conntrack-tools-1.4.5-14.el9

- conntrackd: use correct max unix path length Resolves: rhbz#2067272
2022-03-28 13:56:06 +02:00 · 2022-03-28 13:56:06 +02:00 · b5ed0280bf
commit b5ed0280bf
parent ffd15f3948
2 changed files with 45 additions and 1 deletions
--- a/0008-conntrackd-use-correct-max-unix-path-length.patch
+++ b/0008-conntrackd-use-correct-max-unix-path-length.patch
@ -0,0 +1,40 @@
+From 8cb5fba90e0c602922bd2497f2d5ea3946eac172 Mon Sep 17 00:00:00 2001
+From: Michal Kubecek <mkubecek@suse.cz>
+Date: Mon, 15 Jul 2019 08:46:23 +0200
+Subject: [PATCH] conntrackd: use correct max unix path length
+
+When copying value of "Path" option for unix socket, target buffer size is
+UNIX_MAX_PATH so that we must not copy more bytes than that. Also make sure
+that the path is null terminated and bail out if user provided path is too
+long rather than silently truncate it.
+
+Fixes: ce06fb606906 ("conntrackd: use strncpy() to unix path")
+Signed-off-by: Michal Kubecek <mkubecek@suse.cz>
+Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+(cherry picked from commit b47e00e8a579519b163cb4faed017463bf64c40d)
+---
+ src/read_config_yy.y | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/src/read_config_yy.y b/src/read_config_yy.y
+index ceba6fc0d2426..4311cd6c9a2f5 100644
+--- a/src/read_config_yy.y
+++ b/src/read_config_yy.y
+@@ -689,8 +689,13 @@ unix_options:
+ 
+ unix_option : T_PATH T_PATH_VAL
+ {
+-	strncpy(conf.local.path, $2, PATH_MAX);
+	strncpy(conf.local.path, $2, UNIX_PATH_MAX);
+ 	free($2);
+	if (conf.local.path[UNIX_PATH_MAX - 1]) {
+		dlog(LOG_ERR, "UNIX Path is longer than %u characters",
+		     UNIX_PATH_MAX - 1);
+		exit(EXIT_FAILURE);
+	}
+ };
+ 
+ unix_option : T_BACKLOG T_NUMBER
+-- 
+2.34.1
+
--- a/conntrack-tools.spec
+++ b/conntrack-tools.spec
@ -1,6 +1,6 @@
 Name:           conntrack-tools
 Version:        1.4.5
-Release:        13%{?dist}
+Release:        14%{?dist}
 Summary:        Manipulate netfilter connection tracking table and run High Availability
 License:        GPLv2
 URL:            http://conntrack-tools.netfilter.org/
@ -15,6 +15,7 @@ Patch04:        0004-Makefile.am-Use-instead-of.patch
 Patch05:        0005-nfct-remove-lazy-binding.patch
 Patch06:        0006-conntrackd-use-strncpy-to-unix-path.patch
 Patch07:        0007-conntrackd-Use-strdup-in-lexer.patch
+Patch08:	0008-conntrackd-use-correct-max-unix-path-length.patch

 BuildRequires:  gcc
 BuildRequires:  libnfnetlink-devel >= 1.0.1, libnetfilter_conntrack-devel >= 1.0.7
@ -95,6 +96,9 @@ install -m 0644 %{SOURCE2} %{buildroot}%{_sysconfdir}/conntrackd/
 %systemd_postun conntrackd.service 

 %changelog
+* Mon Mar 28 2022 Phil Sutter <psutter@redhat.com> - 1.4.5-14
+- conntrackd: use correct max unix path length
+
 * Thu Mar 24 2022 Phil Sutter <psutter@redhat.com> - 1.4.5-13
 - conntrackd: Use strdup in lexer
 - conntrackd: use strncpy() to unix path