conntrack-tools-1.4.5-15.el9

- conntrack: fix compiler warnings
- src: fix strncpy -Wstringop-truncation warnings
- connntrack: Fix for memleak when parsing -j arg
- Drop pointless assignments
- Don't call exit() from signal handler
- read_config_yy: Drop extra argument from dlog() call
- helpers: ftp: Avoid ugly casts
- Fix potential buffer overrun in snprintf() calls
- cache: Fix features array allocation
- hash: Flush tables when destroying

Resolves: rhbz#2068443
This commit is contained in:
Phil Sutter 2022-08-15 10:44:05 +02:00
parent abca991623
commit 5ea39608de
11 changed files with 654 additions and 2 deletions

View File

@ -0,0 +1,29 @@
From 928268da2fc7e4c3ba393fceba9b38c230b7151e Mon Sep 17 00:00:00 2001
From: Phil Sutter <phil@nwl.cc>
Date: Thu, 24 Mar 2022 18:06:39 +0100
Subject: [PATCH] hash: Flush tables when destroying
This is cosmetics only, but stops valgrind from complaining about
definitely lost memory.
Signed-off-by: Phil Sutter <phil@nwl.cc>
(cherry picked from commit 9be65154696859d94dcdeb7347ba5cca3b8d48ba)
---
src/hash.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/hash.c b/src/hash.c
index fe6a047fcebe0..a0f240c21fa82 100644
--- a/src/hash.c
+++ b/src/hash.c
@@ -55,6 +55,7 @@ hashtable_create(int hashsize, int limit,
void hashtable_destroy(struct hashtable *h)
{
+ hashtable_flush(h);
free(h);
}
--
2.34.1

View File

@ -0,0 +1,37 @@
From 22c02399e51367b8ec1b2e66a4359ae5cd8db4ae Mon Sep 17 00:00:00 2001
From: Phil Sutter <phil@nwl.cc>
Date: Thu, 24 Mar 2022 18:07:51 +0100
Subject: [PATCH] cache: Fix features array allocation
struct cache::features is of type struct cache_feature **, allocate and
populate accordingly.
Fixes: ad31f852c3454 ("initial import of the conntrack daemon to Netfilter SVN")
Signed-off-by: Phil Sutter <phil@nwl.cc>
(cherry picked from commit 549f90d8a7847f201aa604a0cf7c24b73d4b5a56)
---
src/cache.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/cache.c b/src/cache.c
index 79a024f8b6bb0..9bc8d0f5bf34a 100644
--- a/src/cache.c
+++ b/src/cache.c
@@ -69,12 +69,12 @@ struct cache *cache_create(const char *name, enum cache_type type,
memcpy(c->feature_type, feature_type, sizeof(feature_type));
- c->features = malloc(sizeof(struct cache_feature) * j);
+ c->features = malloc(sizeof(struct cache_feature *) * j);
if (!c->features) {
free(c);
return NULL;
}
- memcpy(c->features, feature_array, sizeof(struct cache_feature) * j);
+ memcpy(c->features, feature_array, sizeof(struct cache_feature *) * j);
c->num_features = j;
c->extra_offset = size;
--
2.34.1

View File

@ -0,0 +1,50 @@
From a26eb6eba3f318271d3fbd52152ad43acfc15393 Mon Sep 17 00:00:00 2001
From: Phil Sutter <phil@nwl.cc>
Date: Thu, 24 Mar 2022 18:14:50 +0100
Subject: [PATCH] Fix potential buffer overrun in snprintf() calls
When consecutively printing into the same buffer at increasing offset,
reduce buffer size passed to snprintf() to not defeat its size checking.
Signed-off-by: Phil Sutter <phil@nwl.cc>
(cherry picked from commit 0e05989f3247e9aef0d96aafc144b2d853732891)
---
src/process.c | 2 +-
src/queue.c | 4 ++--
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/process.c b/src/process.c
index 3ddad5ffa7959..08598eeae84de 100644
--- a/src/process.c
+++ b/src/process.c
@@ -84,7 +84,7 @@ void fork_process_dump(int fd)
int size = 0;
list_for_each_entry(this, &process_list, head) {
- size += snprintf(buf+size, sizeof(buf),
+ size += snprintf(buf + size, sizeof(buf) - size,
"PID=%u type=%s\n",
this->pid,
this->type < CTD_PROC_MAX ?
diff --git a/src/queue.c b/src/queue.c
index 76425b18495b5..e94dc7c45d1fd 100644
--- a/src/queue.c
+++ b/src/queue.c
@@ -69,12 +69,12 @@ void queue_stats_show(int fd)
int size = 0;
char buf[512];
- size += snprintf(buf+size, sizeof(buf),
+ size += snprintf(buf + size, sizeof(buf) - size,
"allocated queue nodes:\t\t%12u\n\n",
qobjects_num);
list_for_each_entry(this, &queue_list, list) {
- size += snprintf(buf+size, sizeof(buf),
+ size += snprintf(buf + size, sizeof(buf) - size,
"queue %s:\n"
"current elements:\t\t%12u\n"
"maximum elements:\t\t%12u\n"
--
2.34.1

View File

@ -0,0 +1,55 @@
From 2c8cc74e2fbfbed8fad8e80513fc7a34674bb382 Mon Sep 17 00:00:00 2001
From: Phil Sutter <phil@nwl.cc>
Date: Thu, 24 Mar 2022 18:27:56 +0100
Subject: [PATCH] helpers: ftp: Avoid ugly casts
Coverity tool complains about accessing a local variable at non-zero
offset. Avoid this by using a helper union. This should silence the
checker, although the code is still probably not Big Endian-safe.
Signed-off-by: Phil Sutter <phil@nwl.cc>
(cherry picked from commit ff4e57e890a8628208a004587cd7a5ee955bb5fe)
---
src/helpers/ftp.c | 20 +++++++++-----------
1 file changed, 9 insertions(+), 11 deletions(-)
diff --git a/src/helpers/ftp.c b/src/helpers/ftp.c
index bd3f11788cc24..0694d38c6ea13 100644
--- a/src/helpers/ftp.c
+++ b/src/helpers/ftp.c
@@ -331,23 +331,21 @@ static int nf_nat_ftp_fmt_cmd(enum nf_ct_ftp_type type,
char *buffer, size_t buflen,
uint32_t addr, uint16_t port)
{
+ union {
+ unsigned char c[4];
+ uint32_t d;
+ } tmp;
+
+ tmp.d = addr;
switch (type) {
case NF_CT_FTP_PORT:
case NF_CT_FTP_PASV:
return snprintf(buffer, buflen, "%u,%u,%u,%u,%u,%u",
- ((unsigned char *)&addr)[0],
- ((unsigned char *)&addr)[1],
- ((unsigned char *)&addr)[2],
- ((unsigned char *)&addr)[3],
- port >> 8,
- port & 0xFF);
+ tmp.c[0], tmp.c[1], tmp.c[2], tmp.c[3],
+ port >> 8, port & 0xFF);
case NF_CT_FTP_EPRT:
return snprintf(buffer, buflen, "|1|%u.%u.%u.%u|%u|",
- ((unsigned char *)&addr)[0],
- ((unsigned char *)&addr)[1],
- ((unsigned char *)&addr)[2],
- ((unsigned char *)&addr)[3],
- port);
+ tmp.c[0], tmp.c[1], tmp.c[2], tmp.c[3], port);
case NF_CT_FTP_EPSV:
return snprintf(buffer, buflen, "|||%u|", port);
}
--
2.34.1

View File

@ -0,0 +1,30 @@
From 385a065550fba6afc9132df07b8ef9da40431c55 Mon Sep 17 00:00:00 2001
From: Phil Sutter <phil@nwl.cc>
Date: Thu, 24 Mar 2022 19:09:22 +0100
Subject: [PATCH] read_config_yy: Drop extra argument from dlog() call
False priority value was never printed.
Fixes: dfb88dae65fbd ("conntrackd: change scheduler and priority via configuration file")
Signed-off-by: Phil Sutter <phil@nwl.cc>
(cherry picked from commit f2fed05adbd05df23a063e0a9f2809399d924c64)
---
src/read_config_yy.y | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/read_config_yy.y b/src/read_config_yy.y
index 4311cd6c9a2f5..6aee67623953b 100644
--- a/src/read_config_yy.y
+++ b/src/read_config_yy.y
@@ -1042,7 +1042,7 @@ scheduler_line : T_PRIO T_NUMBER
{
conf.sched.prio = $2;
if (conf.sched.prio < 0 || conf.sched.prio > 99) {
- dlog(LOG_ERR, "`Priority' must be [0, 99]\n", $2);
+ dlog(LOG_ERR, "`Priority' must be [0, 99]\n");
exit(EXIT_FAILURE);
}
};
--
2.34.1

View File

@ -0,0 +1,30 @@
From 6441d719c562135db1a41ff34a28f9edf8caf0fb Mon Sep 17 00:00:00 2001
From: Phil Sutter <phil@nwl.cc>
Date: Fri, 25 Mar 2022 09:50:18 +0100
Subject: [PATCH] Don't call exit() from signal handler
Coverity tool complains that exit() is not signal-safe and therefore
should not be called from within a signal handler. Call _exit() instead.
Signed-off-by: Phil Sutter <phil@nwl.cc>
(cherry picked from commit 7e4d4abd47c6b9b2af745c0a4c8b5532c1886399)
---
src/run.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/run.c b/src/run.c
index f11a5327fe5e6..37a0eb1c6b957 100644
--- a/src/run.c
+++ b/src/run.c
@@ -67,7 +67,7 @@ void killer(int signo)
close_log();
sd_ct_stop();
- exit(0);
+ _exit(0);
}
static void child(int foo)
--
2.34.1

View File

@ -0,0 +1,43 @@
From addd3c1ab24b64e9569095bcf02378904444f744 Mon Sep 17 00:00:00 2001
From: Phil Sutter <phil@nwl.cc>
Date: Fri, 25 Mar 2022 10:15:13 +0100
Subject: [PATCH] Drop pointless assignments
These variables are not referred to after assigning within their scope
(or until they're overwritten).
Signed-off-by: Phil Sutter <phil@nwl.cc>
(cherry picked from commit 5ecb1226d73eb4f9407faa8d663d7038046d34c6)
---
src/helpers/ssdp.c | 1 -
src/main.c | 2 +-
2 files changed, 1 insertion(+), 2 deletions(-)
diff --git a/src/helpers/ssdp.c b/src/helpers/ssdp.c
index 58658e39d0a21..41a637a9ce720 100644
--- a/src/helpers/ssdp.c
+++ b/src/helpers/ssdp.c
@@ -259,7 +259,6 @@ static int find_hdr(const char *name, const uint8_t *data, int data_len,
data += i+2;
}
- data_len -= name_len;
data += name_len;
if (pos)
*pos = data;
diff --git a/src/main.c b/src/main.c
index 7062e12085f11..8c3fa1c943a96 100644
--- a/src/main.c
+++ b/src/main.c
@@ -320,7 +320,7 @@ int main(int argc, char *argv[])
umask(0177);
- if ((ret = init_config(config_file)) == -1) {
+ if (init_config(config_file) == -1) {
dlog(LOG_ERR, "can't open config file `%s'", config_file);
exit(EXIT_FAILURE);
}
--
2.34.1

View File

@ -0,0 +1,30 @@
From aff26dfeea91e70032bdc99bdf5bb5a194dd431d Mon Sep 17 00:00:00 2001
From: Phil Sutter <phil@nwl.cc>
Date: Fri, 25 Mar 2022 10:30:29 +0100
Subject: [PATCH] connntrack: Fix for memleak when parsing -j arg
Have to free the strings allocated by split_address_and_port().
Fixes: 29b390a212214 ("conntrack: Support IPv6 NAT")
Signed-off-by: Phil Sutter <phil@nwl.cc>
(cherry picked from commit 42cb292d6c9e8567db2e30e183b1bd31093700ad)
---
src/conntrack.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/conntrack.c b/src/conntrack.c
index 06f60e85fa1ed..eea5fd339c831 100644
--- a/src/conntrack.c
+++ b/src/conntrack.c
@@ -2432,6 +2432,8 @@ int main(int argc, char *argv[])
nfct_set_nat_details(c, tmpl.ct, &ad,
port_str, family);
}
+ free(port_str);
+ free(nat_address);
}
break;
case 'w':
--
2.34.1

View File

@ -0,0 +1,225 @@
From a045ef8abc1c81ac359103ac61841bae860d8960 Mon Sep 17 00:00:00 2001
From: "Jose M. Guisado Gomez" <guigom@riseup.net>
Date: Fri, 16 Aug 2019 11:25:11 +0200
Subject: [PATCH] src: fix strncpy -Wstringop-truncation warnings
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
-Wstringop-truncation warning was introduced in GCC-8 as truncation
checker for strncpy and strncat.
Systems using gcc version >= 8 would receive the following warnings:
read_config_yy.c: In function yyparse:
read_config_yy.y:1594:2: warning: strncpy specified bound 16 equals destination size [-Wstringop-truncation]
1594 | strncpy(policy->name, $2, CTD_HELPER_NAME_LEN);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
read_config_yy.y:1384:2: warning: strncpy specified bound 256 equals destination size [-Wstringop-truncation]
1384 | strncpy(conf.stats.logfile, $2, FILENAME_MAXLEN);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
read_config_yy.y:692:2: warning: strncpy specified bound 108 equals destination size [-Wstringop-truncation]
692 | strncpy(conf.local.path, $2, UNIX_PATH_MAX);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
read_config_yy.y:169:2: warning: strncpy specified bound 256 equals destination size [-Wstringop-truncation]
169 | strncpy(conf.lockfile, $2, FILENAME_MAXLEN);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
read_config_yy.y:119:2: warning: strncpy specified bound 256 equals destination size [-Wstringop-truncation]
119 | strncpy(conf.logfile, $2, FILENAME_MAXLEN);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
main.c: In function main:
main.c:168:5: warning: strncpy specified bound 4096 equals destination size [-Wstringop-truncation]
168 | strncpy(config_file, argv[i], PATH_MAX);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Fix the issue by checking for string length first. Also using
snprintf instead.
In addition, correct an off-by-one when warning about maximum config
file path length.
Signed-off-by: Jose M. Guisado Gomez <guigom@riseup.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
(cherry picked from commit f196de88cdd9764ddc2e4de737a960972d82fe9d)
---
include/conntrackd.h | 6 +++---
include/helper.h | 2 +-
include/local.h | 4 ++--
src/main.c | 7 +++----
src/read_config_yy.y | 39 +++++++++++++++++++++++++++++----------
5 files changed, 38 insertions(+), 20 deletions(-)
diff --git a/include/conntrackd.h b/include/conntrackd.h
index 81dff221e96de..fe9ec1854a7d2 100644
--- a/include/conntrackd.h
+++ b/include/conntrackd.h
@@ -85,9 +85,9 @@ union inet_address {
#define CONFIG(x) conf.x
struct ct_conf {
- char logfile[FILENAME_MAXLEN];
+ char logfile[FILENAME_MAXLEN + 1];
int syslog_facility;
- char lockfile[FILENAME_MAXLEN];
+ char lockfile[FILENAME_MAXLEN + 1];
int hashsize; /* hashtable size */
int channel_num;
int channel_default;
@@ -132,7 +132,7 @@ struct ct_conf {
int prio;
} sched;
struct {
- char logfile[FILENAME_MAXLEN];
+ char logfile[FILENAME_MAXLEN + 1];
int syslog_facility;
size_t buffer_size;
} stats;
diff --git a/include/helper.h b/include/helper.h
index 7353dfa9b2073..08d4cf4642802 100644
--- a/include/helper.h
+++ b/include/helper.h
@@ -13,7 +13,7 @@ struct pkt_buff;
#define CTD_HELPER_POLICY_MAX 4
struct ctd_helper_policy {
- char name[CTD_HELPER_NAME_LEN];
+ char name[CTD_HELPER_NAME_LEN + 1];
uint32_t expect_timeout;
uint32_t expect_max;
};
diff --git a/include/local.h b/include/local.h
index 22859d7ab60aa..9379446732eed 100644
--- a/include/local.h
+++ b/include/local.h
@@ -7,12 +7,12 @@
struct local_conf {
int reuseaddr;
- char path[UNIX_PATH_MAX];
+ char path[UNIX_PATH_MAX + 1];
};
struct local_server {
int fd;
- char path[UNIX_PATH_MAX];
+ char path[UNIX_PATH_MAX + 1];
};
/* callback return values */
diff --git a/src/main.c b/src/main.c
index 8c3fa1c943a96..de4773df8a204 100644
--- a/src/main.c
+++ b/src/main.c
@@ -120,8 +120,8 @@ do_chdir(const char *d)
int main(int argc, char *argv[])
{
+ char config_file[PATH_MAX + 1] = {};
int ret, i, action = -1;
- char config_file[PATH_MAX] = {};
int type = 0;
struct utsname u;
int version, major, minor;
@@ -165,13 +165,12 @@ int main(int argc, char *argv[])
break;
case 'C':
if (++i < argc) {
- strncpy(config_file, argv[i], PATH_MAX);
- if (strlen(argv[i]) >= PATH_MAX){
- config_file[PATH_MAX-1]='\0';
+ if (strlen(argv[i]) > PATH_MAX) {
dlog(LOG_WARNING, "Path to config file"
" to long. Cutting it down to %d"
" characters", PATH_MAX);
}
+ snprintf(config_file, PATH_MAX, "%s", argv[i]);
break;
}
show_usage(argv[0]);
diff --git a/src/read_config_yy.y b/src/read_config_yy.y
index 6aee67623953b..d963c494be1fc 100644
--- a/src/read_config_yy.y
+++ b/src/read_config_yy.y
@@ -116,7 +116,12 @@ logfile_bool : T_LOG T_OFF
logfile_path : T_LOG T_PATH_VAL
{
- strncpy(conf.logfile, $2, FILENAME_MAXLEN);
+ if (strlen($2) > FILENAME_MAXLEN) {
+ dlog(LOG_ERR, "LogFile path is longer than %u characters",
+ FILENAME_MAXLEN);
+ exit(EXIT_FAILURE);
+ }
+ snprintf(conf.logfile, FILENAME_MAXLEN, "%s", $2);
free($2);
};
@@ -166,7 +171,12 @@ syslog_facility : T_SYSLOG T_STRING
lock : T_LOCK T_PATH_VAL
{
- strncpy(conf.lockfile, $2, FILENAME_MAXLEN);
+ if (strlen($2) > FILENAME_MAXLEN) {
+ dlog(LOG_ERR, "LockFile path is longer than %u characters",
+ FILENAME_MAXLEN);
+ exit(EXIT_FAILURE);
+ }
+ snprintf(conf.lockfile, FILENAME_MAXLEN, "%s", $2);
free($2);
};
@@ -689,13 +699,13 @@ unix_options:
unix_option : T_PATH T_PATH_VAL
{
- strncpy(conf.local.path, $2, UNIX_PATH_MAX);
- free($2);
- if (conf.local.path[UNIX_PATH_MAX - 1]) {
- dlog(LOG_ERR, "UNIX Path is longer than %u characters",
- UNIX_PATH_MAX - 1);
+ if (strlen($2) > UNIX_PATH_MAX) {
+ dlog(LOG_ERR, "Path is longer than %u characters",
+ UNIX_PATH_MAX);
exit(EXIT_FAILURE);
}
+ snprintf(conf.local.path, UNIX_PATH_MAX, "%s", $2);
+ free($2);
};
unix_option : T_BACKLOG T_NUMBER
@@ -1381,7 +1391,12 @@ stat_logfile_bool : T_LOG T_OFF
stat_logfile_path : T_LOG T_PATH_VAL
{
- strncpy(conf.stats.logfile, $2, FILENAME_MAXLEN);
+ if (strlen($2) > FILENAME_MAXLEN) {
+ dlog(LOG_ERR, "stats LogFile path is longer than %u characters",
+ FILENAME_MAXLEN);
+ exit(EXIT_FAILURE);
+ }
+ snprintf(conf.stats.logfile, FILENAME_MAXLEN, "%s", $2);
free($2);
};
@@ -1589,11 +1604,15 @@ helper_type: T_HELPER_POLICY T_STRING '{' helper_policy_list '}'
exit(EXIT_FAILURE);
break;
}
+ if (strlen($2) > CTD_HELPER_NAME_LEN) {
+ dlog(LOG_ERR, "Helper Policy is longer than %u characters",
+ CTD_HELPER_NAME_LEN);
+ exit(EXIT_FAILURE);
+ }
policy = (struct ctd_helper_policy *) &e->data;
- strncpy(policy->name, $2, CTD_HELPER_NAME_LEN);
+ snprintf(policy->name, CTD_HELPER_NAME_LEN, "%s", $2);
free($2);
- policy->name[CTD_HELPER_NAME_LEN-1] = '\0';
/* Now object is complete. */
e->type = SYMBOL_HELPER_POLICY_EXPECT_ROOT;
stack_item_push(&symbol_stack, e);
--
2.34.1

View File

@ -0,0 +1,101 @@
From 6dda36aceaedf88b33e5a2cf216bbd3b047611a6 Mon Sep 17 00:00:00 2001
From: Florian Westphal <fw@strlen.de>
Date: Mon, 17 Jan 2022 16:42:52 +0100
Subject: [PATCH] conntrack: fix compiler warnings
.... those do not indicate bugs, but they are distracting.
'exp_filter_add' at filter.c:513:2:
__builtin_strncpy specified bound 16 equals destination size [-Wstringop-truncation]
This warning is because the size argument passed to strncpy() is
identical to buffer size, i.e. if hit the resulting string is not
0-terminated.
read_config_yy.y:1625: warning: '__builtin_snprintf' output may be truncated before the last format character [-Wformat-truncation=]
1625 | snprintf(policy->name, CTD_HELPER_NAME_LEN, "%s", $2);
read_config_yy.y:1399: warning: '__builtin_snprintf' output may be ...
1399 | snprintf(conf.stats.logfile, FILENAME_MAXLEN, "%s", $2);
read_config_yy.y:707: warning: '__builtin_snprintf' output may be ...
707 | snprintf(conf.local.path, UNIX_PATH_MAX, "%s", $2);
read_config_yy.y:179: warning: '__builtin_snprintf' output may be ...
179 | snprintf(conf.lockfile, FILENAME_MAXLEN, "%s", $2);
read_config_yy.y:124: warning: '__builtin_snprintf' output may be ...
124 | snprintf(conf.logfile, FILENAME_MAXLEN, "%s", $2);
... its because the _MAXLEN constants are one less than the output
buffer size, i.e. could use either .._MAXLEN + 1 or sizeof, this uses
sizeof().
Signed-off-by: Florian Westphal <fw@strlen.de>
(cherry picked from commit 5f15bb47bbcdb7581c80c5e488cd109450494ec2)
---
src/filter.c | 2 +-
src/read_config_yy.y | 10 +++++-----
2 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/src/filter.c b/src/filter.c
index 00a5e96ecc248..9f961b1fe5b1b 100644
--- a/src/filter.c
+++ b/src/filter.c
@@ -470,7 +470,7 @@ struct exp_filter *exp_filter_create(void)
struct exp_filter_item {
struct list_head head;
- char helper_name[NFCT_HELPER_NAME_MAX];
+ char helper_name[NFCT_HELPER_NAME_MAX + 1];
};
/* this is ugly, but it simplifies read_config_yy.y */
diff --git a/src/read_config_yy.y b/src/read_config_yy.y
index d963c494be1fc..401a1575014d0 100644
--- a/src/read_config_yy.y
+++ b/src/read_config_yy.y
@@ -121,7 +121,7 @@ logfile_path : T_LOG T_PATH_VAL
FILENAME_MAXLEN);
exit(EXIT_FAILURE);
}
- snprintf(conf.logfile, FILENAME_MAXLEN, "%s", $2);
+ snprintf(conf.logfile, sizeof(conf.logfile), "%s", $2);
free($2);
};
@@ -176,7 +176,7 @@ lock : T_LOCK T_PATH_VAL
FILENAME_MAXLEN);
exit(EXIT_FAILURE);
}
- snprintf(conf.lockfile, FILENAME_MAXLEN, "%s", $2);
+ snprintf(conf.lockfile, sizeof(conf.lockfile), "%s", $2);
free($2);
};
@@ -704,7 +704,7 @@ unix_option : T_PATH T_PATH_VAL
UNIX_PATH_MAX);
exit(EXIT_FAILURE);
}
- snprintf(conf.local.path, UNIX_PATH_MAX, "%s", $2);
+ snprintf(conf.local.path, sizeof(conf.local.path), "%s", $2);
free($2);
};
@@ -1396,7 +1396,7 @@ stat_logfile_path : T_LOG T_PATH_VAL
FILENAME_MAXLEN);
exit(EXIT_FAILURE);
}
- snprintf(conf.stats.logfile, FILENAME_MAXLEN, "%s", $2);
+ snprintf(conf.stats.logfile, sizeof(conf.stats.logfile), "%s", $2);
free($2);
};
@@ -1611,7 +1611,7 @@ helper_type: T_HELPER_POLICY T_STRING '{' helper_policy_list '}'
}
policy = (struct ctd_helper_policy *) &e->data;
- snprintf(policy->name, CTD_HELPER_NAME_LEN, "%s", $2);
+ snprintf(policy->name, sizeof(policy->name), "%s", $2);
free($2);
/* Now object is complete. */
e->type = SYMBOL_HELPER_POLICY_EXPECT_ROOT;
--
2.34.1

View File

@ -1,6 +1,6 @@
Name: conntrack-tools
Version: 1.4.5
Release: 14%{?dist}
Release: 15%{?dist}
Summary: Manipulate netfilter connection tracking table and run High Availability
License: GPLv2
URL: http://conntrack-tools.netfilter.org/
@ -16,6 +16,16 @@ Patch05: 0005-nfct-remove-lazy-binding.patch
Patch06: 0006-conntrackd-use-strncpy-to-unix-path.patch
Patch07: 0007-conntrackd-Use-strdup-in-lexer.patch
Patch08: 0008-conntrackd-use-correct-max-unix-path-length.patch
Patch09: 0009-hash-Flush-tables-when-destroying.patch
Patch10: 0010-cache-Fix-features-array-allocation.patch
Patch11: 0011-Fix-potential-buffer-overrun-in-snprintf-calls.patch
Patch12: 0012-helpers-ftp-Avoid-ugly-casts.patch
Patch13: 0013-read_config_yy-Drop-extra-argument-from-dlog-call.patch
Patch14: 0014-Don-t-call-exit-from-signal-handler.patch
Patch15: 0015-Drop-pointless-assignments.patch
Patch16: 0016-connntrack-Fix-for-memleak-when-parsing-j-arg.patch
Patch17: 0017-src-fix-strncpy-Wstringop-truncation-warnings.patch
Patch18: 0018-conntrack-fix-compiler-warnings.patch
BuildRequires: gcc
BuildRequires: libnfnetlink-devel >= 1.0.1, libnetfilter_conntrack-devel >= 1.0.7
@ -96,6 +106,18 @@ install -m 0644 %{SOURCE2} %{buildroot}%{_sysconfdir}/conntrackd/
%systemd_postun conntrackd.service
%changelog
* Mon Aug 15 2022 Phil Sutter <psutter@redhat.com> - 1.4.5-15
- conntrack: fix compiler warnings
- src: fix strncpy -Wstringop-truncation warnings
- connntrack: Fix for memleak when parsing -j arg
- Drop pointless assignments
- Don't call exit() from signal handler
- read_config_yy: Drop extra argument from dlog() call
- helpers: ftp: Avoid ugly casts
- Fix potential buffer overrun in snprintf() calls
- cache: Fix features array allocation
- hash: Flush tables when destroying
* Mon Mar 28 2022 Phil Sutter <psutter@redhat.com> - 1.4.5-14
- conntrackd: use correct max unix path length