
-#
-# arch/parisc/kernel/sys_parisc32.c
-# 2004/12/08 13:32:46-08:00 davem@nuts.davemloft.net +6 -5
-# [NET]: CMSG compat code needs signedness fixes too.
-#
-# arch/ppc64/kernel/sys_ppc32.c
-# 2004/12/08 13:32:46-08:00 davem@nuts.davemloft.net +6 -5
-# [NET]: CMSG compat code needs signedness fixes too.
-#
-# arch/s390x/kernel/linux32.c
-# 2004/12/08 13:32:46-08:00 davem@nuts.davemloft.net +6 -5
-# [NET]: CMSG compat code needs signedness fixes too.
-#
-# arch/sparc64/kernel/sys_sparc32.c
-# 2004/12/08 13:32:46-08:00 davem@nuts.davemloft.net +6 -5
-# [NET]: CMSG compat code needs signedness fixes too.
-#
-# arch/x86_64/ia32/socket32.c
-# 2004/12/08 13:32:46-08:00 davem@nuts.davemloft.net +2 -5
-# [NET]: CMSG compat code needs signedness fixes too.
-#
-# include/asm-x86_64/socket32.h
-# 2004/12/08 13:32:46-08:00 davem@nuts.davemloft.net +5 -0
-# [NET]: CMSG compat code needs signedness fixes too.
-#
-diff -Nru a/arch/ia64/ia32/sys_ia32.c b/arch/ia64/ia32/sys_ia32.c
---- a/arch/ia64/ia32/sys_ia32.c 2004-12-15 23:32:09 -08:00
-+++ b/arch/ia64/ia32/sys_ia32.c 2004-12-15 23:32:09 -08:00
-@@ -1369,6 +1369,11 @@
- #define __CMSG32_FIRSTHDR(ctl,len) \
- ((len) >= sizeof(struct cmsghdr32) ? (struct cmsghdr32 *)(ctl) : (struct cmsghdr32 *)NULL)
- #define CMSG32_FIRSTHDR(msg) __CMSG32_FIRSTHDR((msg)->msg_control, (msg)->msg_controllen)
-+#define CMSG32_OK(ucmlen, ucmsg, mhdr) \
-+ ((ucmlen) >= sizeof(struct cmsghdr) && \
-+ (ucmlen) <= (unsigned long) \
-+ ((mhdr)->msg_controllen - \
-+ ((char *)(ucmsg) - (char *)(mhdr)->msg_control)))
-
- static inline struct cmsghdr32 *
- __cmsg32_nxthdr (void *ctl, __kernel_size_t size, struct cmsghdr32 *cmsg, int cmsg_len)
-@@ -1429,10 +1434,7 @@
- return -EFAULT;
-
- /* Catch bogons. */
-- if (CMSG32_ALIGN(ucmlen) < CMSG32_ALIGN(sizeof(struct cmsghdr32)))
-- return -EINVAL;
-- if ((unsigned long)(((char *)ucmsg - (char *)kmsg->msg_control) + ucmlen)
-- > kmsg->msg_controllen)
-+ if (!CMSG32_OK(ucmlen, ucmsg, kmsg))
- return -EINVAL;
-
- tmp = ((ucmlen - CMSG32_ALIGN(sizeof(*ucmsg))) +
-diff -Nru a/arch/mips64/kernel/linux32.c b/arch/mips64/kernel/linux32.c
---- a/arch/mips64/kernel/linux32.c 2004-12-15 23:32:09 -08:00
-+++ b/arch/mips64/kernel/linux32.c 2004-12-15 23:32:09 -08:00
-@@ -2483,6 +2483,12 @@
- (struct cmsghdr32 *)(ctl) : \
- (struct cmsghdr32 *)NULL)
- #define CMSG32_FIRSTHDR(msg) __CMSG32_FIRSTHDR((msg)->msg_control, (msg)->msg_controllen)
-+#define CMSG32_OK(ucmlen, ucmsg, mhdr) \
-+ ((ucmlen) >= sizeof(struct cmsghdr) && \
-+ (ucmlen) <= (unsigned long) \
-+ ((mhdr)->msg_controllen - \
-+ ((char *)(ucmsg) - (char *)(mhdr)->msg_control)))
-+
-
- __inline__ struct cmsghdr32 *__cmsg32_nxthdr(void *__ctl, __kernel_size_t __size,
- struct cmsghdr32 *__cmsg, int __cmsg_len)
-@@ -2623,11 +2629,7 @@
- return -EFAULT;
-
- /* Catch bogons. */
-- if(CMSG32_ALIGN(ucmlen) <
-- CMSG32_ALIGN(sizeof(struct cmsghdr32)))
-- return -ENOBUFS;
-- if((unsigned long)(((char *)ucmsg - (char *)kmsg->msg_control)
-- + ucmlen) > kmsg->msg_controllen)
-+ if (!CMSG32_OK(ucmlen, ucmsg, kmsg))
- return -EINVAL;
-
- tmp = ((ucmlen - CMSG32_ALIGN(sizeof(*ucmsg))) +
-diff -Nru a/arch/parisc/kernel/sys_parisc32.c b/arch/parisc/kernel/sys_parisc32.c
---- a/arch/parisc/kernel/sys_parisc32.c 2004-12-15 23:32:09 -08:00
-+++ b/arch/parisc/kernel/sys_parisc32.c 2004-12-15 23:32:09 -08:00
-@@ -1814,6 +1814,11 @@
- (struct cmsghdr32 *)(ctl) : \
- (struct cmsghdr32 *)NULL)
- #define CMSG32_FIRSTHDR(msg) __CMSG32_FIRSTHDR((msg)->msg_control, (msg)->msg_controllen)
-+#define CMSG32_OK(ucmlen, ucmsg, mhdr) \
-+ ((ucmlen) >= sizeof(struct cmsghdr) && \
-+ (ucmlen) <= (unsigned long) \
-+ ((mhdr)->msg_controllen - \
-+ ((char *)(ucmsg) - (char *)(mhdr)->msg_control)))
-
- __inline__ struct cmsghdr32 *__cmsg32_nxthdr(void *__ctl, __kernel_size_t __size,
- struct cmsghdr32 *__cmsg, int __cmsg_len)
-@@ -1940,11 +1945,7 @@
- return -EFAULT;
-
- /* Catch bogons. */
-- if(CMSG32_ALIGN(ucmlen) <
-- CMSG32_ALIGN(sizeof(struct cmsghdr32)))
-- return -EINVAL;
-- if((unsigned long)(((char *)ucmsg - (char *)kmsg->msg_control)
-- + ucmlen) > kmsg->msg_controllen)
-+ if (!CMSG32_OK(ucmlen, ucmsg, kmsg))
- return -EINVAL;
-
- tmp = ((ucmlen - CMSG32_ALIGN(sizeof(*ucmsg))) +
-diff -Nru a/arch/ppc64/kernel/sys_ppc32.c b/arch/ppc64/kernel/sys_ppc32.c
---- a/arch/ppc64/kernel/sys_ppc32.c 2004-12-15 23:32:09 -08:00
-+++ b/arch/ppc64/kernel/sys_ppc32.c 2004-12-15 23:32:09 -08:00
-@@ -3273,6 +3273,11 @@
- (struct cmsghdr32 *)(ctl) : \
- (struct cmsghdr32 *)NULL)
- #define CMSG32_FIRSTHDR(msg) __CMSG32_FIRSTHDR((msg)->msg_control, (msg)->msg_controllen)
-+#define CMSG32_OK(ucmlen, ucmsg, mhdr) \
-+ ((ucmlen) >= sizeof(struct cmsghdr) && \
-+ (ucmlen) <= (unsigned long) \
-+ ((mhdr)->msg_controllen - \
-+ ((char *)(ucmsg) - (char *)(mhdr)->msg_control)))
-
- struct msghdr32
- {
-@@ -3448,11 +3453,7 @@
- return -EFAULT;
-
- /* Catch bogons. */
-- if(CMSG32_ALIGN(ucmlen) <
-- CMSG32_ALIGN(sizeof(struct cmsghdr32)))
-- return -EINVAL;
-- if((unsigned long)(((char *)ucmsg - (char *)kmsg->msg_control)
-- + ucmlen) > kmsg->msg_controllen)
-+ if (!CMSG32_OK(ucmlen, ucmsg, kmsg))
- return -EINVAL;
-
- tmp = ((ucmlen - CMSG32_ALIGN(sizeof(*ucmsg))) +
-diff -Nru a/arch/s390x/kernel/linux32.c b/arch/s390x/kernel/linux32.c
---- a/arch/s390x/kernel/linux32.c 2004-12-15 23:32:09 -08:00
-+++ b/arch/s390x/kernel/linux32.c 2004-12-15 23:32:09 -08:00
-@@ -2306,6 +2306,11 @@
- (struct cmsghdr32 *)(ctl) : \
- (struct cmsghdr32 *)NULL)
- #define CMSG32_FIRSTHDR(msg) __CMSG32_FIRSTHDR((msg)->msg_control, (msg)->msg_controllen)
-+#define CMSG32_OK(ucmlen, ucmsg, mhdr) \
-+ ((ucmlen) >= sizeof(struct cmsghdr) && \
-+ (ucmlen) <= (unsigned long) \
-+ ((mhdr)->msg_controllen - \
-+ ((char *)(ucmsg) - (char *)(mhdr)->msg_control)))
-
- __inline__ struct cmsghdr32 *__cmsg32_nxthdr(void *__ctl, __kernel_size_t __size,
- struct cmsghdr32 *__cmsg, int __cmsg_len)
-@@ -2432,11 +2437,7 @@
- return -EFAULT;
-
- /* Catch bogons. */
-- if(CMSG32_ALIGN(ucmlen) <
-- CMSG32_ALIGN(sizeof(struct cmsghdr32)))
-- return -EINVAL;
-- if((unsigned long)(((char *)ucmsg - (char *)kmsg->msg_control)
-- + ucmlen) > kmsg->msg_controllen)
-+ if (!CMSG32_OK(ucmlen, ucmsg, kmsg))
- return -EINVAL;
-
- tmp = ((ucmlen - CMSG32_ALIGN(sizeof(*ucmsg))) +
-diff -Nru a/arch/sparc64/kernel/sys_sparc32.c b/arch/sparc64/kernel/sys_sparc32.c
---- a/arch/sparc64/kernel/sys_sparc32.c 2004-12-15 23:32:09 -08:00
-+++ b/arch/sparc64/kernel/sys_sparc32.c 2004-12-15 23:32:09 -08:00
-@@ -2354,6 +2354,11 @@
- (struct cmsghdr32 *)(ctl) : \
- (struct cmsghdr32 *)NULL)
- #define CMSG32_FIRSTHDR(msg) __CMSG32_FIRSTHDR((msg)->msg_control, (msg)->msg_controllen)
-+#define CMSG32_OK(ucmlen, ucmsg, mhdr) \
-+ ((ucmlen) >= sizeof(struct cmsghdr) && \
-+ (ucmlen) <= (unsigned long) \
-+ ((mhdr)->msg_controllen - \
-+ ((char *)(ucmsg) - (char *)(mhdr)->msg_control)))
-
- __inline__ struct cmsghdr32 *__cmsg32_nxthdr(void *__ctl, __kernel_size_t __size,
- struct cmsghdr32 *__cmsg, int __cmsg_len)
-@@ -2480,11 +2485,7 @@
- return -EFAULT;
-
- /* Catch bogons. */
-- if(CMSG32_ALIGN(ucmlen) <
-- CMSG32_ALIGN(sizeof(struct cmsghdr32)))
-- return -EINVAL;
-- if((unsigned long)(((char *)ucmsg - (char *)kmsg->msg_control)
-- + ucmlen) > kmsg->msg_controllen)
-+ if (!CMSG32_OK(ucmlen, ucmsg, kmsg))
- return -EINVAL;
-
- tmp = ((ucmlen - CMSG32_ALIGN(sizeof(*ucmsg))) +
-diff -Nru a/arch/x86_64/ia32/socket32.c b/arch/x86_64/ia32/socket32.c
---- a/arch/x86_64/ia32/socket32.c 2004-12-15 23:32:09 -08:00
-+++ b/arch/x86_64/ia32/socket32.c 2004-12-15 23:32:09 -08:00
-@@ -136,12 +136,9 @@
- return -EFAULT;
-
- /* Catch bogons. */
-- if(CMSG32_ALIGN(ucmlen) <
-- CMSG32_ALIGN(sizeof(struct cmsghdr32)))
-- return -EINVAL;
-- if((unsigned long)(((char *)ucmsg - (char *)kmsg->msg_control)
-- + ucmlen) > kmsg->msg_controllen)
-+ if (!CMSG32_OK(ucmlen, ucmsg, kmsg))
- return -EINVAL;
-+
- if (kmsg->msg_controllen > 65536)
- return -EINVAL;
-
-diff -Nru a/include/asm-x86_64/socket32.h b/include/asm-x86_64/socket32.h
---- a/include/asm-x86_64/socket32.h 2004-12-15 23:32:09 -08:00
-+++ b/include/asm-x86_64/socket32.h 2004-12-15 23:32:09 -08:00
-@@ -45,6 +45,11 @@
- (struct cmsghdr32 *)(ctl) : \
- (struct cmsghdr32 *)NULL)
- #define CMSG32_FIRSTHDR(msg) __CMSG32_FIRSTHDR((msg)->msg_control, (msg)->msg_controllen)
-+#define CMSG32_OK(ucmlen, ucmsg, mhdr) \
-+ ((ucmlen) >= sizeof(struct cmsghdr) && \
-+ (ucmlen) <= (unsigned long) \
-+ ((mhdr)->msg_controllen - \
-+ ((char *)(ucmsg) - (char *)(mhdr)->msg_control)))
-
- __inline__ struct cmsghdr32 *__cmsg32_nxthdr(void *__ctl, __kernel_size_t __size,
- struct cmsghdr32 *__cmsg, int __cmsg_len)
Modified: trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-7
===================================================================
--- trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-7 2004-12-21 03:23:04 UTC (rev 2010)
+++ trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-7 2004-12-21 03:24:50 UTC (rev 2011)
@@ -2,5 +2,5 @@
+ 114-binfmt_aout-CAN-2004-1074.diff
+ 115_tty_lockup-3.diff
+ 116-cmsg-validation-checks.diff
-+ 116-cmsg-validation-checks-compat.diff
+ 117-igmp-source-filter-fixes.diff
++ 118-cmsg-validation-checks-compat.diff