From 57f5db235718105b776b6c2dbe84278e022d0ef3 Mon Sep 17 00:00:00 2001
From: eabdullin <ed.abdullin.1@gmail.com>
Date: Tue, 28 Jan 2025 00:24:13 +0000
Subject: [PATCH] import UBI keepalived-2.1.5-10.el8_10

---
 ...EL-49561-validate-ipset-names-better.patch | 83 +++++++++++++++++++
 SPECS/keepalived.spec                         |  8 +-
 2 files changed, 90 insertions(+), 1 deletion(-)
 create mode 100644 SOURCES/RHEL-49561-validate-ipset-names-better.patch

diff --git a/SOURCES/RHEL-49561-validate-ipset-names-better.patch b/SOURCES/RHEL-49561-validate-ipset-names-better.patch
new file mode 100644
index 0000000..40ede33
--- /dev/null
+++ b/SOURCES/RHEL-49561-validate-ipset-names-better.patch
@@ -0,0 +1,83 @@
+diff -ur keepalived-2.1.5/keepalived/core/global_parser.c keepalived-2.1.5.patched/keepalived/core/global_parser.c
+--- keepalived-2.1.5/keepalived/core/global_parser.c	2020-07-10 17:41:46.000000000 +0100
++++ keepalived-2.1.5.patched/keepalived/core/global_parser.c	2024-12-02 14:06:44.469215491 +0000
+@@ -955,6 +955,22 @@
+ 	}
+ }
+ #ifdef _HAVE_LIBIPSET_
++static bool
++check_valid_ipset_name(const vector_t *strvec, unsigned entry, const char *log_name)
++{
++	if (strlen(strvec_slot(strvec, entry)) >= IPSET_MAXNAMELEN - 1) {
++		report_config_error(CONFIG_GENERAL_ERROR, "VRRP Error : ipset %s name too long - ignored", log_name);
++		return false;
++	}
++
++	if (strlen(strvec_slot(strvec, entry)) == 0) {
++		report_config_error(CONFIG_GENERAL_ERROR, "VRRP Error : ipset %s name empty - ignored", log_name);
++		return false;
++	}
++
++	return true;
++}
++
+ static void
+ vrrp_ipsets_handler(const vector_t *strvec)
+ {
+@@ -974,17 +990,13 @@
+ 		return;
+ 	}
+ 
+-	if (strlen(strvec_slot(strvec,1)) >= IPSET_MAXNAMELEN - 1) {
+-		report_config_error(CONFIG_GENERAL_ERROR, "VRRP Error : ipset address name too long - ignored");
++	if (!check_valid_ipset_name(strvec, 1, "address"))
+ 		return;
+-	}
+ 	global_data->vrrp_ipset_address = STRDUP(strvec_slot(strvec,1));
+ 
+ 	if (vector_size(strvec) >= 3) {
+-		if (strlen(strvec_slot(strvec,2)) >= IPSET_MAXNAMELEN - 1) {
+-			report_config_error(CONFIG_GENERAL_ERROR, "VRRP Error : ipset IPv6 address name too long - ignored");
++		if (!check_valid_ipset_name(strvec, 2, "IPv6 address"))
+ 			return;
+-		}
+ 		global_data->vrrp_ipset_address6 = STRDUP(strvec_slot(strvec,2));
+ 	}
+ 	else {
+@@ -995,10 +1007,8 @@
+ 		global_data->vrrp_ipset_address6 = STRDUP(set_name);
+ 	}
+ 	if (vector_size(strvec) >= 4) {
+-		if (strlen(strvec_slot(strvec,3)) >= IPSET_MAXNAMELEN - 1) {
+-			report_config_error(CONFIG_GENERAL_ERROR, "VRRP Error : ipset IPv6 address_iface name too long - ignored");
++		if (!check_valid_ipset_name(strvec, 3, "IPv6 address_iface"))
+ 			return;
+-		}
+ 		global_data->vrrp_ipset_address_iface6 = STRDUP(strvec_slot(strvec,3));
+ 	}
+ 	else {
+@@ -1014,10 +1024,8 @@
+ 
+ #ifdef HAVE_IPSET_ATTR_IFACE
+ 	if (vector_size(strvec) >= 5) {
+-		if (strlen(strvec_slot(strvec,4)) >= IPSET_MAXNAMELEN - 1) {
+-			report_config_error(CONFIG_GENERAL_ERROR, "VRRP Error : ipset IGMP name too long - ignored");
++		if (!check_valid_ipset_name(strvec, 4, "IGMP"))
+ 			return;
+-		}
+ 		global_data->vrrp_ipset_igmp = STRDUP(strvec_slot(strvec,4));
+ 	}
+ 	else {
+@@ -1028,10 +1036,8 @@
+ 		global_data->vrrp_ipset_igmp = STRDUP(set_name);
+ 	}
+ 	if (vector_size(strvec) >= 6) {
+-		if (strlen(strvec_slot(strvec,5)) >= IPSET_MAXNAMELEN - 1) {
+-			report_config_error(CONFIG_GENERAL_ERROR, "VRRP Error : ipset MLD name too long - ignored");
++		if (!check_valid_ipset_name(strvec, 5, "MLD"))
+ 			return;
+-		}
+ 		global_data->vrrp_ipset_mld = STRDUP(strvec_slot(strvec,5));
+ 	}
+ 	else {
+Only in keepalived-2.1.5.patched/keepalived/core: global_parser.c.orig
diff --git a/SPECS/keepalived.spec b/SPECS/keepalived.spec
index 63d6867..42994d9 100644
--- a/SPECS/keepalived.spec
+++ b/SPECS/keepalived.spec
@@ -10,7 +10,7 @@
 Name: keepalived
 Summary: High Availability monitor built upon LVS, VRRP and service pollers
 Version: 2.1.5
-Release: 9%{?dist}
+Release: 10%{?dist}
 License: GPLv2+
 URL: http://www.keepalived.org/
 Group: System Environment/Daemons
@@ -22,6 +22,7 @@ Patch1: bz1977716-revert-explicit-set-LOG_USER-facility.patch
 Patch2: bz1977716-use-LOG_DAEMON-facility-by-default.patch
 Patch3: bz2028350-fix-dbus-policy-restrictions.patch
 Patch4: bz2054249-fix-unweighted-track-scripts.patch
+Patch5: RHEL-49561-validate-ipset-names-better.patch
 
 Requires(post): systemd
 Requires(preun): systemd
@@ -61,6 +62,7 @@ infrastructures.
 %patch2 -p1
 %patch3 -p1
 %patch4 -p1
+%patch5 -p1
 
 %build
 %configure \
@@ -111,6 +113,10 @@ mkdir -p %{buildroot}%{_libexecdir}/keepalived
 %{_mandir}/man8/keepalived.8*
 
 %changelog
+* Mon Dec  2 2024 Christine Caulfield <ccaulfie@redhat.com> - 2.1.5-10
+- CVE-2024-41184
+  Resolves: RHEL-49561
+
 * Thu Jul 21 2022 Ryan O'Hara <rohara@redhat.com> - 2.1.5-9
 - Fix removal of unweighted track scripts from sync group (#2054249)