From 62e12e062cdd135e10848898d50c2c13c1f802e3 Mon Sep 17 00:00:00 2001
From: Eugene Syromiatnikov <esyr@redhat.com>
Date: Fri, 16 Aug 2024 15:16:28 +0200
Subject: [PATCH] Fix issues discovered by static analysis

Applu 4 patches that fix various minor issues:
 - v29~5 "libkmod: fix an overflow with wrong modules.builtin.modinfo"
 - v31~29 "libkmod: do not crash on unknown signature algorithm"
 - v31~18 "libkmod: error out on unknown hash algorithm"
 - v33~1 "libkmod: avoid undefined behaviour in libkmod-builtin.c:get_string"

* 0001-libkmod-avoid-undefined-behaviour-in-libkmod-builtin.patch: New
file.
* 0001-libkmod-do-not-crash-on-unknown-signature-algorithm.patch:
Likewise.
* 0001-libkmod-error-out-on-unknown-hash-algorithm.patch: Likewise.
* 0001-libkmod-fix-an-overflow-with-wrong-modules.builtin.m.patch:
Likewise.
* kmod.spec (Release): Bump to 10.
(Patch02, Patch03, Patch04, Patch05): New patches.
(%changelog): New record.

Resolves: RHEL-34073
Signed-off-by: Eugene Syromiatnikov <esyr@redhat.com>
---
 ...defined-behaviour-in-libkmod-builtin.patch | 44 +++++++++++++++++++
 ...crash-on-unknown-signature-algorithm.patch | 38 ++++++++++++++++
 ...-error-out-on-unknown-hash-algorithm.patch | 44 +++++++++++++++++++
 ...verflow-with-wrong-modules.builtin.m.patch | 29 ++++++++++++
 kmod.spec                                     | 14 +++++-
 5 files changed, 168 insertions(+), 1 deletion(-)
 create mode 100644 0001-libkmod-avoid-undefined-behaviour-in-libkmod-builtin.patch
 create mode 100644 0001-libkmod-do-not-crash-on-unknown-signature-algorithm.patch
 create mode 100644 0001-libkmod-error-out-on-unknown-hash-algorithm.patch
 create mode 100644 0001-libkmod-fix-an-overflow-with-wrong-modules.builtin.m.patch

diff --git a/0001-libkmod-avoid-undefined-behaviour-in-libkmod-builtin.patch b/0001-libkmod-avoid-undefined-behaviour-in-libkmod-builtin.patch
new file mode 100644
index 0000000..bc47622
--- /dev/null
+++ b/0001-libkmod-avoid-undefined-behaviour-in-libkmod-builtin.patch
@@ -0,0 +1,44 @@
+From 5c22362b6b97af9c6b7587f0c3450001e9893115 Mon Sep 17 00:00:00 2001
+From: Eugene Syromiatnikov <esyr@redhat.com>
+Date: Tue, 13 Aug 2024 16:17:27 +0200
+Subject: [PATCH] libkmod: avoid undefined behaviour in
+ libkmod-builtin.c:get_string
+
+Static analysis has reported a potential UB:
+
+    kmod-31/libkmod/libkmod-builtin.c:125: use_invalid: Using "nullp", which points to an out-of-scope variable "buf".
+    #  123|   	size_t linesz = 0;
+    #  124|
+    #  125|-> 	while (!nullp) {
+    #  126|   		char buf[BUFSIZ];
+    #  127|   		ssize_t sz;
+
+It seems to be indeed an UB, as nullp is getting assined an address
+inside object buf, which has a lifetime of the while loop body,
+and is not available outside of it (specifically, in the while
+condition, where nullp is checked for NULL).  Fix it by putting
+buf definition in the outer block.
+---
+ libkmod/libkmod-builtin.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/libkmod/libkmod-builtin.c b/libkmod/libkmod-builtin.c
+index fd0f549..40a7d61 100644
+--- a/libkmod/libkmod-builtin.c
++++ b/libkmod/libkmod-builtin.c
+@@ -105,11 +105,11 @@ static off_t get_string(struct kmod_builtin_iter *iter, off_t offset,
+ 			char **line, size_t *size)
+ {
+ 	int sv_errno;
++	char buf[BUFSIZ];
+ 	char *nullp = NULL;
+ 	size_t linesz = 0;
+ 
+ 	while (!nullp) {
+-		char buf[BUFSIZ];
+ 		ssize_t sz;
+ 		size_t partsz;
+ 
+-- 
+2.13.6
+
diff --git a/0001-libkmod-do-not-crash-on-unknown-signature-algorithm.patch b/0001-libkmod-do-not-crash-on-unknown-signature-algorithm.patch
new file mode 100644
index 0000000..6725d8c
--- /dev/null
+++ b/0001-libkmod-do-not-crash-on-unknown-signature-algorithm.patch
@@ -0,0 +1,38 @@
+From d5950b0b5e66a5ec1c21b638dec3974056aaabeb Mon Sep 17 00:00:00 2001
+From: Mikhail Novosyolov <m.novosyolov@rosalinux.ru>
+Date: Sun, 25 Sep 2022 17:46:08 +0300
+Subject: [PATCH] libkmod: do not crash on unknown signature algorithm
+
+Example kernel module:
+https://file-store.rosalinux.ru/download/7281f97e0c04c0f818ad3f936706f4a407e8dc7e
+(/lib/modules/5.15.67-generic-1rosa2021.1-x86_64/kernel/drivers/usb/host/xhci-pci.ko.zst)
+It is signed with Streebog 512.
+
+libkmod v30 crashed in libkmod-module.c:2413 in this code:
+
+n = kmod_module_info_append(list,
+	"sig_hashalgo", strlen("sig_hashalgo"),
+	sig_info.hash_algo, strlen(sig_info.hash_algo));
+
+because strlen() got null.
+---
+ libkmod/libkmod-signature.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/libkmod/libkmod-signature.c b/libkmod/libkmod-signature.c
+index 4ae5af6..092f396 100644
+--- a/libkmod/libkmod-signature.c
++++ b/libkmod/libkmod-signature.c
+@@ -278,6 +278,9 @@ static bool fill_pkcs7(const char *mem, off_t size,
+ 	X509_ALGOR_get0(&o, NULL, NULL, dig_alg);
+ 
+ 	sig_info->hash_algo = pkey_hash_algo[obj_to_hash_algo(o)];
++	// hash algo has not been recognized
++	if (sig_info->hash_algo == NULL)
++		goto err3;
+ 	sig_info->id_type = pkey_id_type[modsig->id_type];
+ 
+ 	pvt = malloc(sizeof(*pvt));
+-- 
+2.13.6
+
diff --git a/0001-libkmod-error-out-on-unknown-hash-algorithm.patch b/0001-libkmod-error-out-on-unknown-hash-algorithm.patch
new file mode 100644
index 0000000..afd724e
--- /dev/null
+++ b/0001-libkmod-error-out-on-unknown-hash-algorithm.patch
@@ -0,0 +1,44 @@
+From b9605c63b859adfffc0b4b9420d720aa323b90e9 Mon Sep 17 00:00:00 2001
+From: Emil Velikov <emil.velikov@collabora.com>
+Date: Mon, 6 Feb 2023 14:32:59 +0000
+Subject: [PATCH] libkmod: error out on unknown hash algorithm
+
+Currently if we see unknown algorithm, we'll do an OOB read in
+pkey_hash_algo. This can happen for example if OPENSSL_NO_SM3 is set and
+the kernel module uses a SM3 hash.
+
+Cc: Mikhail Novosyolov <m.novosyolov@rosalinux.ru>
+Cc: Lucas De Marchi <lucas.demarchi@intel.com>
+Signed-off-by: Emil Velikov <emil.velikov@collabora.com>
+Signed-off-by: Lucas De Marchi <lucas.de.marchi@gmail.com>
+---
+ libkmod/libkmod-signature.c | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/libkmod/libkmod-signature.c b/libkmod/libkmod-signature.c
+index 092f396..b749a81 100644
+--- a/libkmod/libkmod-signature.c
++++ b/libkmod/libkmod-signature.c
+@@ -219,6 +219,7 @@ static bool fill_pkcs7(const char *mem, off_t size,
+ 	unsigned char *key_id_str;
+ 	struct pkcs7_private *pvt;
+ 	const char *issuer_str;
++	int hash_algo;
+ 
+ 	size -= sig_len;
+ 	pkcs7_raw = mem + size;
+@@ -277,7 +278,10 @@ static bool fill_pkcs7(const char *mem, off_t size,
+ 
+ 	X509_ALGOR_get0(&o, NULL, NULL, dig_alg);
+ 
+-	sig_info->hash_algo = pkey_hash_algo[obj_to_hash_algo(o)];
++	hash_algo = obj_to_hash_algo(o);
++	if (hash_algo < 0)
++		goto err3;
++	sig_info->hash_algo = pkey_hash_algo[hash_algo];
+ 	// hash algo has not been recognized
+ 	if (sig_info->hash_algo == NULL)
+ 		goto err3;
+-- 
+2.13.6
+
diff --git a/0001-libkmod-fix-an-overflow-with-wrong-modules.builtin.m.patch b/0001-libkmod-fix-an-overflow-with-wrong-modules.builtin.m.patch
new file mode 100644
index 0000000..57ced0d
--- /dev/null
+++ b/0001-libkmod-fix-an-overflow-with-wrong-modules.builtin.m.patch
@@ -0,0 +1,29 @@
+From 1cab02ecf6ee2a0aa34f3615dfd99c59f7e04e90 Mon Sep 17 00:00:00 2001
+From: Seung-Woo Kim <sw0312.kim@samsung.com>
+Date: Tue, 13 Apr 2021 20:23:14 +0900
+Subject: [PATCH] libkmod: fix an overflow with wrong modules.builtin.modinfo
+
+Fix a possbile overflow with exact PATH_MAX length modname
+in wrong modules.builtin.modinfo.
+
+Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
+---
+ libkmod/libkmod-builtin.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/libkmod/libkmod-builtin.c b/libkmod/libkmod-builtin.c
+index fc9a376..a75a542 100644
+--- a/libkmod/libkmod-builtin.c
++++ b/libkmod/libkmod-builtin.c
+@@ -246,7 +246,7 @@ bool kmod_builtin_iter_get_modname(struct kmod_builtin_iter *iter,
+ 
+ 	len = dot - line;
+ 
+-	if (len > PATH_MAX) {
++	if (len >= PATH_MAX) {
+ 		sv_errno = ENAMETOOLONG;
+ 		goto fail;
+ 	}
+-- 
+2.13.6
+
diff --git a/kmod.spec b/kmod.spec
index 65ea6cd..6550ee3 100644
--- a/kmod.spec
+++ b/kmod.spec
@@ -1,6 +1,6 @@
 Name:		kmod
 Version:	28
-Release:	9%{?dist}
+Release:	10%{?dist}
 Summary:	Linux kernel module management utilities
 
 License:	GPLv2+
@@ -11,6 +11,14 @@ Source2:	depmod.conf.dist
 Exclusiveos:	Linux
 
 Patch01:	man-rmmod-explain-why-modprobe-r-is-more-useful.patch
+# v29~5 "libkmod: fix an overflow with wrong modules.builtin.modinfo"
+Patch02:	0001-libkmod-fix-an-overflow-with-wrong-modules.builtin.m.patch
+# v31~29 "libkmod: do not crash on unknown signature algorithm"
+Patch03:	0001-libkmod-do-not-crash-on-unknown-signature-algorithm.patch
+# v31~18 "libkmod: error out on unknown hash algorithm"
+Patch04:	0001-libkmod-error-out-on-unknown-hash-algorithm.patch
+# v33~1 "libkmod: avoid undefined behaviour in libkmod-builtin.c:get_string"
+Patch05:	0001-libkmod-avoid-undefined-behaviour-in-libkmod-builtin.patch
 
 BuildRequires:  gcc
 BuildRequires:	chrpath
@@ -111,6 +119,10 @@ install -m 0644 %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/depmod.d/dist.conf
 %{_libdir}/libkmod.so
 
 %changelog
+* Thu Aug 15 2024 Eugene Syromiatnikov <esyr@redhat.com> - 28-10
+- Fix issues discovered by static analysis
+- Resolves: RHEL-34073
+
 * Thu May 11 2023 Eugene Syromiatnikov <esyr@redhat.com> - 28-9
 - Add symvers.xz support to weak-modules
 - Resolves: rhbz#2192895