From f4f8d84c4ed1a1946d60168c02037ea3fdcc79be Mon Sep 17 00:00:00 2001 From: Jan Macku Date: Tue, 28 May 2024 13:18:34 +0200 Subject: [PATCH] fix: ifenslave defects reported by SAST Resolves: RHEL-38975 --- .gitignore | 30 +--- ...slave.patch => 100-iputils-ifenslave.patch | 0 ...tch => 101-iputils-ifenslave-CWE-170.patch | 0 102-iputils-ifenslave-CWE-170-2.patch | 154 ++++++++++++++++++ iputils.spec | 10 +- 5 files changed, 166 insertions(+), 28 deletions(-) rename iputils-ifenslave.patch => 100-iputils-ifenslave.patch (100%) rename iputils-ifenslave-CWE-170.patch => 101-iputils-ifenslave-CWE-170.patch (100%) create mode 100644 102-iputils-ifenslave-CWE-170-2.patch diff --git a/.gitignore b/.gitignore index 4dc4a62..6cebd91 100644 --- a/.gitignore +++ b/.gitignore @@ -1,26 +1,6 @@ -iputils-s20100418.tar.bz2 -ifenslave.tar.gz -/iputils-s20101006.tar.bz2 +/iputils-*/ /ifenslave.tar.gz -/iputils-s20121011.tar.bz2 -/iputils-s20121106.tar.bz2 -/iputils-s20121112.tar.bz2 -/iputils-s20121121.tar.bz2 -/iputils-s20121125.tar.bz2 -/iputils-s20121205.tar.bz2 -/iputils-s20121207.tar.bz2 -/iputils-s20121221.tar.bz2 -/iputils-s20140519.tar.gz -/iputils-s20150815.tar.gz -/iputils-s20160308.tar.gz -/iputils-s20161105.tar.gz -/iputils-s20180629.tar.gz -/iputils-s20190324.tar.gz -/iputils-s20190515.tar.gz -/iputils-s20200821.tar.gz -/iputils-20210202.tar.gz -/iputils-20210722.tar.gz -/iputils-20211215.tar.gz -/iputils-20221126.tar.gz -/iputils-20231222.tar.gz -/iputils-20240117.tar.gz +/iputils-*.tar.gz +/iputils-*src.rpm +/iputils-*.rpm + diff --git a/iputils-ifenslave.patch b/100-iputils-ifenslave.patch similarity index 100% rename from iputils-ifenslave.patch rename to 100-iputils-ifenslave.patch diff --git a/iputils-ifenslave-CWE-170.patch b/101-iputils-ifenslave-CWE-170.patch similarity index 100% rename from iputils-ifenslave-CWE-170.patch rename to 101-iputils-ifenslave-CWE-170.patch diff --git a/102-iputils-ifenslave-CWE-170-2.patch b/102-iputils-ifenslave-CWE-170-2.patch new file mode 100644 index 0000000..67e6a5e --- /dev/null +++ b/102-iputils-ifenslave-CWE-170-2.patch @@ -0,0 +1,154 @@ +From bea19fd9a86dd2c601681ff2ef4a9c1afab1e34d Mon Sep 17 00:00:00 2001 +From: Jan Macku +Date: Tue, 8 Jun 2021 15:41:58 +0200 +Subject: [PATCH] ifenslave: fix CWE-170: Improper Null Termination + +Resolves: #1938746 +--- + ifenslave.c | 43 +++++++++++++++++++++++++++---------------- + 1 file changed, 27 insertions(+), 16 deletions(-) + +diff --git a/ifenslave.c b/ifenslave.c +index 1efe4f1..59bce4c 100644 +--- a/ifenslave.c ++++ b/ifenslave.c +@@ -619,7 +619,7 @@ static int get_drv_info(char *master_ifname) + char *endptr; + + memset(&ifr, 0, sizeof(ifr)); +- strncpy(ifr.ifr_name, master_ifname, IFNAMSIZ); ++ strncpy(ifr.ifr_name, master_ifname, IFNAMSIZ - 1); + ifr.ifr_data = (caddr_t)&info; + + info.cmd = ETHTOOL_GDRVINFO; +@@ -664,8 +664,9 @@ static int change_active(char *master_ifname, char *slave_ifname) + return 1; + } + +- strncpy(ifr.ifr_name, master_ifname, IFNAMSIZ); +- strncpy(ifr.ifr_slave, slave_ifname, IFNAMSIZ); ++ memset(&ifr, 0, sizeof(ifr)); ++ strncpy(ifr.ifr_name, master_ifname, IFNAMSIZ - 1); ++ strncpy(ifr.ifr_slave, slave_ifname, IFNAMSIZ - 1); + if ((ioctl(skfd, SIOCBONDCHANGEACTIVE, &ifr) < 0) && + (ioctl(skfd, BOND_CHANGE_ACTIVE_OLD, &ifr) < 0)) { + saved_errno = errno; +@@ -806,8 +807,9 @@ static int enslave(char *master_ifname, char *slave_ifname) + } + + /* Do the real thing */ +- strncpy(ifr.ifr_name, master_ifname, IFNAMSIZ); +- strncpy(ifr.ifr_slave, slave_ifname, IFNAMSIZ); ++ memset(&ifr, 0, sizeof(ifr)); ++ strncpy(ifr.ifr_name, master_ifname, IFNAMSIZ - 1); ++ strncpy(ifr.ifr_slave, slave_ifname, IFNAMSIZ - 1); + if ((ioctl(skfd, SIOCBONDENSLAVE, &ifr) < 0) && + (ioctl(skfd, BOND_ENSLAVE_OLD, &ifr) < 0)) { + saved_errno = errno; +@@ -847,8 +849,9 @@ static int release(char *master_ifname, char *slave_ifname) + return 1; + } + +- strncpy(ifr.ifr_name, master_ifname, IFNAMSIZ); +- strncpy(ifr.ifr_slave, slave_ifname, IFNAMSIZ); ++ memset(&ifr, 0, sizeof(ifr)); ++ strncpy(ifr.ifr_name, master_ifname, IFNAMSIZ - 1); ++ strncpy(ifr.ifr_slave, slave_ifname, IFNAMSIZ - 1); + if ((ioctl(skfd, SIOCBONDRELEASE, &ifr) < 0) && + (ioctl(skfd, BOND_RELEASE_OLD, &ifr) < 0)) { + saved_errno = errno; +@@ -880,7 +883,8 @@ static int get_if_settings(char *ifname, struct dev_ifr ifra[]) + int res = 0; + + for (i = 0; ifra[i].req_ifr; i++) { +- strncpy(ifra[i].req_ifr->ifr_name, ifname, IFNAMSIZ); ++ strncpy(ifra[i].req_ifr->ifr_name, ifname, IFNAMSIZ - 1); ++ ifra[i].req_ifr->ifr_name[IFNAMSIZ - 1] = '\0'; + res = ioctl(skfd, ifra[i].req_type, ifra[i].req_ifr); + if (res < 0) { + saved_errno = errno; +@@ -899,7 +903,8 @@ static int get_slave_flags(char *slave_ifname) + { + int res = 0; + +- strncpy(slave_flags.ifr_name, slave_ifname, IFNAMSIZ); ++ strncpy(slave_flags.ifr_name, slave_ifname, IFNAMSIZ - 1); ++ slave_flags.ifr_name[IFNAMSIZ - 1] = '\0'; + res = ioctl(skfd, SIOCGIFFLAGS, &slave_flags); + if (res < 0) { + saved_errno = errno; +@@ -919,7 +924,8 @@ static int set_master_hwaddr(char *master_ifname, struct sockaddr *hwaddr) + struct ifreq ifr; + int res = 0; + +- strncpy(ifr.ifr_name, master_ifname, IFNAMSIZ); ++ memset(&ifr, 0, sizeof(ifr)); ++ strncpy(ifr.ifr_name, master_ifname, IFNAMSIZ - 1); + memcpy(&(ifr.ifr_hwaddr), hwaddr, sizeof(struct sockaddr)); + res = ioctl(skfd, SIOCSIFHWADDR, &ifr); + if (res < 0) { +@@ -943,7 +949,8 @@ static int set_slave_hwaddr(char *slave_ifname, struct sockaddr *hwaddr) + struct ifreq ifr; + int res = 0; + +- strncpy(ifr.ifr_name, slave_ifname, IFNAMSIZ); ++ memset(&ifr, 0, sizeof(ifr)); ++ strncpy(ifr.ifr_name, slave_ifname, IFNAMSIZ - 1); + memcpy(&(ifr.ifr_hwaddr), hwaddr, sizeof(struct sockaddr)); + res = ioctl(skfd, SIOCSIFHWADDR, &ifr); + if (res < 0) { +@@ -980,8 +987,9 @@ static int set_slave_mtu(char *slave_ifname, int mtu) + struct ifreq ifr; + int res = 0; + ++ memset(&ifr, 0, sizeof(ifr)); + ifr.ifr_mtu = mtu; +- strncpy(ifr.ifr_name, slave_ifname, IFNAMSIZ); ++ strncpy(ifr.ifr_name, slave_ifname, IFNAMSIZ - 1); + + res = ioctl(skfd, SIOCSIFMTU, &ifr); + if (res < 0) { +@@ -1000,8 +1008,9 @@ static int set_if_flags(char *ifname, short flags) + struct ifreq ifr; + int res = 0; + ++ memset(&ifr, 0, sizeof(ifr)); + ifr.ifr_flags = flags; +- strncpy(ifr.ifr_name, ifname, IFNAMSIZ); ++ strncpy(ifr.ifr_name, ifname, IFNAMSIZ - 1); + + res = ioctl(skfd, SIOCSIFFLAGS, &ifr); + if (res < 0) { +@@ -1030,7 +1039,8 @@ static int clear_if_addr(char *ifname) + struct ifreq ifr; + int res = 0; + +- strncpy(ifr.ifr_name, ifname, IFNAMSIZ); ++ memset(&ifr, 0, sizeof(ifr)); ++ strncpy(ifr.ifr_name, ifname, IFNAMSIZ - 1); + ifr.ifr_addr.sa_family = AF_INET; + memset(ifr.ifr_addr.sa_data, 0, sizeof(ifr.ifr_addr.sa_data)); + +@@ -1065,8 +1075,9 @@ static int set_if_addr(char *master_ifname, char *slave_ifname) + {NULL, NULL, 0, 0}, + }; + ++ memset(&ifr, 0, sizeof(ifr)); + for (i = 0; ifra[i].req_name; i++) { +- strncpy(ifr.ifr_name, master_ifname, IFNAMSIZ); ++ strncpy(ifr.ifr_name, master_ifname, IFNAMSIZ - 1); + res = ioctl(skfd, ifra[i].g_ioctl, &ifr); + if (res < 0) { + int saved_errno = errno; +@@ -1080,7 +1091,7 @@ static int set_if_addr(char *master_ifname, char *slave_ifname) + sizeof(ifr.ifr_addr.sa_data)); + } + +- strncpy(ifr.ifr_name, slave_ifname, IFNAMSIZ); ++ strncpy(ifr.ifr_name, slave_ifname, IFNAMSIZ - 1); + res = ioctl(skfd, ifra[i].s_ioctl, &ifr); + if (res < 0) { + int saved_errno = errno; +-- +2.31.1 + diff --git a/iputils.spec b/iputils.spec index b2cc3f5..3cd7696 100644 --- a/iputils.spec +++ b/iputils.spec @@ -3,7 +3,7 @@ Summary: Network monitoring tools including ping Name: iputils Version: 20240117 -Release: 4%{?dist} +Release: 5%{?dist} # some parts are under the original BSD (ping.c) # some are under GPLv2+ (tracepath.c) License: BSD-4-Clause-UC AND GPL-2.0-or-later @@ -15,8 +15,9 @@ Source1: ifenslave.tar.gz Source4: bsd.txt Source5: https://www.gnu.org/licenses/old-licenses/gpl-2.0.txt -Patch100: iputils-ifenslave.patch -Patch101: iputils-ifenslave-CWE-170.patch +Patch100: 100-iputils-ifenslave.patch +Patch101: 101-iputils-ifenslave-CWE-170.patch +Patch102: 102-iputils-ifenslave-CWE-170-2.patch BuildRequires: gcc BuildRequires: meson @@ -85,6 +86,9 @@ install -cp ifenslave.8 ${RPM_BUILD_ROOT}%{_mandir}/man8/ %attr(644,root,root) %{_mandir}/man8/ifenslave.8* %changelog +* Tue May 28 2024 Jan Macku - 20240117-5 +- Fix ifenslave defects detected by Coverity + * Sun Feb 11 2024 Kevin Fenzi - 20240117-4 - Fix sources. Fixes rhbz#2263028