[gentoo-commits] gentoo-x86 commit in net-firewall/ipt_netflow/files: ipt_netflow-2.0-pax-const.patch

[Sergey Popov (pinkbyte)]

pinkbyte    14/08/19 07:21:25

  Added:                ipt_netflow-2.0-pax-const.patch
  Log:
  Revision bump: restore compatibility with hardened setups, wrt bug #519480, 
add optional debugfs support. Drop old revision
  
  (Portage version: 2.2.12/cvs/Linux x86_64, signed Manifest commit with key 
0x1F357D42)

Revision  Changes    Path
1.1                  
net-firewall/ipt_netflow/files/ipt_netflow-2.0-pax-const.patch

file : 
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-firewall/ipt_netflow/files/ipt_netflow-2.0-pax-const.patch?rev=1.1&view=markup
plain: 
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-firewall/ipt_netflow/files/ipt_netflow-2.0-pax-const.patch?rev=1.1&content-type=text/plain

Index: ipt_netflow-2.0-pax-const.patch
===================================================================
Patch by Jeremy Drake, https://bugs.gentoo.org/show_bug.cgi?id=466430

Adds support for building with PaX hardened kernel

Adapted to version 2.0 by Sergey Popov <pinkb...@gentoo.org>

--- ipt_NETFLOW.c.orig  2014-08-07 08:05:08.000000000 +0400
+++ ipt_NETFLOW.c       2014-08-18 11:10:08.000000000 +0400
@@ -845,13 +845,13 @@
                         void __user *buffer, size_t *lenp, loff_t *fpos)
 {
        void *orig = ctl->data;
+       ctl_table_no_const lctl = *ctl;
        int ret, hsize;
 
        if (write)
-               ctl->data = &hsize;
-       ret = proc_dointvec(ctl, write, BEFORE2632(filp,) buffer, lenp, fpos);
+               lctl.data = &hsize;
+       ret = proc_dointvec(&lctl, write, BEFORE2632(filp,) buffer, lenp, fpos);
        if (write) {
-               ctl->data = orig;
                if (hsize < LOCK_COUNT)
                        return -EPERM;
                return set_hashsize(hsize)?:ret;
@@ -864,6 +864,7 @@
 {
        int ret;
        struct ipt_netflow_sock *usock;
+       ctl_table_no_const lctl = *ctl;
 
        mutex_lock(&sock_lock);
        if (list_empty(&usock_list)) {
@@ -875,8 +876,8 @@
                sndbuf = usock->sock->sk->sk_sndbuf;
        mutex_unlock(&sock_lock);
 
-       ctl->data = &sndbuf;
-       ret = proc_dointvec(ctl, write, BEFORE2632(filp,) buffer, lenp, fpos);
+       lctl.data = &sndbuf;
+       ret = proc_dointvec(&lctl, write, BEFORE2632(filp,) buffer, lenp, fpos);
        if (!write)
                return ret;
        if (sndbuf < SOCK_MIN_SNDBUF)
@@ -943,9 +944,10 @@
 {
        int ret;
        int val = 0;
+       ctl_table_no_const lctl = *ctl;
 
-       ctl->data = &val;
-       ret = proc_dointvec(ctl, write, BEFORE2632(filp,) buffer, lenp, fpos);
+       lctl.data = &val;
+       ret = proc_dointvec(&lctl, write, BEFORE2632(filp,) buffer, lenp, fpos);
 
        if (!write)
                return ret;
@@ -966,8 +968,9 @@
        int ret;
        int ver = protocol;
 
-       ctl->data = &ver;
-       ret = proc_dointvec(ctl, write, BEFORE2632(filp,) buffer, lenp, fpos);
+       ctl_table_no_const lctl = *ctl;
+       lctl.data = &ver;
+       ret = proc_dointvec(&lctl, write, BEFORE2632(filp,) buffer, lenp, fpos);
 
        if (!write)
                return ret;