import libnetfilter_cthelper-1.0.0-15.el8
This commit is contained in:
parent
db9cfb7591
commit
5eaa6787f5
31
SOURCES/0001-build-resolve-automake-1.12-warnings.patch
Normal file
31
SOURCES/0001-build-resolve-automake-1.12-warnings.patch
Normal file
@ -0,0 +1,31 @@
|
||||
From a6dbba81630db3f647d341c80c9ffa69f80eb869 Mon Sep 17 00:00:00 2001
|
||||
From: Jan Engelhardt <jengelh@inai.de>
|
||||
Date: Mon, 8 Oct 2012 14:54:27 +0200
|
||||
Subject: [PATCH] build: resolve automake-1.12 warnings
|
||||
|
||||
/usr/share/automake-1.12/am/ltlibrary.am: warning:
|
||||
'libnetfilter_cthelper.la': linking libtool libraries using a non-POSIX
|
||||
archiver requires 'AM_PROG_AR' in 'configure.ac'
|
||||
|
||||
Signed-off-by: Jan Engelhardt <jengelh@inai.de>
|
||||
(cherry picked from commit af9ae9053e35f2861b9fcdf175500bdce42e597d)
|
||||
Signed-off-by: Phil Sutter <psutter@redhat.com>
|
||||
---
|
||||
configure.ac | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/configure.ac b/configure.ac
|
||||
index d9b0118ef0332..d52b1ce3841c2 100644
|
||||
--- a/configure.ac
|
||||
+++ b/configure.ac
|
||||
@@ -8,6 +8,7 @@ AC_CONFIG_HEADERS([config.h])
|
||||
|
||||
AM_INIT_AUTOMAKE([-Wall foreign tar-pax no-dist-gzip dist-bzip2
|
||||
1.6 subdir-objects])
|
||||
+m4_ifdef([AM_PROG_AR], [AM_PROG_AR])
|
||||
|
||||
dnl kernel style compile messages
|
||||
m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])])
|
||||
--
|
||||
2.23.0
|
||||
|
40
SOURCES/0002-Update-.gitignore.patch
Normal file
40
SOURCES/0002-Update-.gitignore.patch
Normal file
@ -0,0 +1,40 @@
|
||||
From 490757aa64308c49611ae50e75470d9fd87ec6d2 Mon Sep 17 00:00:00 2001
|
||||
From: Jan Engelhardt <jengelh@inai.de>
|
||||
Date: Mon, 8 Oct 2012 14:55:39 +0200
|
||||
Subject: [PATCH] Update .gitignore
|
||||
|
||||
Signed-off-by: Jan Engelhardt <jengelh@inai.de>
|
||||
(cherry picked from commit c9753bf8e2bcc6510ca88133eaa79da1d9616550)
|
||||
Signed-off-by: Phil Sutter <psutter@redhat.com>
|
||||
---
|
||||
.gitignore | 18 ++++++++++++++++++
|
||||
1 file changed, 18 insertions(+)
|
||||
create mode 100644 .gitignore
|
||||
|
||||
diff --git a/.gitignore b/.gitignore
|
||||
new file mode 100644
|
||||
index 0000000000000..a83525b35be2b
|
||||
--- /dev/null
|
||||
+++ b/.gitignore
|
||||
@@ -0,0 +1,18 @@
|
||||
+.deps/
|
||||
+.libs/
|
||||
+Makefile
|
||||
+Makefile.in
|
||||
+*.o
|
||||
+*.la
|
||||
+*.lo
|
||||
+
|
||||
+/aclocal.m4
|
||||
+/autom4te.cache/
|
||||
+/build-aux/
|
||||
+/config.*
|
||||
+/configure
|
||||
+/libtool
|
||||
+
|
||||
+/doxygen.cfg
|
||||
+/*.pc
|
||||
+/stamp-h1
|
||||
--
|
||||
2.23.0
|
||||
|
29
SOURCES/0003-configure-uclinux-is-also-linux.patch
Normal file
29
SOURCES/0003-configure-uclinux-is-also-linux.patch
Normal file
@ -0,0 +1,29 @@
|
||||
From c69ddc73c814ecc2f9c68c68a0effb8bf7d6725b Mon Sep 17 00:00:00 2001
|
||||
From: Gustavo Zacarias <gustavo@zacarias.com.ar>
|
||||
Date: Tue, 10 Sep 2013 16:23:32 -0300
|
||||
Subject: [PATCH] configure: uclinux is also linux
|
||||
|
||||
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
|
||||
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||
(cherry picked from commit 0c52422eb236b16bc663a7f22df3e30fb9c8bf71)
|
||||
Signed-off-by: Phil Sutter <psutter@redhat.com>
|
||||
---
|
||||
configure.ac | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/configure.ac b/configure.ac
|
||||
index d52b1ce3841c2..9389b70ebb4de 100644
|
||||
--- a/configure.ac
|
||||
+++ b/configure.ac
|
||||
@@ -22,7 +22,7 @@ AC_DISABLE_STATIC
|
||||
LT_INIT
|
||||
CHECK_GCC_FVISIBILITY
|
||||
case "$host" in
|
||||
-*-*-linux*) ;;
|
||||
+*-*-linux* | *-*-uclinux*) ;;
|
||||
*) AC_MSG_ERROR([Linux only, dude!]);;
|
||||
esac
|
||||
|
||||
--
|
||||
2.23.0
|
||||
|
35
SOURCES/0004-src-fix-use-after-free.patch
Normal file
35
SOURCES/0004-src-fix-use-after-free.patch
Normal file
@ -0,0 +1,35 @@
|
||||
From 9fe9ae5010f159539b4fc51890b9f218422ee8d8 Mon Sep 17 00:00:00 2001
|
||||
From: Christopher Horler <cshorler@googlemail.com>
|
||||
Date: Mon, 8 Dec 2014 20:04:31 +0000
|
||||
Subject: [PATCH] src: fix use after free
|
||||
|
||||
Fixes: https://bugzilla.netfilter.org/show_bug.cgi?id=990
|
||||
|
||||
Signed-off-by: Christopher Horler <cshorler@googlemail.com>
|
||||
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||
(cherry picked from commit d48012fa7718195e3f897b01a36e4ba249aa6dfc)
|
||||
Signed-off-by: Phil Sutter <psutter@redhat.com>
|
||||
---
|
||||
src/libnetfilter_cthelper.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/libnetfilter_cthelper.c b/src/libnetfilter_cthelper.c
|
||||
index 297887040b20c..f8f58e6c9c5e8 100644
|
||||
--- a/src/libnetfilter_cthelper.c
|
||||
+++ b/src/libnetfilter_cthelper.c
|
||||
@@ -113,11 +113,11 @@ void nfct_helper_free(struct nfct_helper *h)
|
||||
{
|
||||
int i;
|
||||
|
||||
- free(h);
|
||||
for (i=0; i<NF_CT_HELPER_CLASS_MAX; i++) {
|
||||
if (h->expect_policy[i])
|
||||
free(h->expect_policy[i]);
|
||||
}
|
||||
+ free(h);
|
||||
}
|
||||
EXPORT_SYMBOL(nfct_helper_free);
|
||||
|
||||
--
|
||||
2.23.0
|
||||
|
85
SOURCES/0005-include-Sync-with-kernel-headers.patch
Normal file
85
SOURCES/0005-include-Sync-with-kernel-headers.patch
Normal file
@ -0,0 +1,85 @@
|
||||
From 68637125ac6842f20ac3898c0d0d252be882a017 Mon Sep 17 00:00:00 2001
|
||||
From: Felix Janda <felix.janda@posteo.de>
|
||||
Date: Sat, 16 May 2015 13:35:14 +0200
|
||||
Subject: [PATCH] include: Sync with kernel headers
|
||||
|
||||
Signed-off-by: Felix Janda <felix.janda@posteo.de>
|
||||
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||
(cherry picked from commit 7d55aff4686a5910f84b9045c98d6f01e1daa297)
|
||||
Signed-off-by: Phil Sutter <psutter@redhat.com>
|
||||
---
|
||||
include/linux/netfilter/nfnetlink.h | 52 ++++++-----------------------
|
||||
1 file changed, 11 insertions(+), 41 deletions(-)
|
||||
|
||||
diff --git a/include/linux/netfilter/nfnetlink.h b/include/linux/netfilter/nfnetlink.h
|
||||
index f1b546e85d590..c755646752011 100644
|
||||
--- a/include/linux/netfilter/nfnetlink.h
|
||||
+++ b/include/linux/netfilter/nfnetlink.h
|
||||
@@ -18,6 +18,10 @@ enum nfnetlink_groups {
|
||||
#define NFNLGRP_CONNTRACK_EXP_UPDATE NFNLGRP_CONNTRACK_EXP_UPDATE
|
||||
NFNLGRP_CONNTRACK_EXP_DESTROY,
|
||||
#define NFNLGRP_CONNTRACK_EXP_DESTROY NFNLGRP_CONNTRACK_EXP_DESTROY
|
||||
+ NFNLGRP_NFTABLES,
|
||||
+#define NFNLGRP_NFTABLES NFNLGRP_NFTABLES
|
||||
+ NFNLGRP_ACCT_QUOTA,
|
||||
+#define NFNLGRP_ACCT_QUOTA NFNLGRP_ACCT_QUOTA
|
||||
__NFNLGRP_MAX,
|
||||
};
|
||||
#define NFNLGRP_MAX (__NFNLGRP_MAX - 1)
|
||||
@@ -51,46 +55,12 @@ struct nfgenmsg {
|
||||
#define NFNL_SUBSYS_ACCT 7
|
||||
#define NFNL_SUBSYS_CTNETLINK_TIMEOUT 8
|
||||
#define NFNL_SUBSYS_CTHELPER 9
|
||||
-#define NFNL_SUBSYS_COUNT 10
|
||||
+#define NFNL_SUBSYS_NFTABLES 10
|
||||
+#define NFNL_SUBSYS_NFT_COMPAT 11
|
||||
+#define NFNL_SUBSYS_COUNT 12
|
||||
|
||||
-#ifdef __KERNEL__
|
||||
+/* Reserved control nfnetlink messages */
|
||||
+#define NFNL_MSG_BATCH_BEGIN NLMSG_MIN_TYPE
|
||||
+#define NFNL_MSG_BATCH_END NLMSG_MIN_TYPE+1
|
||||
|
||||
-#include <linux/netlink.h>
|
||||
-#include <linux/capability.h>
|
||||
-#include <net/netlink.h>
|
||||
-
|
||||
-struct nfnl_callback {
|
||||
- int (*call)(struct sock *nl, struct sk_buff *skb,
|
||||
- const struct nlmsghdr *nlh,
|
||||
- const struct nlattr * const cda[]);
|
||||
- int (*call_rcu)(struct sock *nl, struct sk_buff *skb,
|
||||
- const struct nlmsghdr *nlh,
|
||||
- const struct nlattr * const cda[]);
|
||||
- const struct nla_policy *policy; /* netlink attribute policy */
|
||||
- const u_int16_t attr_count; /* number of nlattr's */
|
||||
-};
|
||||
-
|
||||
-struct nfnetlink_subsystem {
|
||||
- const char *name;
|
||||
- __u8 subsys_id; /* nfnetlink subsystem ID */
|
||||
- __u8 cb_count; /* number of callbacks */
|
||||
- const struct nfnl_callback *cb; /* callback for individual types */
|
||||
-};
|
||||
-
|
||||
-extern int nfnetlink_subsys_register(const struct nfnetlink_subsystem *n);
|
||||
-extern int nfnetlink_subsys_unregister(const struct nfnetlink_subsystem *n);
|
||||
-
|
||||
-extern int nfnetlink_has_listeners(struct net *net, unsigned int group);
|
||||
-extern int nfnetlink_send(struct sk_buff *skb, struct net *net, u32 pid, unsigned group,
|
||||
- int echo, gfp_t flags);
|
||||
-extern int nfnetlink_set_err(struct net *net, u32 pid, u32 group, int error);
|
||||
-extern int nfnetlink_unicast(struct sk_buff *skb, struct net *net, u_int32_t pid, int flags);
|
||||
-
|
||||
-extern void nfnl_lock(void);
|
||||
-extern void nfnl_unlock(void);
|
||||
-
|
||||
-#define MODULE_ALIAS_NFNL_SUBSYS(subsys) \
|
||||
- MODULE_ALIAS("nfnetlink-subsys-" __stringify(subsys))
|
||||
-
|
||||
-#endif /* __KERNEL__ */
|
||||
-#endif /* _NFNETLINK_H */
|
||||
+#endif /* _NFNETLINK_H */
|
||||
--
|
||||
2.23.0
|
||||
|
387
SOURCES/0006-Use-__EXPORTED-rather-than-EXPORT_SYMBOL.patch
Normal file
387
SOURCES/0006-Use-__EXPORTED-rather-than-EXPORT_SYMBOL.patch
Normal file
@ -0,0 +1,387 @@
|
||||
From 06e046b30fe8d849c9e3425543661310c06797c7 Mon Sep 17 00:00:00 2001
|
||||
From: Kevin Cernekee <cernekee@chromium.org>
|
||||
Date: Wed, 4 Jan 2017 14:30:26 -0800
|
||||
Subject: [PATCH] Use __EXPORTED rather than EXPORT_SYMBOL
|
||||
|
||||
clang is sensitive to the ordering of
|
||||
__attribute__((visibility("default"))) relative to the function
|
||||
body. gcc is not. So if we try to re-declare an existing function
|
||||
with default visibility, clang prints a warning and generates
|
||||
a broken .so file in which nfct_helper_* are not exported to library
|
||||
callers.
|
||||
|
||||
Move the attribute up into the function definition to make clang happy.
|
||||
|
||||
Signed-off-by: Kevin Cernekee <cernekee@chromium.org>
|
||||
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||
(cherry picked from commit f58c5b09fb59baf07c942d373fc4d522b27e73c6)
|
||||
Signed-off-by: Phil Sutter <psutter@redhat.com>
|
||||
---
|
||||
doxygen.cfg.in | 2 +-
|
||||
src/internal.h | 5 +--
|
||||
src/libnetfilter_cthelper.c | 83 +++++++++++++++----------------------
|
||||
3 files changed, 36 insertions(+), 54 deletions(-)
|
||||
|
||||
diff --git a/doxygen.cfg.in b/doxygen.cfg.in
|
||||
index cac9b0510b4d7..190b7cd6e716e 100644
|
||||
--- a/doxygen.cfg.in
|
||||
+++ b/doxygen.cfg.in
|
||||
@@ -72,7 +72,7 @@ RECURSIVE = YES
|
||||
EXCLUDE =
|
||||
EXCLUDE_SYMLINKS = NO
|
||||
EXCLUDE_PATTERNS = */.git/* .*.d
|
||||
-EXCLUDE_SYMBOLS = EXPORT_SYMBOL
|
||||
+EXCLUDE_SYMBOLS =
|
||||
EXAMPLE_PATH =
|
||||
EXAMPLE_PATTERNS =
|
||||
EXAMPLE_RECURSIVE = NO
|
||||
diff --git a/src/internal.h b/src/internal.h
|
||||
index 3a88d1a1f7d8b..5d781718ddadc 100644
|
||||
--- a/src/internal.h
|
||||
+++ b/src/internal.h
|
||||
@@ -3,10 +3,9 @@
|
||||
|
||||
#include "config.h"
|
||||
#ifdef HAVE_VISIBILITY_HIDDEN
|
||||
-# define __visible __attribute__((visibility("default")))
|
||||
-# define EXPORT_SYMBOL(x) typeof(x) (x) __visible
|
||||
+# define __EXPORTED __attribute__((visibility("default")))
|
||||
#else
|
||||
-# define EXPORT_SYMBOL
|
||||
+# define __EXPORTED
|
||||
#endif
|
||||
|
||||
#endif
|
||||
diff --git a/src/libnetfilter_cthelper.c b/src/libnetfilter_cthelper.c
|
||||
index f8f58e6c9c5e8..af543a17fafa8 100644
|
||||
--- a/src/libnetfilter_cthelper.c
|
||||
+++ b/src/libnetfilter_cthelper.c
|
||||
@@ -99,17 +99,16 @@ struct nfct_helper {
|
||||
* In case of success, this function returns a valid pointer, otherwise NULL
|
||||
* s returned and errno is appropriately set.
|
||||
*/
|
||||
-struct nfct_helper *nfct_helper_alloc(void)
|
||||
+struct nfct_helper __EXPORTED *nfct_helper_alloc(void)
|
||||
{
|
||||
return calloc(1, sizeof(struct nfct_helper));
|
||||
}
|
||||
-EXPORT_SYMBOL(nfct_helper_alloc);
|
||||
|
||||
/**
|
||||
* nfct_helper_free - release one helper object
|
||||
* \param nfct_helper pointer to the helper object
|
||||
*/
|
||||
-void nfct_helper_free(struct nfct_helper *h)
|
||||
+void __EXPORTED nfct_helper_free(struct nfct_helper *h)
|
||||
{
|
||||
int i;
|
||||
|
||||
@@ -119,7 +118,6 @@ void nfct_helper_free(struct nfct_helper *h)
|
||||
}
|
||||
free(h);
|
||||
}
|
||||
-EXPORT_SYMBOL(nfct_helper_free);
|
||||
|
||||
/**
|
||||
* nfct_helper_policy_alloc - allocate a new helper policy object
|
||||
@@ -127,21 +125,19 @@ EXPORT_SYMBOL(nfct_helper_free);
|
||||
* In case of success, this function returns a valid pointer, otherwise NULL
|
||||
* s returned and errno is appropriately set.
|
||||
*/
|
||||
-struct nfct_helper_policy *nfct_helper_policy_alloc(void)
|
||||
+struct nfct_helper_policy __EXPORTED *nfct_helper_policy_alloc(void)
|
||||
{
|
||||
return calloc(1, sizeof(struct nfct_helper_policy));
|
||||
}
|
||||
-EXPORT_SYMBOL(nfct_helper_policy_alloc);
|
||||
|
||||
/**
|
||||
* nfct_helper_free - release one helper policy object
|
||||
* \param nfct_helper pointer to the helper object
|
||||
*/
|
||||
-void nfct_helper_policy_free(struct nfct_helper_policy *p)
|
||||
+void __EXPORTED nfct_helper_policy_free(struct nfct_helper_policy *p)
|
||||
{
|
||||
free(p);
|
||||
}
|
||||
-EXPORT_SYMBOL(nfct_helper_policy_free);
|
||||
|
||||
/**
|
||||
* nfct_helper_policy_attr_set - set one attribute of the helper object
|
||||
@@ -149,7 +145,7 @@ EXPORT_SYMBOL(nfct_helper_policy_free);
|
||||
* \param type attribute type you want to set
|
||||
* \param data pointer to data that will be used to set this attribute
|
||||
*/
|
||||
-void
|
||||
+void __EXPORTED
|
||||
nfct_helper_policy_attr_set(struct nfct_helper_policy *p,
|
||||
enum nfct_helper_policy_attr_type type,
|
||||
const void *data)
|
||||
@@ -170,7 +166,6 @@ nfct_helper_policy_attr_set(struct nfct_helper_policy *p,
|
||||
break;
|
||||
}
|
||||
}
|
||||
-EXPORT_SYMBOL(nfct_helper_policy_attr_set);
|
||||
|
||||
/**
|
||||
* nfct_helper_attr_set_str - set one attribute the helper object
|
||||
@@ -178,23 +173,21 @@ EXPORT_SYMBOL(nfct_helper_policy_attr_set);
|
||||
* \param type attribute type you want to set
|
||||
* \param name string that will be used to set this attribute
|
||||
*/
|
||||
-void
|
||||
+void __EXPORTED
|
||||
nfct_helper_policy_attr_set_str(struct nfct_helper_policy *p,
|
||||
enum nfct_helper_policy_attr_type type,
|
||||
const char *name)
|
||||
{
|
||||
nfct_helper_policy_attr_set(p, type, name);
|
||||
}
|
||||
-EXPORT_SYMBOL(nfct_helper_policy_attr_set_str);
|
||||
|
||||
-void
|
||||
+void __EXPORTED
|
||||
nfct_helper_policy_attr_set_u32(struct nfct_helper_policy *p,
|
||||
enum nfct_helper_policy_attr_type type,
|
||||
uint32_t value)
|
||||
{
|
||||
nfct_helper_policy_attr_set(p, type, &value);
|
||||
}
|
||||
-EXPORT_SYMBOL(nfct_helper_policy_attr_set_u32);
|
||||
|
||||
/**
|
||||
* nfct_helper_attr_set - set one attribute of the helper object
|
||||
@@ -202,7 +195,7 @@ EXPORT_SYMBOL(nfct_helper_policy_attr_set_u32);
|
||||
* \param type attribute type you want to set
|
||||
* \param data pointer to data that will be used to set this attribute
|
||||
*/
|
||||
-void
|
||||
+void __EXPORTED
|
||||
nfct_helper_attr_set(struct nfct_helper *h,
|
||||
enum nfct_helper_attr_type type, const void *data)
|
||||
{
|
||||
@@ -250,7 +243,6 @@ nfct_helper_attr_set(struct nfct_helper *h,
|
||||
break;
|
||||
}
|
||||
}
|
||||
-EXPORT_SYMBOL(nfct_helper_attr_set);
|
||||
|
||||
/**
|
||||
* nfct_helper_attr_set_str - set one attribute the helper object
|
||||
@@ -258,44 +250,40 @@ EXPORT_SYMBOL(nfct_helper_attr_set);
|
||||
* \param type attribute type you want to set
|
||||
* \param name string that will be used to set this attribute
|
||||
*/
|
||||
-void
|
||||
+void __EXPORTED
|
||||
nfct_helper_attr_set_str(struct nfct_helper *nfct_helper, enum nfct_helper_attr_type type,
|
||||
const char *name)
|
||||
{
|
||||
nfct_helper_attr_set(nfct_helper, type, name);
|
||||
}
|
||||
-EXPORT_SYMBOL(nfct_helper_attr_set_str);
|
||||
|
||||
-void
|
||||
+void __EXPORTED
|
||||
nfct_helper_attr_set_u8(struct nfct_helper *nfct_helper,
|
||||
enum nfct_helper_attr_type type, uint8_t value)
|
||||
{
|
||||
nfct_helper_attr_set(nfct_helper, type, &value);
|
||||
}
|
||||
-EXPORT_SYMBOL(nfct_helper_attr_set_u8);
|
||||
|
||||
-void
|
||||
+void __EXPORTED
|
||||
nfct_helper_attr_set_u16(struct nfct_helper *nfct_helper,
|
||||
enum nfct_helper_attr_type type, uint16_t value)
|
||||
{
|
||||
nfct_helper_attr_set(nfct_helper, type, &value);
|
||||
}
|
||||
-EXPORT_SYMBOL(nfct_helper_attr_set_u16);
|
||||
|
||||
-void
|
||||
+void __EXPORTED
|
||||
nfct_helper_attr_set_u32(struct nfct_helper *nfct_helper,
|
||||
enum nfct_helper_attr_type type, uint32_t value)
|
||||
{
|
||||
nfct_helper_attr_set(nfct_helper, type, &value);
|
||||
}
|
||||
-EXPORT_SYMBOL(nfct_helper_attr_set_u32);
|
||||
|
||||
/**
|
||||
* nfct_helper_attr_unset - unset one attribute the helper object
|
||||
* \param nfct_helper pointer to the helper object
|
||||
* \param type attribute type you want to set
|
||||
*/
|
||||
-void
|
||||
+void __EXPORTED
|
||||
nfct_helper_attr_unset(struct nfct_helper *nfct_helper, enum nfct_helper_attr_type type)
|
||||
{
|
||||
switch(type) {
|
||||
@@ -307,7 +295,6 @@ nfct_helper_attr_unset(struct nfct_helper *nfct_helper, enum nfct_helper_attr_ty
|
||||
break;
|
||||
}
|
||||
}
|
||||
-EXPORT_SYMBOL(nfct_helper_attr_unset);
|
||||
|
||||
/**
|
||||
* nfct_helper_attr_get - get one attribute the helper object
|
||||
@@ -317,8 +304,9 @@ EXPORT_SYMBOL(nfct_helper_attr_unset);
|
||||
* This function returns a valid pointer to the attribute data. If a
|
||||
* unsupported attribute is used, this returns NULL.
|
||||
*/
|
||||
-const void *nfct_helper_attr_get(struct nfct_helper *helper,
|
||||
- enum nfct_helper_attr_type type)
|
||||
+const void __EXPORTED *
|
||||
+nfct_helper_attr_get(struct nfct_helper *helper,
|
||||
+ enum nfct_helper_attr_type type)
|
||||
{
|
||||
const void *ret = NULL;
|
||||
|
||||
@@ -358,7 +346,6 @@ const void *nfct_helper_attr_get(struct nfct_helper *helper,
|
||||
}
|
||||
return ret;
|
||||
}
|
||||
-EXPORT_SYMBOL(nfct_helper_attr_get);
|
||||
|
||||
/**
|
||||
* nfct_helper_attr_get_str - get one attribute the helper object
|
||||
@@ -368,13 +355,12 @@ EXPORT_SYMBOL(nfct_helper_attr_get);
|
||||
* This function returns a valid pointer to the beginning of the string.
|
||||
* If the attribute is unsupported, this returns NULL.
|
||||
*/
|
||||
-const char *
|
||||
+const char __EXPORTED *
|
||||
nfct_helper_attr_get_str(struct nfct_helper *nfct_helper,
|
||||
enum nfct_helper_attr_type type)
|
||||
{
|
||||
return (const char *)nfct_helper_attr_get(nfct_helper, type);
|
||||
}
|
||||
-EXPORT_SYMBOL(nfct_helper_attr_get_str);
|
||||
|
||||
/**
|
||||
* nfct_helper_attr_get_u8 - get one attribute the helper object
|
||||
@@ -384,12 +370,12 @@ EXPORT_SYMBOL(nfct_helper_attr_get_str);
|
||||
* This function returns a unsigned 8-bits integer. If the attribute is
|
||||
* unsupported, this returns NULL.
|
||||
*/
|
||||
-uint8_t nfct_helper_attr_get_u8(struct nfct_helper *nfct_helper,
|
||||
- enum nfct_helper_attr_type type)
|
||||
+uint8_t __EXPORTED
|
||||
+nfct_helper_attr_get_u8(struct nfct_helper *nfct_helper,
|
||||
+ enum nfct_helper_attr_type type)
|
||||
{
|
||||
return *((uint8_t *)nfct_helper_attr_get(nfct_helper, type));
|
||||
}
|
||||
-EXPORT_SYMBOL(nfct_helper_attr_get_u8);
|
||||
|
||||
/**
|
||||
* nfct_helper_attr_get_u16 - get one attribute the helper object
|
||||
@@ -399,12 +385,12 @@ EXPORT_SYMBOL(nfct_helper_attr_get_u8);
|
||||
* This function returns a unsigned 16-bits integer. If the attribute is
|
||||
* unsupported, this returns NULL.
|
||||
*/
|
||||
-uint16_t nfct_helper_attr_get_u16(struct nfct_helper *nfct_helper,
|
||||
- enum nfct_helper_attr_type type)
|
||||
+uint16_t __EXPORTED
|
||||
+nfct_helper_attr_get_u16(struct nfct_helper *nfct_helper,
|
||||
+ enum nfct_helper_attr_type type)
|
||||
{
|
||||
return *((uint16_t *)nfct_helper_attr_get(nfct_helper, type));
|
||||
}
|
||||
-EXPORT_SYMBOL(nfct_helper_attr_get_u16);
|
||||
|
||||
/**
|
||||
* nfct_helper_attr_get_u32 - get one attribute the helper object
|
||||
@@ -414,12 +400,12 @@ EXPORT_SYMBOL(nfct_helper_attr_get_u16);
|
||||
* This function returns a unsigned 32-bits integer. If the attribute is
|
||||
* unsupported, this returns NULL.
|
||||
*/
|
||||
-uint32_t nfct_helper_attr_get_u32(struct nfct_helper *nfct_helper,
|
||||
- enum nfct_helper_attr_type type)
|
||||
+uint32_t __EXPORTED
|
||||
+nfct_helper_attr_get_u32(struct nfct_helper *nfct_helper,
|
||||
+ enum nfct_helper_attr_type type)
|
||||
{
|
||||
return *((uint32_t *)nfct_helper_attr_get(nfct_helper, type));
|
||||
}
|
||||
-EXPORT_SYMBOL(nfct_helper_attr_get_u32);
|
||||
|
||||
/**
|
||||
* nfct_helper_snprintf - print helper object into one buffer
|
||||
@@ -431,9 +417,10 @@ EXPORT_SYMBOL(nfct_helper_attr_get_u32);
|
||||
* This function returns -1 in case that some mandatory attributes are
|
||||
* missing. On sucess, it returns 0.
|
||||
*/
|
||||
-int nfct_helper_snprintf(char *buf, size_t size,
|
||||
- struct nfct_helper *helper,
|
||||
- unsigned int type, unsigned int flags)
|
||||
+int __EXPORTED
|
||||
+nfct_helper_snprintf(char *buf, size_t size,
|
||||
+ struct nfct_helper *helper,
|
||||
+ unsigned int type, unsigned int flags)
|
||||
{
|
||||
int ret;
|
||||
|
||||
@@ -454,7 +441,6 @@ int nfct_helper_snprintf(char *buf, size_t size,
|
||||
|
||||
return ret;
|
||||
}
|
||||
-EXPORT_SYMBOL(nfct_helper_snprintf);
|
||||
|
||||
/**
|
||||
* @}
|
||||
@@ -490,7 +476,7 @@ EXPORT_SYMBOL(nfct_helper_snprintf);
|
||||
* - Command NFNL_MSG_ACCT_DEL, to delete one specific nfct_helper object (if
|
||||
* unused, otherwise you hit EBUSY).
|
||||
*/
|
||||
-struct nlmsghdr *
|
||||
+struct nlmsghdr __EXPORTED *
|
||||
nfct_helper_nlmsg_build_hdr(char *buf, uint8_t cmd,
|
||||
uint16_t flags, uint32_t seq)
|
||||
{
|
||||
@@ -509,7 +495,6 @@ nfct_helper_nlmsg_build_hdr(char *buf, uint8_t cmd,
|
||||
|
||||
return nlh;
|
||||
}
|
||||
-EXPORT_SYMBOL(nfct_helper_nlmsg_build_hdr);
|
||||
|
||||
static void
|
||||
nfct_helper_nlmsg_build_policy(struct nlmsghdr *nlh,
|
||||
@@ -530,7 +515,7 @@ nfct_helper_nlmsg_build_policy(struct nlmsghdr *nlh,
|
||||
* \param nlh: netlink message that you want to use to add the payload.
|
||||
* \param nfct_helper: pointer to a helper object
|
||||
*/
|
||||
-void
|
||||
+void __EXPORTED
|
||||
nfct_helper_nlmsg_build_payload(struct nlmsghdr *nlh, struct nfct_helper *h)
|
||||
{
|
||||
struct nlattr *nest;
|
||||
@@ -593,7 +578,6 @@ nfct_helper_nlmsg_build_payload(struct nlmsghdr *nlh, struct nfct_helper *h)
|
||||
if (h->bitset & (1 << NFCTH_ATTR_STATUS))
|
||||
mnl_attr_put_u32(nlh, NFCTH_STATUS, ntohl(h->status));
|
||||
}
|
||||
-EXPORT_SYMBOL(nfct_helper_nlmsg_build_payload);
|
||||
|
||||
static int
|
||||
nfct_helper_nlmsg_parse_tuple_cb(const struct nlattr *attr, void *data)
|
||||
@@ -795,7 +779,7 @@ nfct_helper_nlmsg_parse_attr_cb(const struct nlattr *attr, void *data)
|
||||
* This function returns -1 in case that some mandatory attributes are
|
||||
* missing. On sucess, it returns 0.
|
||||
*/
|
||||
-int
|
||||
+int __EXPORTED
|
||||
nfct_helper_nlmsg_parse_payload(const struct nlmsghdr *nlh,
|
||||
struct nfct_helper *h)
|
||||
{
|
||||
@@ -832,7 +816,6 @@ nfct_helper_nlmsg_parse_payload(const struct nlmsghdr *nlh,
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
-EXPORT_SYMBOL(nfct_helper_nlmsg_parse_payload);
|
||||
|
||||
/**
|
||||
* @}
|
||||
--
|
||||
2.23.0
|
||||
|
@ -0,0 +1,51 @@
|
||||
From e155035446b39f6cda9c74c079e0b71cc408bb0b Mon Sep 17 00:00:00 2001
|
||||
From: Liping Zhang <zlpnobody@gmail.com>
|
||||
Date: Sun, 19 Mar 2017 22:01:10 +0800
|
||||
Subject: [PATCH] examples: fix double free in nftc-helper-add
|
||||
|
||||
After inputting the following test command, core dump happened:
|
||||
# ./examples/nfct-helper-add test 1
|
||||
*** Error in
|
||||
`.../libnetfilter_cthelper/examples/.libs/lt-nfct-helper-add':
|
||||
double free or corruption (fasttop): 0x0000000001f3c070 ***
|
||||
======= Backtrace: =========
|
||||
/lib64/libc.so.6(+0x77de5)[0x7fd9ebe88de5]
|
||||
/lib64/libc.so.6(+0x8022a)[0x7fd9ebe9122a]
|
||||
/lib64/libc.so.6(cfree+0x4c)[0x7fd9ebe9478c]
|
||||
[...]
|
||||
|
||||
Because "struct nfct_helper_policy *p" had been freed by nfct_helper_free,
|
||||
so there's no need to invoke nfct_helper_policy_free again, otherwise
|
||||
double free error will happen.
|
||||
|
||||
Signed-off-by: Liping Zhang <zlpnobody@gmail.com>
|
||||
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||
(cherry picked from commit 9f223e612d3b0be6e4dca84e1db8042dbec64e93)
|
||||
Signed-off-by: Phil Sutter <psutter@redhat.com>
|
||||
---
|
||||
examples/nfct-helper-add.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/examples/nfct-helper-add.c b/examples/nfct-helper-add.c
|
||||
index 6c476261b75e8..cb7291e8ec4b0 100644
|
||||
--- a/examples/nfct-helper-add.c
|
||||
+++ b/examples/nfct-helper-add.c
|
||||
@@ -32,6 +32,7 @@ int main(int argc, char *argv[])
|
||||
nfct_helper_attr_set_u16(nfct_helper, NFCTH_ATTR_PROTO_L3NUM, AF_INET);
|
||||
nfct_helper_attr_set_u8(nfct_helper, NFCTH_ATTR_PROTO_L4NUM, IPPROTO_TCP);
|
||||
|
||||
+ /* Will be freed by nfct_helper_free. */
|
||||
p = nfct_helper_policy_alloc();
|
||||
if (p == NULL) {
|
||||
perror("OOM");
|
||||
@@ -49,7 +50,6 @@ int main(int argc, char *argv[])
|
||||
nfct_helper_nlmsg_build_payload(nlh, nfct_helper);
|
||||
|
||||
nfct_helper_free(nfct_helper);
|
||||
- nfct_helper_policy_free(p);
|
||||
|
||||
nl = mnl_socket_open(NETLINK_NETFILTER);
|
||||
if (nl == NULL) {
|
||||
--
|
||||
2.23.0
|
||||
|
@ -0,0 +1,32 @@
|
||||
From 5edc15389bb0b9d9a1c87eedb17edb58a28cebae Mon Sep 17 00:00:00 2001
|
||||
From: Liping Zhang <zlpnobody@gmail.com>
|
||||
Date: Wed, 22 Mar 2017 21:00:47 +0800
|
||||
Subject: [PATCH] examples: kill the "invalid argument" error in
|
||||
nftc-helper-add
|
||||
|
||||
NFCTH_PRIV_DATA_LEN is a must attribute required by the kernel when
|
||||
creating the cthelper, add it now. Otherwise -EINVAL will be returned.
|
||||
|
||||
Signed-off-by: Liping Zhang <zlpnobody@gmail.com>
|
||||
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||
(cherry picked from commit 5fec728cf69d137450e230a88793b1251176c035)
|
||||
Signed-off-by: Phil Sutter <psutter@redhat.com>
|
||||
---
|
||||
examples/nfct-helper-add.c | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/examples/nfct-helper-add.c b/examples/nfct-helper-add.c
|
||||
index cb7291e8ec4b0..79e09637415d3 100644
|
||||
--- a/examples/nfct-helper-add.c
|
||||
+++ b/examples/nfct-helper-add.c
|
||||
@@ -31,6 +31,7 @@ int main(int argc, char *argv[])
|
||||
nfct_helper_attr_set_u32(nfct_helper, NFCTH_ATTR_QUEUE_NUM, atoi(argv[2]));
|
||||
nfct_helper_attr_set_u16(nfct_helper, NFCTH_ATTR_PROTO_L3NUM, AF_INET);
|
||||
nfct_helper_attr_set_u8(nfct_helper, NFCTH_ATTR_PROTO_L4NUM, IPPROTO_TCP);
|
||||
+ nfct_helper_attr_set_u32(nfct_helper, NFCTH_ATTR_PRIV_DATA_LEN, 0);
|
||||
|
||||
/* Will be freed by nfct_helper_free. */
|
||||
p = nfct_helper_policy_alloc();
|
||||
--
|
||||
2.23.0
|
||||
|
@ -0,0 +1,92 @@
|
||||
From 4dcb3ad120ba11bf62fd880f028339b41c6fbeb5 Mon Sep 17 00:00:00 2001
|
||||
From: Liping Zhang <zlpnobody@gmail.com>
|
||||
Date: Mon, 20 Mar 2017 22:35:22 +0800
|
||||
Subject: [PATCH] src: fix incorrect building and parsing of the
|
||||
NFCTH_POLICY_SETX attribute
|
||||
|
||||
In nfct_helper_nlmsg_build_policy(), we always set the attribute type to
|
||||
NFCTH_POLICY_SET, so we cannot add more than one nfct_helper_policy to
|
||||
the kernel.
|
||||
|
||||
Also: in nfct_helper_nlmsg_parse_policy(), we will increase the
|
||||
helper->policy_num for each nfct_helper_policy, but we mistakenly set it
|
||||
to the total number of nfct_helper_policy. So when the total number is
|
||||
more than 3, later out of bound access will happen.
|
||||
|
||||
Signed-off-by: Liping Zhang <zlpnobody@gmail.com>
|
||||
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||
(cherry picked from commit 5ed4ddea21f30e8829def3603b2d112766a756f2)
|
||||
Signed-off-by: Phil Sutter <psutter@redhat.com>
|
||||
---
|
||||
src/libnetfilter_cthelper.c | 23 +++++++++++------------
|
||||
1 file changed, 11 insertions(+), 12 deletions(-)
|
||||
|
||||
diff --git a/src/libnetfilter_cthelper.c b/src/libnetfilter_cthelper.c
|
||||
index af543a17fafa8..7ed1f6457eb5f 100644
|
||||
--- a/src/libnetfilter_cthelper.c
|
||||
+++ b/src/libnetfilter_cthelper.c
|
||||
@@ -497,12 +497,12 @@ nfct_helper_nlmsg_build_hdr(char *buf, uint8_t cmd,
|
||||
}
|
||||
|
||||
static void
|
||||
-nfct_helper_nlmsg_build_policy(struct nlmsghdr *nlh,
|
||||
+nfct_helper_nlmsg_build_policy(struct nlmsghdr *nlh, uint16_t type,
|
||||
struct nfct_helper_policy *p)
|
||||
{
|
||||
struct nlattr *nest;
|
||||
|
||||
- nest = mnl_attr_nest_start(nlh, NFCTH_POLICY_SET);
|
||||
+ nest = mnl_attr_nest_start(nlh, type);
|
||||
mnl_attr_put_strz(nlh, NFCTH_POLICY_NAME, p->name);
|
||||
mnl_attr_put_u32(nlh, NFCTH_POLICY_EXPECT_MAX, htonl(p->expect_max));
|
||||
mnl_attr_put_u32(nlh, NFCTH_POLICY_EXPECT_TIMEOUT,
|
||||
@@ -549,22 +549,22 @@ nfct_helper_nlmsg_build_payload(struct nlmsghdr *nlh, struct nfct_helper *h)
|
||||
int policy_set_num = 0;
|
||||
|
||||
if (h->bitset & (1 << NFCTH_ATTR_POLICY1)) {
|
||||
- nfct_helper_nlmsg_build_policy(nlh,
|
||||
+ nfct_helper_nlmsg_build_policy(nlh, NFCTH_POLICY_SET1,
|
||||
h->expect_policy[0]);
|
||||
policy_set_num++;
|
||||
}
|
||||
if (h->bitset & (1 << NFCTH_ATTR_POLICY2)) {
|
||||
- nfct_helper_nlmsg_build_policy(nlh,
|
||||
+ nfct_helper_nlmsg_build_policy(nlh, NFCTH_POLICY_SET2,
|
||||
h->expect_policy[1]);
|
||||
policy_set_num++;
|
||||
}
|
||||
if (h->bitset & (1 << NFCTH_ATTR_POLICY3)) {
|
||||
- nfct_helper_nlmsg_build_policy(nlh,
|
||||
+ nfct_helper_nlmsg_build_policy(nlh, NFCTH_POLICY_SET3,
|
||||
h->expect_policy[2]);
|
||||
policy_set_num++;
|
||||
}
|
||||
if (h->bitset & (1 << NFCTH_ATTR_POLICY4)) {
|
||||
- nfct_helper_nlmsg_build_policy(nlh,
|
||||
+ nfct_helper_nlmsg_build_policy(nlh, NFCTH_POLICY_SET4,
|
||||
h->expect_policy[3]);
|
||||
policy_set_num++;
|
||||
}
|
||||
@@ -717,14 +717,13 @@ nfct_helper_nlmsg_parse_policy_set(const struct nlattr *attr,
|
||||
struct nfct_helper *helper)
|
||||
{
|
||||
struct nlattr *tb[NFCTH_POLICY_SET_MAX+1] = {};
|
||||
- int i;
|
||||
+ int i, policy_num = 0;
|
||||
|
||||
mnl_attr_parse_nested(attr, nfct_helper_nlmsg_parse_policy_set_cb, tb);
|
||||
- if (tb[NFCTH_POLICY_SET_NUM]) {
|
||||
- helper->policy_num =
|
||||
- ntohl(mnl_attr_get_u32(tb[NFCTH_POLICY_SET_NUM]));
|
||||
- }
|
||||
- for (i=0; i<helper->policy_num; i++) {
|
||||
+ if (tb[NFCTH_POLICY_SET_NUM])
|
||||
+ policy_num = ntohl(mnl_attr_get_u32(tb[NFCTH_POLICY_SET_NUM]));
|
||||
+
|
||||
+ for (i=0; i<policy_num; i++) {
|
||||
if (tb[NFCTH_POLICY_SET+i]) {
|
||||
nfct_helper_nlmsg_parse_policy(tb[NFCTH_POLICY_SET+i],
|
||||
helper);
|
||||
--
|
||||
2.23.0
|
||||
|
@ -1,6 +1,6 @@
|
||||
Name: libnetfilter_cthelper
|
||||
Version: 1.0.0
|
||||
Release: 13%{?dist}
|
||||
Release: 15%{?dist}
|
||||
Summary: User-space infrastructure for connection tracking helpers
|
||||
Group: System Environment/Libraries
|
||||
License: GPLv2
|
||||
@ -9,6 +9,16 @@ Source0: http://www.netfilter.org/projects/libnetfilter_cthelper/files/li
|
||||
BuildRequires: libmnl-devel >= 1.0.0, pkgconfig, kernel-headers
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
||||
|
||||
Patch1: 0001-build-resolve-automake-1.12-warnings.patch
|
||||
Patch2: 0002-Update-.gitignore.patch
|
||||
Patch3: 0003-configure-uclinux-is-also-linux.patch
|
||||
Patch4: 0004-src-fix-use-after-free.patch
|
||||
Patch5: 0005-include-Sync-with-kernel-headers.patch
|
||||
Patch6: 0006-Use-__EXPORTED-rather-than-EXPORT_SYMBOL.patch
|
||||
Patch7: 0007-examples-fix-double-free-in-nftc-helper-add.patch
|
||||
Patch8: 0008-examples-kill-the-invalid-argument-error-in-nftc-hel.patch
|
||||
Patch9: 0009-src-fix-incorrect-building-and-parsing-of-the-NFCTH_.patch
|
||||
|
||||
%description
|
||||
This library provides the infrastructure for the user-space helper
|
||||
infrastructure available since the Linux kernel 3.6.
|
||||
@ -25,7 +35,7 @@ The %{name}-devel package contains libraries and header files for
|
||||
developing applications that use %{name}.
|
||||
|
||||
%prep
|
||||
%setup -q
|
||||
%autosetup -p1
|
||||
|
||||
%build
|
||||
%configure --disable-static
|
||||
@ -51,6 +61,12 @@ find $RPM_BUILD_ROOT -type f -name '*.la' -exec rm -f {} ';'
|
||||
%{_libdir}/*.so
|
||||
|
||||
%changelog
|
||||
* Thu Oct 24 2019 Phil Sutter <psutter@redhat.com> - 1.0.0-15
|
||||
- Rebuild for added CI tests
|
||||
|
||||
* Thu Oct 24 2019 Phil Sutter <psutter@redhat.com> - 1.0.0-14
|
||||
- Add missing backports from upstream
|
||||
|
||||
* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.0-13
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user