From b5ed0280bf3b4b437ae0d879a31dbb8e09829f06 Mon Sep 17 00:00:00 2001
From: Phil Sutter <psutter@redhat.com>
Date: Mon, 28 Mar 2022 13:56:06 +0200
Subject: [PATCH] conntrack-tools-1.4.5-14.el9

- conntrackd: use correct max unix path length

Resolves: rhbz#2067272
---
 ...ckd-use-correct-max-unix-path-length.patch | 40 +++++++++++++++++++
 conntrack-tools.spec                          |  6 ++-
 2 files changed, 45 insertions(+), 1 deletion(-)
 create mode 100644 0008-conntrackd-use-correct-max-unix-path-length.patch

diff --git a/0008-conntrackd-use-correct-max-unix-path-length.patch b/0008-conntrackd-use-correct-max-unix-path-length.patch
new file mode 100644
index 0000000..7f9e269
--- /dev/null
+++ b/0008-conntrackd-use-correct-max-unix-path-length.patch
@@ -0,0 +1,40 @@
+From 8cb5fba90e0c602922bd2497f2d5ea3946eac172 Mon Sep 17 00:00:00 2001
+From: Michal Kubecek <mkubecek@suse.cz>
+Date: Mon, 15 Jul 2019 08:46:23 +0200
+Subject: [PATCH] conntrackd: use correct max unix path length
+
+When copying value of "Path" option for unix socket, target buffer size is
+UNIX_MAX_PATH so that we must not copy more bytes than that. Also make sure
+that the path is null terminated and bail out if user provided path is too
+long rather than silently truncate it.
+
+Fixes: ce06fb606906 ("conntrackd: use strncpy() to unix path")
+Signed-off-by: Michal Kubecek <mkubecek@suse.cz>
+Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+(cherry picked from commit b47e00e8a579519b163cb4faed017463bf64c40d)
+---
+ src/read_config_yy.y | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/src/read_config_yy.y b/src/read_config_yy.y
+index ceba6fc0d2426..4311cd6c9a2f5 100644
+--- a/src/read_config_yy.y
++++ b/src/read_config_yy.y
+@@ -689,8 +689,13 @@ unix_options:
+ 
+ unix_option : T_PATH T_PATH_VAL
+ {
+-	strncpy(conf.local.path, $2, PATH_MAX);
++	strncpy(conf.local.path, $2, UNIX_PATH_MAX);
+ 	free($2);
++	if (conf.local.path[UNIX_PATH_MAX - 1]) {
++		dlog(LOG_ERR, "UNIX Path is longer than %u characters",
++		     UNIX_PATH_MAX - 1);
++		exit(EXIT_FAILURE);
++	}
+ };
+ 
+ unix_option : T_BACKLOG T_NUMBER
+-- 
+2.34.1
+
diff --git a/conntrack-tools.spec b/conntrack-tools.spec
index 7f2d6d7..ed9493e 100644
--- a/conntrack-tools.spec
+++ b/conntrack-tools.spec
@@ -1,6 +1,6 @@
 Name:           conntrack-tools
 Version:        1.4.5
-Release:        13%{?dist}
+Release:        14%{?dist}
 Summary:        Manipulate netfilter connection tracking table and run High Availability
 License:        GPLv2
 URL:            http://conntrack-tools.netfilter.org/
@@ -15,6 +15,7 @@ Patch04:        0004-Makefile.am-Use-instead-of.patch
 Patch05:        0005-nfct-remove-lazy-binding.patch
 Patch06:        0006-conntrackd-use-strncpy-to-unix-path.patch
 Patch07:        0007-conntrackd-Use-strdup-in-lexer.patch
+Patch08:	0008-conntrackd-use-correct-max-unix-path-length.patch
 
 BuildRequires:  gcc
 BuildRequires:  libnfnetlink-devel >= 1.0.1, libnetfilter_conntrack-devel >= 1.0.7
@@ -95,6 +96,9 @@ install -m 0644 %{SOURCE2} %{buildroot}%{_sysconfdir}/conntrackd/
 %systemd_postun conntrackd.service 
 
 %changelog
+* Mon Mar 28 2022 Phil Sutter <psutter@redhat.com> - 1.4.5-14
+- conntrackd: use correct max unix path length
+
 * Thu Mar 24 2022 Phil Sutter <psutter@redhat.com> - 1.4.5-13
 - conntrackd: Use strdup in lexer
 - conntrackd: use strncpy() to unix path