conntrack-tools-1.4.7-3

- conntrack: Fix potential array out of bounds access Resolves: RHEL-28513
2024-06-20 17:55:31 +02:00 · 2024-06-20 17:55:31 +02:00 · 55b81bb642
commit 55b81bb642
parent cc2609de27
2 changed files with 33 additions and 1 deletions
--- a/0005-conntrack-Fix-potential-array-out-of-bounds-access.patch
+++ b/0005-conntrack-Fix-potential-array-out-of-bounds-access.patch
@ -0,0 +1,28 @@
+From db7004f40134c4e51607df8ff2e83f8b1f8bca82 Mon Sep 17 00:00:00 2001
+From: Phil Sutter <phil@nwl.cc>
+Date: Tue, 20 Dec 2022 15:02:16 +0100
+Subject: [PATCH] conntrack: Fix potential array out of bounds access
+
+If the link target length exceeds 'sizeof(tmp)' bytes, readlink() will
+return 'sizeof(tmp)'. Using this value as index is illegal.
+
+Fixes: b031cd2102d9b ("conntrack: pretty-print the portid")
+Signed-off-by: Phil Sutter <phil@nwl.cc>
+(cherry picked from commit 3514a72f5a03ee7c6c268c31446b7a6994d4569d)
+---
+ src/conntrack.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/conntrack.c b/src/conntrack.c
+index 859a4835580b0..aa6323dfbd1b1 100644
+--- a/src/conntrack.c
+++ b/src/conntrack.c
+@@ -1769,7 +1769,7 @@ static char *portid2name(pid_t pid, uint32_t portid, unsigned long inode)
+ 			continue;
+ 
+ 		rl = readlink(procname, tmp, sizeof(tmp));
+-		if (rl <= 0 || rl > (ssize_t)sizeof(tmp))
+		if (rl <= 0 || rl >= (ssize_t)sizeof(tmp))
+ 			continue;
+ 
+ 		tmp[rl] = 0;
--- a/conntrack-tools.spec
+++ b/conntrack-tools.spec
@ -1,6 +1,6 @@
 Name:           conntrack-tools
 Version:        1.4.7
-Release:        2%{?dist}
+Release:        3%{?dist}
 Summary:        Manipulate netfilter connection tracking table and run High Availability
 License:        GPLv2
 URL:            http://conntrack-tools.netfilter.org/
@ -12,6 +12,7 @@ Patch01:        0001-build-conntrack-tools-requires-libnetfilter_conntrac.patch
 Patch02:        0002-build-don-t-suppress-various-warnings.patch
 Patch03:        0003-network-Fix-Wstrict-prototypes.patch
 Patch04:        0004-config-Fix-Wimplicit-function-declaration.patch
+Patch05:        0005-conntrack-Fix-potential-array-out-of-bounds-access.patch

 BuildRequires:  gcc
 BuildRequires:  libnfnetlink-devel >= 1.0.1, libnetfilter_conntrack-devel >= 1.0.9
@ -93,6 +94,9 @@ install -m 0644 %{SOURCE2} %{buildroot}%{_sysconfdir}/conntrackd/
 %systemd_postun conntrackd.service 

 %changelog
+* Thu Jun 20 2024 Phil Sutter <psutter@redhat.com> - 1.4.7-3
+- conntrack: Fix potential array out of bounds access
+
 * Wed Dec 14 2022 Phil Sutter <psutter@redhat.com> - 1.4.7-2
 - Explicitly depend on libnetfilter_conntrack-1.0.9