Grsec/PaX: 3.0-{3.2.55,3.13.5}-20140304193820140304

2 files changed, 19 insertions, 1 deletions

diff --git a/3.2.55/0000_README b/3.2.55/0000_README
index e75270d..6e1b2f5 100644
--- a/3.2.55/0000_README
+++ b/3.2.55/0000_README
@@ -138,7 +138,7 @@ Patch:	1054_linux-3.2.55.patch
 From:	http://www.kernel.org
 Desc:	Linux 3.2.55
 
-Patch:	4420_grsecurity-3.0-3.2.55-201403022154.patch
+Patch:	4420_grsecurity-3.0-3.2.55-201403041936.patch
 From:	http://www.grsecurity.net
 Desc:	hardened-sources base patch from upstream grsecurity
 
diff --git a/3.2.55/4420_grsecurity-3.0-3.2.55-201403022154.patch b/3.2.55/4420_grsecurity-3.0-3.2.55-201403041936.patch
index 5e79266..5a6b289 100644
--- a/3.2.55/4420_grsecurity-3.0-3.2.55-201403022154.patch
+++ b/3.2.55/4420_grsecurity-3.0-3.2.55-201403041936.patch
@@ -101674,6 +101674,24 @@ index 76388b0..a967f68 100644
  	NULL,
  	sctp_generate_t1_cookie_event,
  	sctp_generate_t1_init_event,
+diff --git a/net/sctp/sm_statefuns.c b/net/sctp/sm_statefuns.c
+index cb1c430..f131caf 100644
+--- a/net/sctp/sm_statefuns.c
++++ b/net/sctp/sm_statefuns.c
+@@ -747,6 +747,13 @@ sctp_disposition_t sctp_sf_do_5_1D_ce(const struct sctp_endpoint *ep,
+ 		struct sctp_chunk auth;
+ 		sctp_ierror_t ret;
+ 
++		/* Make sure that we and the peer are AUTH capable */
++		if (!sctp_auth_enable || !new_asoc->peer.auth_capable) {
++			kfree_skb(chunk->auth_chunk);
++			sctp_association_free(new_asoc);
++			return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
++		}
++
+ 		/* set-up our fake chunk so that we can process it */
+ 		auth.skb = chunk->auth_chunk;
+ 		auth.asoc = chunk->asoc;
 diff --git a/net/sctp/socket.c b/net/sctp/socket.c
 index c53d01e..9659111 100644
 --- a/net/sctp/socket.c