conntrack-tools-1.4.5-15.el9
- conntrack: fix compiler warnings - src: fix strncpy -Wstringop-truncation warnings - connntrack: Fix for memleak when parsing -j arg - Drop pointless assignments - Don't call exit() from signal handler - read_config_yy: Drop extra argument from dlog() call - helpers: ftp: Avoid ugly casts - Fix potential buffer overrun in snprintf() calls - cache: Fix features array allocation - hash: Flush tables when destroying Resolves: rhbz#2068443
This commit is contained in:
parent
abca991623
commit
5ea39608de
29
0009-hash-Flush-tables-when-destroying.patch
Normal file
29
0009-hash-Flush-tables-when-destroying.patch
Normal file
@ -0,0 +1,29 @@
|
||||
From 928268da2fc7e4c3ba393fceba9b38c230b7151e Mon Sep 17 00:00:00 2001
|
||||
From: Phil Sutter <phil@nwl.cc>
|
||||
Date: Thu, 24 Mar 2022 18:06:39 +0100
|
||||
Subject: [PATCH] hash: Flush tables when destroying
|
||||
|
||||
This is cosmetics only, but stops valgrind from complaining about
|
||||
definitely lost memory.
|
||||
|
||||
Signed-off-by: Phil Sutter <phil@nwl.cc>
|
||||
(cherry picked from commit 9be65154696859d94dcdeb7347ba5cca3b8d48ba)
|
||||
---
|
||||
src/hash.c | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/src/hash.c b/src/hash.c
|
||||
index fe6a047fcebe0..a0f240c21fa82 100644
|
||||
--- a/src/hash.c
|
||||
+++ b/src/hash.c
|
||||
@@ -55,6 +55,7 @@ hashtable_create(int hashsize, int limit,
|
||||
|
||||
void hashtable_destroy(struct hashtable *h)
|
||||
{
|
||||
+ hashtable_flush(h);
|
||||
free(h);
|
||||
}
|
||||
|
||||
--
|
||||
2.34.1
|
||||
|
37
0010-cache-Fix-features-array-allocation.patch
Normal file
37
0010-cache-Fix-features-array-allocation.patch
Normal file
@ -0,0 +1,37 @@
|
||||
From 22c02399e51367b8ec1b2e66a4359ae5cd8db4ae Mon Sep 17 00:00:00 2001
|
||||
From: Phil Sutter <phil@nwl.cc>
|
||||
Date: Thu, 24 Mar 2022 18:07:51 +0100
|
||||
Subject: [PATCH] cache: Fix features array allocation
|
||||
|
||||
struct cache::features is of type struct cache_feature **, allocate and
|
||||
populate accordingly.
|
||||
|
||||
Fixes: ad31f852c3454 ("initial import of the conntrack daemon to Netfilter SVN")
|
||||
Signed-off-by: Phil Sutter <phil@nwl.cc>
|
||||
(cherry picked from commit 549f90d8a7847f201aa604a0cf7c24b73d4b5a56)
|
||||
---
|
||||
src/cache.c | 4 ++--
|
||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/src/cache.c b/src/cache.c
|
||||
index 79a024f8b6bb0..9bc8d0f5bf34a 100644
|
||||
--- a/src/cache.c
|
||||
+++ b/src/cache.c
|
||||
@@ -69,12 +69,12 @@ struct cache *cache_create(const char *name, enum cache_type type,
|
||||
|
||||
memcpy(c->feature_type, feature_type, sizeof(feature_type));
|
||||
|
||||
- c->features = malloc(sizeof(struct cache_feature) * j);
|
||||
+ c->features = malloc(sizeof(struct cache_feature *) * j);
|
||||
if (!c->features) {
|
||||
free(c);
|
||||
return NULL;
|
||||
}
|
||||
- memcpy(c->features, feature_array, sizeof(struct cache_feature) * j);
|
||||
+ memcpy(c->features, feature_array, sizeof(struct cache_feature *) * j);
|
||||
c->num_features = j;
|
||||
|
||||
c->extra_offset = size;
|
||||
--
|
||||
2.34.1
|
||||
|
50
0011-Fix-potential-buffer-overrun-in-snprintf-calls.patch
Normal file
50
0011-Fix-potential-buffer-overrun-in-snprintf-calls.patch
Normal file
@ -0,0 +1,50 @@
|
||||
From a26eb6eba3f318271d3fbd52152ad43acfc15393 Mon Sep 17 00:00:00 2001
|
||||
From: Phil Sutter <phil@nwl.cc>
|
||||
Date: Thu, 24 Mar 2022 18:14:50 +0100
|
||||
Subject: [PATCH] Fix potential buffer overrun in snprintf() calls
|
||||
|
||||
When consecutively printing into the same buffer at increasing offset,
|
||||
reduce buffer size passed to snprintf() to not defeat its size checking.
|
||||
|
||||
Signed-off-by: Phil Sutter <phil@nwl.cc>
|
||||
(cherry picked from commit 0e05989f3247e9aef0d96aafc144b2d853732891)
|
||||
---
|
||||
src/process.c | 2 +-
|
||||
src/queue.c | 4 ++--
|
||||
2 files changed, 3 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/src/process.c b/src/process.c
|
||||
index 3ddad5ffa7959..08598eeae84de 100644
|
||||
--- a/src/process.c
|
||||
+++ b/src/process.c
|
||||
@@ -84,7 +84,7 @@ void fork_process_dump(int fd)
|
||||
int size = 0;
|
||||
|
||||
list_for_each_entry(this, &process_list, head) {
|
||||
- size += snprintf(buf+size, sizeof(buf),
|
||||
+ size += snprintf(buf + size, sizeof(buf) - size,
|
||||
"PID=%u type=%s\n",
|
||||
this->pid,
|
||||
this->type < CTD_PROC_MAX ?
|
||||
diff --git a/src/queue.c b/src/queue.c
|
||||
index 76425b18495b5..e94dc7c45d1fd 100644
|
||||
--- a/src/queue.c
|
||||
+++ b/src/queue.c
|
||||
@@ -69,12 +69,12 @@ void queue_stats_show(int fd)
|
||||
int size = 0;
|
||||
char buf[512];
|
||||
|
||||
- size += snprintf(buf+size, sizeof(buf),
|
||||
+ size += snprintf(buf + size, sizeof(buf) - size,
|
||||
"allocated queue nodes:\t\t%12u\n\n",
|
||||
qobjects_num);
|
||||
|
||||
list_for_each_entry(this, &queue_list, list) {
|
||||
- size += snprintf(buf+size, sizeof(buf),
|
||||
+ size += snprintf(buf + size, sizeof(buf) - size,
|
||||
"queue %s:\n"
|
||||
"current elements:\t\t%12u\n"
|
||||
"maximum elements:\t\t%12u\n"
|
||||
--
|
||||
2.34.1
|
||||
|
55
0012-helpers-ftp-Avoid-ugly-casts.patch
Normal file
55
0012-helpers-ftp-Avoid-ugly-casts.patch
Normal file
@ -0,0 +1,55 @@
|
||||
From 2c8cc74e2fbfbed8fad8e80513fc7a34674bb382 Mon Sep 17 00:00:00 2001
|
||||
From: Phil Sutter <phil@nwl.cc>
|
||||
Date: Thu, 24 Mar 2022 18:27:56 +0100
|
||||
Subject: [PATCH] helpers: ftp: Avoid ugly casts
|
||||
|
||||
Coverity tool complains about accessing a local variable at non-zero
|
||||
offset. Avoid this by using a helper union. This should silence the
|
||||
checker, although the code is still probably not Big Endian-safe.
|
||||
|
||||
Signed-off-by: Phil Sutter <phil@nwl.cc>
|
||||
(cherry picked from commit ff4e57e890a8628208a004587cd7a5ee955bb5fe)
|
||||
---
|
||||
src/helpers/ftp.c | 20 +++++++++-----------
|
||||
1 file changed, 9 insertions(+), 11 deletions(-)
|
||||
|
||||
diff --git a/src/helpers/ftp.c b/src/helpers/ftp.c
|
||||
index bd3f11788cc24..0694d38c6ea13 100644
|
||||
--- a/src/helpers/ftp.c
|
||||
+++ b/src/helpers/ftp.c
|
||||
@@ -331,23 +331,21 @@ static int nf_nat_ftp_fmt_cmd(enum nf_ct_ftp_type type,
|
||||
char *buffer, size_t buflen,
|
||||
uint32_t addr, uint16_t port)
|
||||
{
|
||||
+ union {
|
||||
+ unsigned char c[4];
|
||||
+ uint32_t d;
|
||||
+ } tmp;
|
||||
+
|
||||
+ tmp.d = addr;
|
||||
switch (type) {
|
||||
case NF_CT_FTP_PORT:
|
||||
case NF_CT_FTP_PASV:
|
||||
return snprintf(buffer, buflen, "%u,%u,%u,%u,%u,%u",
|
||||
- ((unsigned char *)&addr)[0],
|
||||
- ((unsigned char *)&addr)[1],
|
||||
- ((unsigned char *)&addr)[2],
|
||||
- ((unsigned char *)&addr)[3],
|
||||
- port >> 8,
|
||||
- port & 0xFF);
|
||||
+ tmp.c[0], tmp.c[1], tmp.c[2], tmp.c[3],
|
||||
+ port >> 8, port & 0xFF);
|
||||
case NF_CT_FTP_EPRT:
|
||||
return snprintf(buffer, buflen, "|1|%u.%u.%u.%u|%u|",
|
||||
- ((unsigned char *)&addr)[0],
|
||||
- ((unsigned char *)&addr)[1],
|
||||
- ((unsigned char *)&addr)[2],
|
||||
- ((unsigned char *)&addr)[3],
|
||||
- port);
|
||||
+ tmp.c[0], tmp.c[1], tmp.c[2], tmp.c[3], port);
|
||||
case NF_CT_FTP_EPSV:
|
||||
return snprintf(buffer, buflen, "|||%u|", port);
|
||||
}
|
||||
--
|
||||
2.34.1
|
||||
|
30
0013-read_config_yy-Drop-extra-argument-from-dlog-call.patch
Normal file
30
0013-read_config_yy-Drop-extra-argument-from-dlog-call.patch
Normal file
@ -0,0 +1,30 @@
|
||||
From 385a065550fba6afc9132df07b8ef9da40431c55 Mon Sep 17 00:00:00 2001
|
||||
From: Phil Sutter <phil@nwl.cc>
|
||||
Date: Thu, 24 Mar 2022 19:09:22 +0100
|
||||
Subject: [PATCH] read_config_yy: Drop extra argument from dlog() call
|
||||
|
||||
False priority value was never printed.
|
||||
|
||||
Fixes: dfb88dae65fbd ("conntrackd: change scheduler and priority via configuration file")
|
||||
Signed-off-by: Phil Sutter <phil@nwl.cc>
|
||||
(cherry picked from commit f2fed05adbd05df23a063e0a9f2809399d924c64)
|
||||
---
|
||||
src/read_config_yy.y | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/read_config_yy.y b/src/read_config_yy.y
|
||||
index 4311cd6c9a2f5..6aee67623953b 100644
|
||||
--- a/src/read_config_yy.y
|
||||
+++ b/src/read_config_yy.y
|
||||
@@ -1042,7 +1042,7 @@ scheduler_line : T_PRIO T_NUMBER
|
||||
{
|
||||
conf.sched.prio = $2;
|
||||
if (conf.sched.prio < 0 || conf.sched.prio > 99) {
|
||||
- dlog(LOG_ERR, "`Priority' must be [0, 99]\n", $2);
|
||||
+ dlog(LOG_ERR, "`Priority' must be [0, 99]\n");
|
||||
exit(EXIT_FAILURE);
|
||||
}
|
||||
};
|
||||
--
|
||||
2.34.1
|
||||
|
30
0014-Don-t-call-exit-from-signal-handler.patch
Normal file
30
0014-Don-t-call-exit-from-signal-handler.patch
Normal file
@ -0,0 +1,30 @@
|
||||
From 6441d719c562135db1a41ff34a28f9edf8caf0fb Mon Sep 17 00:00:00 2001
|
||||
From: Phil Sutter <phil@nwl.cc>
|
||||
Date: Fri, 25 Mar 2022 09:50:18 +0100
|
||||
Subject: [PATCH] Don't call exit() from signal handler
|
||||
|
||||
Coverity tool complains that exit() is not signal-safe and therefore
|
||||
should not be called from within a signal handler. Call _exit() instead.
|
||||
|
||||
Signed-off-by: Phil Sutter <phil@nwl.cc>
|
||||
(cherry picked from commit 7e4d4abd47c6b9b2af745c0a4c8b5532c1886399)
|
||||
---
|
||||
src/run.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/run.c b/src/run.c
|
||||
index f11a5327fe5e6..37a0eb1c6b957 100644
|
||||
--- a/src/run.c
|
||||
+++ b/src/run.c
|
||||
@@ -67,7 +67,7 @@ void killer(int signo)
|
||||
close_log();
|
||||
|
||||
sd_ct_stop();
|
||||
- exit(0);
|
||||
+ _exit(0);
|
||||
}
|
||||
|
||||
static void child(int foo)
|
||||
--
|
||||
2.34.1
|
||||
|
43
0015-Drop-pointless-assignments.patch
Normal file
43
0015-Drop-pointless-assignments.patch
Normal file
@ -0,0 +1,43 @@
|
||||
From addd3c1ab24b64e9569095bcf02378904444f744 Mon Sep 17 00:00:00 2001
|
||||
From: Phil Sutter <phil@nwl.cc>
|
||||
Date: Fri, 25 Mar 2022 10:15:13 +0100
|
||||
Subject: [PATCH] Drop pointless assignments
|
||||
|
||||
These variables are not referred to after assigning within their scope
|
||||
(or until they're overwritten).
|
||||
|
||||
Signed-off-by: Phil Sutter <phil@nwl.cc>
|
||||
(cherry picked from commit 5ecb1226d73eb4f9407faa8d663d7038046d34c6)
|
||||
---
|
||||
src/helpers/ssdp.c | 1 -
|
||||
src/main.c | 2 +-
|
||||
2 files changed, 1 insertion(+), 2 deletions(-)
|
||||
|
||||
diff --git a/src/helpers/ssdp.c b/src/helpers/ssdp.c
|
||||
index 58658e39d0a21..41a637a9ce720 100644
|
||||
--- a/src/helpers/ssdp.c
|
||||
+++ b/src/helpers/ssdp.c
|
||||
@@ -259,7 +259,6 @@ static int find_hdr(const char *name, const uint8_t *data, int data_len,
|
||||
data += i+2;
|
||||
}
|
||||
|
||||
- data_len -= name_len;
|
||||
data += name_len;
|
||||
if (pos)
|
||||
*pos = data;
|
||||
diff --git a/src/main.c b/src/main.c
|
||||
index 7062e12085f11..8c3fa1c943a96 100644
|
||||
--- a/src/main.c
|
||||
+++ b/src/main.c
|
||||
@@ -320,7 +320,7 @@ int main(int argc, char *argv[])
|
||||
|
||||
umask(0177);
|
||||
|
||||
- if ((ret = init_config(config_file)) == -1) {
|
||||
+ if (init_config(config_file) == -1) {
|
||||
dlog(LOG_ERR, "can't open config file `%s'", config_file);
|
||||
exit(EXIT_FAILURE);
|
||||
}
|
||||
--
|
||||
2.34.1
|
||||
|
30
0016-connntrack-Fix-for-memleak-when-parsing-j-arg.patch
Normal file
30
0016-connntrack-Fix-for-memleak-when-parsing-j-arg.patch
Normal file
@ -0,0 +1,30 @@
|
||||
From aff26dfeea91e70032bdc99bdf5bb5a194dd431d Mon Sep 17 00:00:00 2001
|
||||
From: Phil Sutter <phil@nwl.cc>
|
||||
Date: Fri, 25 Mar 2022 10:30:29 +0100
|
||||
Subject: [PATCH] connntrack: Fix for memleak when parsing -j arg
|
||||
|
||||
Have to free the strings allocated by split_address_and_port().
|
||||
|
||||
Fixes: 29b390a212214 ("conntrack: Support IPv6 NAT")
|
||||
Signed-off-by: Phil Sutter <phil@nwl.cc>
|
||||
(cherry picked from commit 42cb292d6c9e8567db2e30e183b1bd31093700ad)
|
||||
---
|
||||
src/conntrack.c | 2 ++
|
||||
1 file changed, 2 insertions(+)
|
||||
|
||||
diff --git a/src/conntrack.c b/src/conntrack.c
|
||||
index 06f60e85fa1ed..eea5fd339c831 100644
|
||||
--- a/src/conntrack.c
|
||||
+++ b/src/conntrack.c
|
||||
@@ -2432,6 +2432,8 @@ int main(int argc, char *argv[])
|
||||
nfct_set_nat_details(c, tmpl.ct, &ad,
|
||||
port_str, family);
|
||||
}
|
||||
+ free(port_str);
|
||||
+ free(nat_address);
|
||||
}
|
||||
break;
|
||||
case 'w':
|
||||
--
|
||||
2.34.1
|
||||
|
225
0017-src-fix-strncpy-Wstringop-truncation-warnings.patch
Normal file
225
0017-src-fix-strncpy-Wstringop-truncation-warnings.patch
Normal file
@ -0,0 +1,225 @@
|
||||
From a045ef8abc1c81ac359103ac61841bae860d8960 Mon Sep 17 00:00:00 2001
|
||||
From: "Jose M. Guisado Gomez" <guigom@riseup.net>
|
||||
Date: Fri, 16 Aug 2019 11:25:11 +0200
|
||||
Subject: [PATCH] src: fix strncpy -Wstringop-truncation warnings
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
-Wstringop-truncation warning was introduced in GCC-8 as truncation
|
||||
checker for strncpy and strncat.
|
||||
|
||||
Systems using gcc version >= 8 would receive the following warnings:
|
||||
|
||||
read_config_yy.c: In function ‘yyparse’:
|
||||
read_config_yy.y:1594:2: warning: ‘strncpy’ specified bound 16 equals destination size [-Wstringop-truncation]
|
||||
1594 | strncpy(policy->name, $2, CTD_HELPER_NAME_LEN);
|
||||
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
read_config_yy.y:1384:2: warning: ‘strncpy’ specified bound 256 equals destination size [-Wstringop-truncation]
|
||||
1384 | strncpy(conf.stats.logfile, $2, FILENAME_MAXLEN);
|
||||
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
read_config_yy.y:692:2: warning: ‘strncpy’ specified bound 108 equals destination size [-Wstringop-truncation]
|
||||
692 | strncpy(conf.local.path, $2, UNIX_PATH_MAX);
|
||||
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
read_config_yy.y:169:2: warning: ‘strncpy’ specified bound 256 equals destination size [-Wstringop-truncation]
|
||||
169 | strncpy(conf.lockfile, $2, FILENAME_MAXLEN);
|
||||
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
read_config_yy.y:119:2: warning: ‘strncpy’ specified bound 256 equals destination size [-Wstringop-truncation]
|
||||
119 | strncpy(conf.logfile, $2, FILENAME_MAXLEN);
|
||||
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
main.c: In function ‘main’:
|
||||
main.c:168:5: warning: ‘strncpy’ specified bound 4096 equals destination size [-Wstringop-truncation]
|
||||
168 | strncpy(config_file, argv[i], PATH_MAX);
|
||||
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
Fix the issue by checking for string length first. Also using
|
||||
snprintf instead.
|
||||
|
||||
In addition, correct an off-by-one when warning about maximum config
|
||||
file path length.
|
||||
|
||||
Signed-off-by: Jose M. Guisado Gomez <guigom@riseup.net>
|
||||
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||
(cherry picked from commit f196de88cdd9764ddc2e4de737a960972d82fe9d)
|
||||
---
|
||||
include/conntrackd.h | 6 +++---
|
||||
include/helper.h | 2 +-
|
||||
include/local.h | 4 ++--
|
||||
src/main.c | 7 +++----
|
||||
src/read_config_yy.y | 39 +++++++++++++++++++++++++++++----------
|
||||
5 files changed, 38 insertions(+), 20 deletions(-)
|
||||
|
||||
diff --git a/include/conntrackd.h b/include/conntrackd.h
|
||||
index 81dff221e96de..fe9ec1854a7d2 100644
|
||||
--- a/include/conntrackd.h
|
||||
+++ b/include/conntrackd.h
|
||||
@@ -85,9 +85,9 @@ union inet_address {
|
||||
#define CONFIG(x) conf.x
|
||||
|
||||
struct ct_conf {
|
||||
- char logfile[FILENAME_MAXLEN];
|
||||
+ char logfile[FILENAME_MAXLEN + 1];
|
||||
int syslog_facility;
|
||||
- char lockfile[FILENAME_MAXLEN];
|
||||
+ char lockfile[FILENAME_MAXLEN + 1];
|
||||
int hashsize; /* hashtable size */
|
||||
int channel_num;
|
||||
int channel_default;
|
||||
@@ -132,7 +132,7 @@ struct ct_conf {
|
||||
int prio;
|
||||
} sched;
|
||||
struct {
|
||||
- char logfile[FILENAME_MAXLEN];
|
||||
+ char logfile[FILENAME_MAXLEN + 1];
|
||||
int syslog_facility;
|
||||
size_t buffer_size;
|
||||
} stats;
|
||||
diff --git a/include/helper.h b/include/helper.h
|
||||
index 7353dfa9b2073..08d4cf4642802 100644
|
||||
--- a/include/helper.h
|
||||
+++ b/include/helper.h
|
||||
@@ -13,7 +13,7 @@ struct pkt_buff;
|
||||
#define CTD_HELPER_POLICY_MAX 4
|
||||
|
||||
struct ctd_helper_policy {
|
||||
- char name[CTD_HELPER_NAME_LEN];
|
||||
+ char name[CTD_HELPER_NAME_LEN + 1];
|
||||
uint32_t expect_timeout;
|
||||
uint32_t expect_max;
|
||||
};
|
||||
diff --git a/include/local.h b/include/local.h
|
||||
index 22859d7ab60aa..9379446732eed 100644
|
||||
--- a/include/local.h
|
||||
+++ b/include/local.h
|
||||
@@ -7,12 +7,12 @@
|
||||
|
||||
struct local_conf {
|
||||
int reuseaddr;
|
||||
- char path[UNIX_PATH_MAX];
|
||||
+ char path[UNIX_PATH_MAX + 1];
|
||||
};
|
||||
|
||||
struct local_server {
|
||||
int fd;
|
||||
- char path[UNIX_PATH_MAX];
|
||||
+ char path[UNIX_PATH_MAX + 1];
|
||||
};
|
||||
|
||||
/* callback return values */
|
||||
diff --git a/src/main.c b/src/main.c
|
||||
index 8c3fa1c943a96..de4773df8a204 100644
|
||||
--- a/src/main.c
|
||||
+++ b/src/main.c
|
||||
@@ -120,8 +120,8 @@ do_chdir(const char *d)
|
||||
|
||||
int main(int argc, char *argv[])
|
||||
{
|
||||
+ char config_file[PATH_MAX + 1] = {};
|
||||
int ret, i, action = -1;
|
||||
- char config_file[PATH_MAX] = {};
|
||||
int type = 0;
|
||||
struct utsname u;
|
||||
int version, major, minor;
|
||||
@@ -165,13 +165,12 @@ int main(int argc, char *argv[])
|
||||
break;
|
||||
case 'C':
|
||||
if (++i < argc) {
|
||||
- strncpy(config_file, argv[i], PATH_MAX);
|
||||
- if (strlen(argv[i]) >= PATH_MAX){
|
||||
- config_file[PATH_MAX-1]='\0';
|
||||
+ if (strlen(argv[i]) > PATH_MAX) {
|
||||
dlog(LOG_WARNING, "Path to config file"
|
||||
" to long. Cutting it down to %d"
|
||||
" characters", PATH_MAX);
|
||||
}
|
||||
+ snprintf(config_file, PATH_MAX, "%s", argv[i]);
|
||||
break;
|
||||
}
|
||||
show_usage(argv[0]);
|
||||
diff --git a/src/read_config_yy.y b/src/read_config_yy.y
|
||||
index 6aee67623953b..d963c494be1fc 100644
|
||||
--- a/src/read_config_yy.y
|
||||
+++ b/src/read_config_yy.y
|
||||
@@ -116,7 +116,12 @@ logfile_bool : T_LOG T_OFF
|
||||
|
||||
logfile_path : T_LOG T_PATH_VAL
|
||||
{
|
||||
- strncpy(conf.logfile, $2, FILENAME_MAXLEN);
|
||||
+ if (strlen($2) > FILENAME_MAXLEN) {
|
||||
+ dlog(LOG_ERR, "LogFile path is longer than %u characters",
|
||||
+ FILENAME_MAXLEN);
|
||||
+ exit(EXIT_FAILURE);
|
||||
+ }
|
||||
+ snprintf(conf.logfile, FILENAME_MAXLEN, "%s", $2);
|
||||
free($2);
|
||||
};
|
||||
|
||||
@@ -166,7 +171,12 @@ syslog_facility : T_SYSLOG T_STRING
|
||||
|
||||
lock : T_LOCK T_PATH_VAL
|
||||
{
|
||||
- strncpy(conf.lockfile, $2, FILENAME_MAXLEN);
|
||||
+ if (strlen($2) > FILENAME_MAXLEN) {
|
||||
+ dlog(LOG_ERR, "LockFile path is longer than %u characters",
|
||||
+ FILENAME_MAXLEN);
|
||||
+ exit(EXIT_FAILURE);
|
||||
+ }
|
||||
+ snprintf(conf.lockfile, FILENAME_MAXLEN, "%s", $2);
|
||||
free($2);
|
||||
};
|
||||
|
||||
@@ -689,13 +699,13 @@ unix_options:
|
||||
|
||||
unix_option : T_PATH T_PATH_VAL
|
||||
{
|
||||
- strncpy(conf.local.path, $2, UNIX_PATH_MAX);
|
||||
- free($2);
|
||||
- if (conf.local.path[UNIX_PATH_MAX - 1]) {
|
||||
- dlog(LOG_ERR, "UNIX Path is longer than %u characters",
|
||||
- UNIX_PATH_MAX - 1);
|
||||
+ if (strlen($2) > UNIX_PATH_MAX) {
|
||||
+ dlog(LOG_ERR, "Path is longer than %u characters",
|
||||
+ UNIX_PATH_MAX);
|
||||
exit(EXIT_FAILURE);
|
||||
}
|
||||
+ snprintf(conf.local.path, UNIX_PATH_MAX, "%s", $2);
|
||||
+ free($2);
|
||||
};
|
||||
|
||||
unix_option : T_BACKLOG T_NUMBER
|
||||
@@ -1381,7 +1391,12 @@ stat_logfile_bool : T_LOG T_OFF
|
||||
|
||||
stat_logfile_path : T_LOG T_PATH_VAL
|
||||
{
|
||||
- strncpy(conf.stats.logfile, $2, FILENAME_MAXLEN);
|
||||
+ if (strlen($2) > FILENAME_MAXLEN) {
|
||||
+ dlog(LOG_ERR, "stats LogFile path is longer than %u characters",
|
||||
+ FILENAME_MAXLEN);
|
||||
+ exit(EXIT_FAILURE);
|
||||
+ }
|
||||
+ snprintf(conf.stats.logfile, FILENAME_MAXLEN, "%s", $2);
|
||||
free($2);
|
||||
};
|
||||
|
||||
@@ -1589,11 +1604,15 @@ helper_type: T_HELPER_POLICY T_STRING '{' helper_policy_list '}'
|
||||
exit(EXIT_FAILURE);
|
||||
break;
|
||||
}
|
||||
+ if (strlen($2) > CTD_HELPER_NAME_LEN) {
|
||||
+ dlog(LOG_ERR, "Helper Policy is longer than %u characters",
|
||||
+ CTD_HELPER_NAME_LEN);
|
||||
+ exit(EXIT_FAILURE);
|
||||
+ }
|
||||
|
||||
policy = (struct ctd_helper_policy *) &e->data;
|
||||
- strncpy(policy->name, $2, CTD_HELPER_NAME_LEN);
|
||||
+ snprintf(policy->name, CTD_HELPER_NAME_LEN, "%s", $2);
|
||||
free($2);
|
||||
- policy->name[CTD_HELPER_NAME_LEN-1] = '\0';
|
||||
/* Now object is complete. */
|
||||
e->type = SYMBOL_HELPER_POLICY_EXPECT_ROOT;
|
||||
stack_item_push(&symbol_stack, e);
|
||||
--
|
||||
2.34.1
|
||||
|
101
0018-conntrack-fix-compiler-warnings.patch
Normal file
101
0018-conntrack-fix-compiler-warnings.patch
Normal file
@ -0,0 +1,101 @@
|
||||
From 6dda36aceaedf88b33e5a2cf216bbd3b047611a6 Mon Sep 17 00:00:00 2001
|
||||
From: Florian Westphal <fw@strlen.de>
|
||||
Date: Mon, 17 Jan 2022 16:42:52 +0100
|
||||
Subject: [PATCH] conntrack: fix compiler warnings
|
||||
|
||||
.... those do not indicate bugs, but they are distracting.
|
||||
|
||||
'exp_filter_add' at filter.c:513:2:
|
||||
__builtin_strncpy specified bound 16 equals destination size [-Wstringop-truncation]
|
||||
|
||||
This warning is because the size argument passed to strncpy() is
|
||||
identical to buffer size, i.e. if hit the resulting string is not
|
||||
0-terminated.
|
||||
|
||||
read_config_yy.y:1625: warning: '__builtin_snprintf' output may be truncated before the last format character [-Wformat-truncation=]
|
||||
1625 | snprintf(policy->name, CTD_HELPER_NAME_LEN, "%s", $2);
|
||||
read_config_yy.y:1399: warning: '__builtin_snprintf' output may be ...
|
||||
1399 | snprintf(conf.stats.logfile, FILENAME_MAXLEN, "%s", $2);
|
||||
read_config_yy.y:707: warning: '__builtin_snprintf' output may be ...
|
||||
707 | snprintf(conf.local.path, UNIX_PATH_MAX, "%s", $2);
|
||||
read_config_yy.y:179: warning: '__builtin_snprintf' output may be ...
|
||||
179 | snprintf(conf.lockfile, FILENAME_MAXLEN, "%s", $2);
|
||||
read_config_yy.y:124: warning: '__builtin_snprintf' output may be ...
|
||||
124 | snprintf(conf.logfile, FILENAME_MAXLEN, "%s", $2);
|
||||
|
||||
... its because the _MAXLEN constants are one less than the output
|
||||
buffer size, i.e. could use either .._MAXLEN + 1 or sizeof, this uses
|
||||
sizeof().
|
||||
|
||||
Signed-off-by: Florian Westphal <fw@strlen.de>
|
||||
(cherry picked from commit 5f15bb47bbcdb7581c80c5e488cd109450494ec2)
|
||||
---
|
||||
src/filter.c | 2 +-
|
||||
src/read_config_yy.y | 10 +++++-----
|
||||
2 files changed, 6 insertions(+), 6 deletions(-)
|
||||
|
||||
diff --git a/src/filter.c b/src/filter.c
|
||||
index 00a5e96ecc248..9f961b1fe5b1b 100644
|
||||
--- a/src/filter.c
|
||||
+++ b/src/filter.c
|
||||
@@ -470,7 +470,7 @@ struct exp_filter *exp_filter_create(void)
|
||||
|
||||
struct exp_filter_item {
|
||||
struct list_head head;
|
||||
- char helper_name[NFCT_HELPER_NAME_MAX];
|
||||
+ char helper_name[NFCT_HELPER_NAME_MAX + 1];
|
||||
};
|
||||
|
||||
/* this is ugly, but it simplifies read_config_yy.y */
|
||||
diff --git a/src/read_config_yy.y b/src/read_config_yy.y
|
||||
index d963c494be1fc..401a1575014d0 100644
|
||||
--- a/src/read_config_yy.y
|
||||
+++ b/src/read_config_yy.y
|
||||
@@ -121,7 +121,7 @@ logfile_path : T_LOG T_PATH_VAL
|
||||
FILENAME_MAXLEN);
|
||||
exit(EXIT_FAILURE);
|
||||
}
|
||||
- snprintf(conf.logfile, FILENAME_MAXLEN, "%s", $2);
|
||||
+ snprintf(conf.logfile, sizeof(conf.logfile), "%s", $2);
|
||||
free($2);
|
||||
};
|
||||
|
||||
@@ -176,7 +176,7 @@ lock : T_LOCK T_PATH_VAL
|
||||
FILENAME_MAXLEN);
|
||||
exit(EXIT_FAILURE);
|
||||
}
|
||||
- snprintf(conf.lockfile, FILENAME_MAXLEN, "%s", $2);
|
||||
+ snprintf(conf.lockfile, sizeof(conf.lockfile), "%s", $2);
|
||||
free($2);
|
||||
};
|
||||
|
||||
@@ -704,7 +704,7 @@ unix_option : T_PATH T_PATH_VAL
|
||||
UNIX_PATH_MAX);
|
||||
exit(EXIT_FAILURE);
|
||||
}
|
||||
- snprintf(conf.local.path, UNIX_PATH_MAX, "%s", $2);
|
||||
+ snprintf(conf.local.path, sizeof(conf.local.path), "%s", $2);
|
||||
free($2);
|
||||
};
|
||||
|
||||
@@ -1396,7 +1396,7 @@ stat_logfile_path : T_LOG T_PATH_VAL
|
||||
FILENAME_MAXLEN);
|
||||
exit(EXIT_FAILURE);
|
||||
}
|
||||
- snprintf(conf.stats.logfile, FILENAME_MAXLEN, "%s", $2);
|
||||
+ snprintf(conf.stats.logfile, sizeof(conf.stats.logfile), "%s", $2);
|
||||
free($2);
|
||||
};
|
||||
|
||||
@@ -1611,7 +1611,7 @@ helper_type: T_HELPER_POLICY T_STRING '{' helper_policy_list '}'
|
||||
}
|
||||
|
||||
policy = (struct ctd_helper_policy *) &e->data;
|
||||
- snprintf(policy->name, CTD_HELPER_NAME_LEN, "%s", $2);
|
||||
+ snprintf(policy->name, sizeof(policy->name), "%s", $2);
|
||||
free($2);
|
||||
/* Now object is complete. */
|
||||
e->type = SYMBOL_HELPER_POLICY_EXPECT_ROOT;
|
||||
--
|
||||
2.34.1
|
||||
|
@ -1,6 +1,6 @@
|
||||
Name: conntrack-tools
|
||||
Version: 1.4.5
|
||||
Release: 14%{?dist}
|
||||
Release: 15%{?dist}
|
||||
Summary: Manipulate netfilter connection tracking table and run High Availability
|
||||
License: GPLv2
|
||||
URL: http://conntrack-tools.netfilter.org/
|
||||
@ -15,7 +15,17 @@ Patch04: 0004-Makefile.am-Use-instead-of.patch
|
||||
Patch05: 0005-nfct-remove-lazy-binding.patch
|
||||
Patch06: 0006-conntrackd-use-strncpy-to-unix-path.patch
|
||||
Patch07: 0007-conntrackd-Use-strdup-in-lexer.patch
|
||||
Patch08: 0008-conntrackd-use-correct-max-unix-path-length.patch
|
||||
Patch08: 0008-conntrackd-use-correct-max-unix-path-length.patch
|
||||
Patch09: 0009-hash-Flush-tables-when-destroying.patch
|
||||
Patch10: 0010-cache-Fix-features-array-allocation.patch
|
||||
Patch11: 0011-Fix-potential-buffer-overrun-in-snprintf-calls.patch
|
||||
Patch12: 0012-helpers-ftp-Avoid-ugly-casts.patch
|
||||
Patch13: 0013-read_config_yy-Drop-extra-argument-from-dlog-call.patch
|
||||
Patch14: 0014-Don-t-call-exit-from-signal-handler.patch
|
||||
Patch15: 0015-Drop-pointless-assignments.patch
|
||||
Patch16: 0016-connntrack-Fix-for-memleak-when-parsing-j-arg.patch
|
||||
Patch17: 0017-src-fix-strncpy-Wstringop-truncation-warnings.patch
|
||||
Patch18: 0018-conntrack-fix-compiler-warnings.patch
|
||||
|
||||
BuildRequires: gcc
|
||||
BuildRequires: libnfnetlink-devel >= 1.0.1, libnetfilter_conntrack-devel >= 1.0.7
|
||||
@ -96,6 +106,18 @@ install -m 0644 %{SOURCE2} %{buildroot}%{_sysconfdir}/conntrackd/
|
||||
%systemd_postun conntrackd.service
|
||||
|
||||
%changelog
|
||||
* Mon Aug 15 2022 Phil Sutter <psutter@redhat.com> - 1.4.5-15
|
||||
- conntrack: fix compiler warnings
|
||||
- src: fix strncpy -Wstringop-truncation warnings
|
||||
- connntrack: Fix for memleak when parsing -j arg
|
||||
- Drop pointless assignments
|
||||
- Don't call exit() from signal handler
|
||||
- read_config_yy: Drop extra argument from dlog() call
|
||||
- helpers: ftp: Avoid ugly casts
|
||||
- Fix potential buffer overrun in snprintf() calls
|
||||
- cache: Fix features array allocation
|
||||
- hash: Flush tables when destroying
|
||||
|
||||
* Mon Mar 28 2022 Phil Sutter <psutter@redhat.com> - 1.4.5-14
|
||||
- conntrackd: use correct max unix path length
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user