import iproute-5.15.0-4.el8_6.1

2022-09-13 03:39:32 -04:00 · 2022-09-13 03:39:32 -04:00 · 790b7f9d66
commit 790b7f9d66
parent 9bc5f8a379
2 changed files with 66 additions and 1 deletions
--- a/SOURCES/0021-tc-flower-Fix-buffer-overflow-on-large-labels.patch
+++ b/SOURCES/0021-tc-flower-Fix-buffer-overflow-on-large-labels.patch
@ -0,0 +1,48 @@
+From 1b3f8332696651e4843b0419425480f134c8347f Mon Sep 17 00:00:00 2001
+Message-Id: <1b3f8332696651e4843b0419425480f134c8347f.1657569892.git.aclaudi@redhat.com>
+In-Reply-To: <b30268eda844bdebbb8e5e4f5735e3b1bb666368.1657569892.git.aclaudi@redhat.com>
+References: <b30268eda844bdebbb8e5e4f5735e3b1bb666368.1657569892.git.aclaudi@redhat.com>
+From: Andrea Claudi <aclaudi@redhat.com>
+Date: Mon, 11 Jul 2022 17:57:52 +0200
+Subject: [PATCH] tc: flower: Fix buffer overflow on large labels
+
+Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2099364
+Upstream Status: unknown commit 73590d95
+
+commit 73590d9573148804034a88ceb2f6b7ca1545561f
+Author: Paul Blakey <paulb@nvidia.com>
+Date:   Sun Dec 5 15:20:25 2021 +0200
+
+    tc: flower: Fix buffer overflow on large labels
+
+    Buffer is 64bytes, but label printing can take 66bytes printing
+    in hex, and will overflow when setting the string delimiter ('\0').
+
+    Fix that by increasing the print buffer size.
+
+    Example of overflowing ct_label:
+    ct_label 11111111111111111111111111111111/11111111111111111111111111111111
+
+    Fixes: 2fffb1c03056 ("tc: flower: Add matching on conntrack info")
+    Signed-off-by: Paul Blakey <paulb@nvidia.com>
+    Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
+---
+ tc/f_flower.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/tc/f_flower.c b/tc/f_flower.c
+index 7f78195f..6d70b92a 100644
+--- a/tc/f_flower.c
+++ b/tc/f_flower.c
+@@ -2195,7 +2195,7 @@ static void flower_print_ct_label(struct rtattr *attr,
+ 	const unsigned char *str;
+ 	bool print_mask = false;
+ 	int data_len, i;
+-	SPRINT_BUF(out);
+	char out[128];
+ 	char *p;
+ 
+ 	if (!attr)
+-- 
+2.36.1
+
--- a/SPECS/iproute.spec
+++ b/SPECS/iproute.spec
@ -1,7 +1,7 @@
 Summary:            Advanced IP routing and network device configuration tools
 Name:               iproute
 Version:            5.15.0
-Release:            4%{?dist}%{?buildid}
+Release:            4%{?dist}.1%{?buildid}
 %if 0%{?rhel}
 Group:              Applications/System
 %endif
@ -28,6 +28,7 @@ Patch16:            0017-vdpa-Allow-for-printing-negotiated-features-of-a-dev.pa
 Patch17:            0018-vdpa-Support-for-configuring-max-VQ-pairs-for-a-devi.patch
 Patch18:            0019-vdpa-Support-reading-device-features.patch
 Patch19:            0020-vdpa-Update-man-page-with-added-support-to-configure.patch
+Patch20:            0021-tc-flower-Fix-buffer-overflow-on-large-labels.patch

 License:            GPLv2+ and Public Domain
 BuildRequires:      bison
@ -42,6 +43,11 @@ BuildRequires:      libmnl-devel
 BuildRequires:      libselinux-devel
 BuildRequires:      make
 BuildRequires:      pkgconfig
+%if ! 0%{?_module_build}
+%if 0%{?fedora}
+BuildRequires:      linux-atm-libs-devel
+%endif
+%endif
 Requires:           libbpf
 Requires:           psmisc
 Provides:           /sbin/ip
@ -53,7 +59,9 @@ kernel.

 %package tc
 Summary:            Linux Traffic Control utility
+%if 0%{?rhel}
 Group:              Applications/System
+%endif
 License:            GPLv2+
 Requires:           %{name}%{?_isa} = %{version}-%{release}
 Provides:           /sbin/tc
@ -66,7 +74,9 @@ Linux.
 %if ! 0%{?_module_build}
 %package doc
 Summary:            Documentation for iproute2 utilities with examples
+%if 0%{?rhel}
 Group:              Applications/System
+%endif
 License:            GPLv2+
 Requires:           %{name} = %{version}-%{release}

@ -76,7 +86,9 @@ The iproute documentation contains howtos and examples of settings.

 %package devel
 Summary:            iproute development files
+%if 0%{?rhel}
 Group:              Development/Libraries
+%endif
 License:            GPLv2+
 Requires:           %{name} = %{version}-%{release}
 Provides:           iproute-static = %{version}-%{release}
@ -106,7 +118,9 @@ install -D -m644 lib/libnetlink.a %{buildroot}%{_libdir}/libnetlink.a
 rm -rf '%{buildroot}%{_docdir}'

 # append deprecated values to rt_dsfield for compatibility reasons
+%if ! 0%{?fedora}
 cat %{SOURCE1} >>%{buildroot}%{_sysconfdir}/iproute2/rt_dsfield
+%endif

 %files
 %dir %{_sysconfdir}/iproute2
@ -146,6 +160,9 @@ cat %{SOURCE1} >>%{buildroot}%{_sysconfdir}/iproute2/rt_dsfield
 %{_includedir}/iproute2/bpf_elf.h

 %changelog
+* Mon Jul 11 2022 Andrea Claudi <aclaudi@redhat.com> - 5.15.0-4.el8_6.1
+- tc: flower: Fix buffer overflow on large labels (Andrea Claudi) [2099364]
+
 * Mon Mar 21 2022 Andrea Claudi <aclaudi@redhat.com> - 5.15.0-4.el8
 - vdpa: Update man page with added support to configure max vq pair (Andrea Claudi) [2056827]
 - vdpa: Support reading device features (Andrea Claudi) [2056827]