[tw] - fixed autoload problem in iptables and ip6tables (CAN-2004-0986)

2004-11-11 11:55:39 +00:00 · 2004-11-11 11:55:39 +00:00 · f8486dc1c5
commit f8486dc1c5
parent 17fd75cb18
2 changed files with 54 additions and 1 deletions
--- a/iptables-1.2.11-autoload.patch
+++ b/iptables-1.2.11-autoload.patch
@ -0,0 +1,48 @@
+--- iptables-1.2.11/ip6tables.c.autoload	2004-11-11 12:03:35.221306429 +0100
+++ iptables-1.2.11/ip6tables.c	2004-11-11 12:04:43.382900379 +0100
+@@ -1595,15 +1595,18 @@
+ 	int procfile;
+ 	char *ret;
+ 
+#define PROCFILE_BUFSIZ 1024
+
+ 	procfile = open(PROC_SYS_MODPROBE, O_RDONLY);
+ 	if (procfile < 0)
+ 		return NULL;
+ 
+-	ret = malloc(1024);
+	ret = malloc(PROCFILE_BUFSIZ);
+ 	if (ret) {
+-		switch (read(procfile, ret, 1024)) {
+		memset(ret, 0, PROCFILE_BUFSIZ);
+		switch (read(procfile, ret, PROCFILE_BUFSIZ)) {
+ 		case -1: goto fail;
+-		case 1024: goto fail; /* Partial read.  Wierd */
+		case PROCFILE_BUFSIZ: goto fail; /* Partial read.  Wierd */
+ 		}
+ 		if (ret[strlen(ret)-1]=='\n') 
+ 			ret[strlen(ret)-1]=0;
+--- iptables-1.2.11/iptables.c.autoload	2004-11-11 12:01:35.601815606 +0100
+++ iptables-1.2.11/iptables.c	2004-11-11 12:02:50.496478760 +0100
+@@ -1593,15 +1593,18 @@
+ 	int procfile;
+ 	char *ret;
+ 
+#define PROCFILE_BUFSIZ 1024
+
+ 	procfile = open(PROC_SYS_MODPROBE, O_RDONLY);
+ 	if (procfile < 0)
+ 		return NULL;
+ 
+-	ret = malloc(1024);
+	ret = malloc(PROCFILE_BUFSIZ);
+ 	if (ret) {
+-		switch (read(procfile, ret, 1024)) {
+		memset(ret, 0, PROCFILE_BUFSIZ);
+		switch (read(procfile, ret, PROCFILE_BUFSIZ)) {
+ 		case -1: goto fail;
+-		case 1024: goto fail; /* Partial read.  Wierd */
+		case PROCFILE_BUFSIZ: goto fail; /* Partial read.  Wierd */
+ 		}
+ 		if (ret[strlen(ret)-1]=='\n') 
+ 			ret[strlen(ret)-1]=0;
--- a/iptables.spec
+++ b/iptables.spec
@ -4,7 +4,7 @@
 Name: iptables
 Summary: Tools for managing Linux kernel packet filtering capabilities.
 Version: 1.2.11
-Release: 3.1
+Release: 3.2
 Source: http://www.netfilter.org/%{name}-%{version}.tar.bz2
 Source1: iptables.init
 Source2: iptables-config
@ -17,6 +17,7 @@ Patch5: iptables-1.2.9-selinux.patch
 Patch6: iptables-1.2.10-counters.patch
 Patch7: iptables-1.2.11-free.patch
 Patch8: iptables-1.2.11-cleanup.patch
+Patch9: iptables-1.2.11-autoload.patch
 Group: System Environment/Base
 URL: http://www.netfilter.org/
 BuildRoot: %{_tmppath}/%{name}-buildroot
@ -74,6 +75,7 @@ cd ..
 %patch6 -p1 -b .counters
 %patch7 -p1 -b .free
 %patch8 -p1 -b .cleanup
+%patch9 -p1 -b .autoload

 # Put it to a reasonable place
 find . -type f -exec perl -pi -e "s,/usr/local,%{prefix},g" {} \;
@ -148,6 +150,9 @@ fi
 %endif

 %changelog
+* Thu Nov 11 2004 Thomas Woerner <twoerner@redhat.com> 1.2.11-3.2
+- fixed autoload problem in iptables and ip6tables (CAN-2004-0986)
+
 * Fri Sep 17 2004 Thomas Woerner <twoerner@redhat.com> 1.2.11-3.1
 - changed default behaviour for IPTABLES_STATUS_NUMERIC to "yes" (#129731)
 - modified config file to match this change and un-commented variables with