From 0aeba6cc2329ac4d36a597a23d4e7d666270337b Mon Sep 17 00:00:00 2001
From: Benjamin Marzinski <bmarzins@redhat.com>
Date: Tue, 9 Apr 2024 16:38:29 -0400
Subject: [PATCH] device-mapper-multipath-0.8.7-28

---
 .device-mapper-multipath.metadata             |  2 +
 ...actually-truncate-too-large-vpd-page.patch | 40 +++++++++++++++++++
 ...retical-overflow-in-loop-device-name.patch | 23 +++++++++++
 device-mapper-multipath.spec                  | 10 ++++-
 4 files changed, 74 insertions(+), 1 deletion(-)
 create mode 100644 .device-mapper-multipath.metadata
 create mode 100644 0108-libmultipath-actually-truncate-too-large-vpd-page.patch
 create mode 100644 0109-kpartx-fix-theoretical-overflow-in-loop-device-name.patch

diff --git a/.device-mapper-multipath.metadata b/.device-mapper-multipath.metadata
new file mode 100644
index 0000000..1a876f2
--- /dev/null
+++ b/.device-mapper-multipath.metadata
@@ -0,0 +1,2 @@
+067d668de8e3a70b7c176bbf0c0616d5835bbe44 multipath-tools-0.8.7.tgz
+5d5e16cccc83fd78cf9b95e5c52cc41dbbeb1da7 multipath.conf
diff --git a/0108-libmultipath-actually-truncate-too-large-vpd-page.patch b/0108-libmultipath-actually-truncate-too-large-vpd-page.patch
new file mode 100644
index 0000000..8240aaa
--- /dev/null
+++ b/0108-libmultipath-actually-truncate-too-large-vpd-page.patch
@@ -0,0 +1,40 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Benjamin Marzinski <bmarzins@redhat.com>
+Date: Tue, 9 Apr 2024 14:09:49 -0400
+Subject: [PATCH] libmultipath: actually truncate too-large vpd page.
+
+When multipath notices that the vpd page is too large, it needs to
+actually truncate it. Also, whe calling parse_vpd_pg83() with a possibly
+truncated page, multipath needs to check that it actually has a whole
+vpd entry, before trying to use it.
+
+Signed-off-by: Benjamin Marzinski <bmarzins@redhat.com>
+---
+ libmultipath/discovery.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/libmultipath/discovery.c b/libmultipath/discovery.c
+index adf8bbaa..ae7eb7e6 100644
+--- a/libmultipath/discovery.c
++++ b/libmultipath/discovery.c
+@@ -1164,7 +1164,7 @@ parse_vpd_pg83(const unsigned char *in, size_t in_len,
+ 	int vpd_type, prio = -1, naa_prio;
+ 
+ 	d = in + 4;
+-	while (d < in + in_len) {
++	while (d + 4 <= in + in_len && d + d[3] + 4 <= in + in_len) {
+ 		/* Select 'association: LUN' */
+ 		if ((d[1] & 0x30) != 0) {
+ 			d += d[3] + 4;
+@@ -1363,8 +1363,10 @@ get_vpd_sysfs (struct udev_device *parent, int pg, char * str, int maxlen)
+ 		return -ENODATA;
+ 	}
+ 	buff_len = get_unaligned_be16(&buff[2]) + 4;
+-	if (buff_len > 4096)
++	if (buff_len > 4096) {
+ 		condlog(3, "vpd pg%02x page truncated", pg);
++		buff_len = 4096;
++	}
+ 
+ 	if (pg == 0x80)
+ 		len = parse_vpd_pg80(buff, str, maxlen);
diff --git a/0109-kpartx-fix-theoretical-overflow-in-loop-device-name.patch b/0109-kpartx-fix-theoretical-overflow-in-loop-device-name.patch
new file mode 100644
index 0000000..1a632b8
--- /dev/null
+++ b/0109-kpartx-fix-theoretical-overflow-in-loop-device-name.patch
@@ -0,0 +1,23 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Benjamin Marzinski <bmarzins@redhat.com>
+Date: Tue, 9 Apr 2024 14:13:34 -0400
+Subject: [PATCH] kpartx: fix theoretical overflow in loop device name
+
+Signed-off-by: Benjamin Marzinski <bmarzins@redhat.com>
+---
+ kpartx/lopart.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/kpartx/lopart.c b/kpartx/lopart.c
+index 9b652554..80ce1312 100644
+--- a/kpartx/lopart.c
++++ b/kpartx/lopart.c
+@@ -159,7 +159,7 @@ char *find_loop_by_file(const char *filename)
+ 
+ char *find_unused_loop_device(void)
+ {
+-	char dev[20], *next_loop_dev = NULL;
++	char dev[21], *next_loop_dev = NULL;
+ 	int fd, next_loop = 0, somedev = 0, someloop = 0, loop_known = 0;
+ 	struct stat statbuf;
+ 	struct loop_info loopinfo;
diff --git a/device-mapper-multipath.spec b/device-mapper-multipath.spec
index f7ba6e1..464448f 100644
--- a/device-mapper-multipath.spec
+++ b/device-mapper-multipath.spec
@@ -1,6 +1,6 @@
 Name:    device-mapper-multipath
 Version: 0.8.7
-Release: 27%{?dist}
+Release: 28%{?dist}
 Summary: Tools to manage multipath devices using device-mapper
 License: GPLv2
 URL:     http://christophe.varoqui.free.fr/
@@ -117,6 +117,8 @@ Patch0104: 0104-multipathd-disable-queueing-when-removing-unknown-ma.patch
 Patch0105: 0105-multipathd-fix-null-pointer-dereference-in-uev_updat.patch
 Patch0106: 0106-multipathd-fix-auto-resize-configuration.patch
 Patch0107: 0107-libmultipath-fix-displaying-auto_resize-config-setti.patch
+Patch0108: 0108-libmultipath-actually-truncate-too-large-vpd-page.patch
+Patch0109: 0109-kpartx-fix-theoretical-overflow-in-loop-device-name.patch
 
 
 # runtime
@@ -320,6 +322,12 @@ fi
 %{_pkgconfdir}/libdmmp.pc
 
 %changelog
+* Tue Apr  9 2024 Benjamin Marzinski <bmarzins@redhat.com> - 0.8.7-28
+- Add 0108-libmultipath-actually-truncate-too-large-vpd-page.patch
+- Add 0109-kpartx-fix-theoretical-overflow-in-loop-device-name.patch
+  * Fixes RHEL-31793 ("RHEL SAST Automation: address (selected) true positives")
+- Resolves: RHEL-31793
+
 * Fri Jan 26 2024 Benjamin Marzinski <bmarzins@redhat.com> - 0.8.7-27
 - Add 0105-multipathd-fix-null-pointer-dereference-in-uev_updat.patch
 - Add 0106-multipathd-fix-auto-resize-configuration.patch