From 0a4563dfa84c9174ec2e68f15bcc8508bbb72894 Mon Sep 17 00:00:00 2001 From: Eugene Syromiatnikov Date: Fri, 16 Aug 2024 15:30:21 +0200 Subject: [PATCH] Fix issues discovered by static analysis Apply a patch that fixes a reported issue: - v33~1 "libkmod: avoid undefined behaviour in libkmod-builtin.c:get_string" * 0001-libkmod-avoid-undefined-behaviour-in-libkmod-builtin.patch: New file. * kmod.spec (Release): Bump to 8. (Patch2): New patch. (%changelog): New record. Resolves: RHEL-44931 Signed-off-by: Eugene Syromiatnikov --- ...defined-behaviour-in-libkmod-builtin.patch | 44 +++++++++++++++++++ kmod.spec | 11 ++++- 2 files changed, 53 insertions(+), 2 deletions(-) create mode 100644 0001-libkmod-avoid-undefined-behaviour-in-libkmod-builtin.patch diff --git a/0001-libkmod-avoid-undefined-behaviour-in-libkmod-builtin.patch b/0001-libkmod-avoid-undefined-behaviour-in-libkmod-builtin.patch new file mode 100644 index 0000000..bc47622 --- /dev/null +++ b/0001-libkmod-avoid-undefined-behaviour-in-libkmod-builtin.patch @@ -0,0 +1,44 @@ +From 5c22362b6b97af9c6b7587f0c3450001e9893115 Mon Sep 17 00:00:00 2001 +From: Eugene Syromiatnikov +Date: Tue, 13 Aug 2024 16:17:27 +0200 +Subject: [PATCH] libkmod: avoid undefined behaviour in + libkmod-builtin.c:get_string + +Static analysis has reported a potential UB: + + kmod-31/libkmod/libkmod-builtin.c:125: use_invalid: Using "nullp", which points to an out-of-scope variable "buf". + # 123| size_t linesz = 0; + # 124| + # 125|-> while (!nullp) { + # 126| char buf[BUFSIZ]; + # 127| ssize_t sz; + +It seems to be indeed an UB, as nullp is getting assined an address +inside object buf, which has a lifetime of the while loop body, +and is not available outside of it (specifically, in the while +condition, where nullp is checked for NULL). Fix it by putting +buf definition in the outer block. +--- + libkmod/libkmod-builtin.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/libkmod/libkmod-builtin.c b/libkmod/libkmod-builtin.c +index fd0f549..40a7d61 100644 +--- a/libkmod/libkmod-builtin.c ++++ b/libkmod/libkmod-builtin.c +@@ -105,11 +105,11 @@ static off_t get_string(struct kmod_builtin_iter *iter, off_t offset, + char **line, size_t *size) + { + int sv_errno; ++ char buf[BUFSIZ]; + char *nullp = NULL; + size_t linesz = 0; + + while (!nullp) { +- char buf[BUFSIZ]; + ssize_t sz; + size_t partsz; + +-- +2.13.6 + diff --git a/kmod.spec b/kmod.spec index e1401d1..6bbbaf5 100644 --- a/kmod.spec +++ b/kmod.spec @@ -16,7 +16,7 @@ Name: kmod Version: 31 -Release: 7%{?dist} +Release: 8%{?dist} Summary: Linux kernel module management utilities # https://docs.fedoraproject.org/en-US/legal/license-field/#_no_effective_license_analysis @@ -67,7 +67,10 @@ URL: https://git.kernel.org/pub/scm/utils/kernel/kmod/kmod.git Source0: https://www.kernel.org/pub/linux/utils/kernel/kmod/%{name}-%{version}.tar.xz Source1: weak-modules Source2: depmod.conf.dist -Patch1: kmod-tip.patch +Patch1: kmod-tip.patch +# v33~1 "libkmod: avoid undefined behaviour in libkmod-builtin.c:get_string" +Patch2: 0001-libkmod-avoid-undefined-behaviour-in-libkmod-builtin.patch + Exclusiveos: Linux BuildRequires: gcc @@ -193,6 +196,10 @@ install -m 0644 %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/depmod.d/dist.conf %{_libdir}/libkmod.so %changelog +* Thu Aug 15 2024 Eugene Syromiatnikov - 31-8 +- Fix issues discovered by static analysis +- Resolves: RHEL-44931 + * Mon Aug 12 2024 Eugene Syromiatnikov - 31-7 - weak-modules: use either zcat or xzcat based on symvers file extension - Resolves: RHEL-39388