From 36d600cfc75ee4706361c0c634c7704e2580fa5f Mon Sep 17 00:00:00 2001 From: Phil Sutter Date: Wed, 4 Dec 2019 15:24:04 +0100 Subject: [PATCH] Update to 1.1.5. Fixes bug #1778850 --- .gitignore | 1 + ...ble-Don-t-check-NFTNL_FLOWTABLE_SIZE.patch | 38 ++++++++++++++ ...mleak-in-error-path-of-nftnl_flowtab.patch | 30 +++++++++++ ...k-in-error-path-of-nftnl_chain_parse.patch | 30 +++++++++++ ...owtable-Correctly-check-realloc-call.patch | 52 +++++++++++++++++++ 0005-chain-Correctly-check-realloc-call.patch | 52 +++++++++++++++++++ libnftnl.spec | 13 ++++- sources | 2 +- 8 files changed, 215 insertions(+), 3 deletions(-) create mode 100644 0001-tests-flowtable-Don-t-check-NFTNL_FLOWTABLE_SIZE.patch create mode 100644 0002-flowtable-Fix-memleak-in-error-path-of-nftnl_flowtab.patch create mode 100644 0003-chain-Fix-memleak-in-error-path-of-nftnl_chain_parse.patch create mode 100644 0004-flowtable-Correctly-check-realloc-call.patch create mode 100644 0005-chain-Correctly-check-realloc-call.patch diff --git a/.gitignore b/.gitignore index c09df50..64ba2fe 100644 --- a/.gitignore +++ b/.gitignore @@ -16,3 +16,4 @@ /libnftnl-1.1.1.tar.bz2 /libnftnl-1.1.3.tar.bz2 /libnftnl-1.1.4.tar.bz2 +/libnftnl-1.1.5.tar.bz2 diff --git a/0001-tests-flowtable-Don-t-check-NFTNL_FLOWTABLE_SIZE.patch b/0001-tests-flowtable-Don-t-check-NFTNL_FLOWTABLE_SIZE.patch new file mode 100644 index 0000000..a3b4126 --- /dev/null +++ b/0001-tests-flowtable-Don-t-check-NFTNL_FLOWTABLE_SIZE.patch @@ -0,0 +1,38 @@ +From b2388765e0c4405442faa13845419f6a35d0134c Mon Sep 17 00:00:00 2001 +From: Phil Sutter +Date: Mon, 2 Dec 2019 18:29:56 +0100 +Subject: [libnftnl PATCH] tests: flowtable: Don't check NFTNL_FLOWTABLE_SIZE + +Marshalling code around that attribute has been dropped by commit +d1c4b98c733a5 ("flowtable: remove NFTA_FLOWTABLE_SIZE") so it's value is +lost during the test. + +Assuming that NFTNL_FLOWTABLE_SIZE will receive kernel support at a +later point, leave the test code in place but just comment it out. + +Fixes: d1c4b98c733a5 ("flowtable: remove NFTA_FLOWTABLE_SIZE") +Signed-off-by: Phil Sutter +Acked-by: Pablo Neira Ayuso +--- + tests/nft-flowtable-test.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/tests/nft-flowtable-test.c b/tests/nft-flowtable-test.c +index 3edb00ddf3196..8ab8d4c5347a4 100644 +--- a/tests/nft-flowtable-test.c ++++ b/tests/nft-flowtable-test.c +@@ -33,9 +33,11 @@ static void cmp_nftnl_flowtable(struct nftnl_flowtable *a, struct nftnl_flowtabl + if (nftnl_flowtable_get_u32(a, NFTNL_FLOWTABLE_USE) != + nftnl_flowtable_get_u32(b, NFTNL_FLOWTABLE_USE)) + print_err("Flowtable use mismatches"); ++#if 0 + if (nftnl_flowtable_get_u32(a, NFTNL_FLOWTABLE_SIZE) != + nftnl_flowtable_get_u32(b, NFTNL_FLOWTABLE_SIZE)) + print_err("Flowtable size mismatches"); ++#endif + if (nftnl_flowtable_get_u32(a, NFTNL_FLOWTABLE_FLAGS) != + nftnl_flowtable_get_u32(b, NFTNL_FLOWTABLE_FLAGS)) + print_err("Flowtable flags mismatches"); +-- +2.24.0 + diff --git a/0002-flowtable-Fix-memleak-in-error-path-of-nftnl_flowtab.patch b/0002-flowtable-Fix-memleak-in-error-path-of-nftnl_flowtab.patch new file mode 100644 index 0000000..cc56cef --- /dev/null +++ b/0002-flowtable-Fix-memleak-in-error-path-of-nftnl_flowtab.patch @@ -0,0 +1,30 @@ +From ba1b02594e8d05e4c791925a50f9309f89b55c80 Mon Sep 17 00:00:00 2001 +From: Phil Sutter +Date: Mon, 2 Dec 2019 22:57:40 +0100 +Subject: [libnftnl PATCH] flowtable: Fix memleak in error path of + nftnl_flowtable_parse_devs() + +In error case, allocated dev_array is not freed. + +Fixes: 7f99639dd9217 ("flowtable: device array dynamic allocation") +Signed-off-by: Phil Sutter +Acked-by: Pablo Neira Ayuso +--- + src/flowtable.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/flowtable.c b/src/flowtable.c +index 324e80f7e6ad6..db319434b51c0 100644 +--- a/src/flowtable.c ++++ b/src/flowtable.c +@@ -419,6 +419,7 @@ static int nftnl_flowtable_parse_devs(struct nlattr *nest, + err: + while (len--) + xfree(dev_array[len]); ++ xfree(dev_array); + return -1; + } + +-- +2.24.0 + diff --git a/0003-chain-Fix-memleak-in-error-path-of-nftnl_chain_parse.patch b/0003-chain-Fix-memleak-in-error-path-of-nftnl_chain_parse.patch new file mode 100644 index 0000000..d147038 --- /dev/null +++ b/0003-chain-Fix-memleak-in-error-path-of-nftnl_chain_parse.patch @@ -0,0 +1,30 @@ +From 32a8c5f52355ef69bf74c28e27345b2e03d948e7 Mon Sep 17 00:00:00 2001 +From: Phil Sutter +Date: Mon, 2 Dec 2019 23:00:20 +0100 +Subject: [libnftnl PATCH] chain: Fix memleak in error path of + nftnl_chain_parse_devs() + +In error case, dev_array is not freed when it should. + +Fixes: e3ac19b5ec162 ("chain: multi-device support") +Signed-off-by: Phil Sutter +Acked-by: Pablo Neira Ayuso +--- + src/chain.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/chain.c b/src/chain.c +index d4050d28e77d0..9cc8735a4936f 100644 +--- a/src/chain.c ++++ b/src/chain.c +@@ -636,6 +636,7 @@ static int nftnl_chain_parse_devs(struct nlattr *nest, struct nftnl_chain *c) + err: + while (len--) + xfree(dev_array[len]); ++ xfree(dev_array); + return -1; + } + +-- +2.24.0 + diff --git a/0004-flowtable-Correctly-check-realloc-call.patch b/0004-flowtable-Correctly-check-realloc-call.patch new file mode 100644 index 0000000..96a0d01 --- /dev/null +++ b/0004-flowtable-Correctly-check-realloc-call.patch @@ -0,0 +1,52 @@ +From 835d645f4052551c5c1829c37a07c882f2260f65 Mon Sep 17 00:00:00 2001 +From: Phil Sutter +Date: Mon, 2 Dec 2019 23:08:07 +0100 +Subject: [libnftnl PATCH] flowtable: Correctly check realloc() call + +If realloc() fails, it returns NULL but the original pointer is +untouchted and therefore still has to be freed. Unconditionally +overwriting the old pointer is therefore a bad idea, use a temporary +variable instead. + +Fixes: 7f99639dd9217 ("flowtable: device array dynamic allocation") +Signed-off-by: Phil Sutter +Acked-by: Pablo Neira Ayuso +--- + src/flowtable.c | 11 +++++------ + 1 file changed, 5 insertions(+), 6 deletions(-) + +diff --git a/src/flowtable.c b/src/flowtable.c +index db319434b51c0..9ba3b6d9a3404 100644 +--- a/src/flowtable.c ++++ b/src/flowtable.c +@@ -388,7 +388,7 @@ static int nftnl_flowtable_parse_hook_cb(const struct nlattr *attr, void *data) + static int nftnl_flowtable_parse_devs(struct nlattr *nest, + struct nftnl_flowtable *c) + { +- const char **dev_array; ++ const char **dev_array, **tmp; + int len = 0, size = 8; + struct nlattr *attr; + +@@ -401,14 +401,13 @@ static int nftnl_flowtable_parse_devs(struct nlattr *nest, + goto err; + dev_array[len++] = strdup(mnl_attr_get_str(attr)); + if (len >= size) { +- dev_array = realloc(dev_array, +- size * 2 * sizeof(char *)); +- if (!dev_array) ++ tmp = realloc(dev_array, size * 2 * sizeof(char *)); ++ if (!tmp) + goto err; + + size *= 2; +- memset(&dev_array[len], 0, +- (size - len) * sizeof(char *)); ++ memset(&tmp[len], 0, (size - len) * sizeof(char *)); ++ dev_array = tmp; + } + } + +-- +2.24.0 + diff --git a/0005-chain-Correctly-check-realloc-call.patch b/0005-chain-Correctly-check-realloc-call.patch new file mode 100644 index 0000000..8da29c9 --- /dev/null +++ b/0005-chain-Correctly-check-realloc-call.patch @@ -0,0 +1,52 @@ +From d95a703746d5394d56a9f464e343594e4882da0d Mon Sep 17 00:00:00 2001 +From: Phil Sutter +Date: Mon, 2 Dec 2019 23:12:34 +0100 +Subject: [libnftnl PATCH] chain: Correctly check realloc() call + +If realloc() fails, it returns NULL but the original pointer is +untouchted and therefore still has to be freed. Unconditionally +overwriting the old pointer is therefore a bad idea, use a temporary +variable instead. + +Fixes: e3ac19b5ec162 ("chain: multi-device support") +Signed-off-by: Phil Sutter +Acked-by: Pablo Neira Ayuso +--- + src/chain.c | 11 +++++------ + 1 file changed, 5 insertions(+), 6 deletions(-) + +diff --git a/src/chain.c b/src/chain.c +index 9cc8735a4936f..b9a16fc9b42df 100644 +--- a/src/chain.c ++++ b/src/chain.c +@@ -605,7 +605,7 @@ static int nftnl_chain_parse_hook_cb(const struct nlattr *attr, void *data) + + static int nftnl_chain_parse_devs(struct nlattr *nest, struct nftnl_chain *c) + { +- const char **dev_array; ++ const char **dev_array, **tmp; + int len = 0, size = 8; + struct nlattr *attr; + +@@ -618,14 +618,13 @@ static int nftnl_chain_parse_devs(struct nlattr *nest, struct nftnl_chain *c) + goto err; + dev_array[len++] = strdup(mnl_attr_get_str(attr)); + if (len >= size) { +- dev_array = realloc(dev_array, +- size * 2 * sizeof(char *)); +- if (!dev_array) ++ tmp = realloc(dev_array, size * 2 * sizeof(char *)); ++ if (!tmp) + goto err; + + size *= 2; +- memset(&dev_array[len], 0, +- (size - len) * sizeof(char *)); ++ memset(&tmp[len], 0, (size - len) * sizeof(char *)); ++ dev_array = tmp; + } + } + +-- +2.24.0 + diff --git a/libnftnl.spec b/libnftnl.spec index 7edec30..9bb6f20 100644 --- a/libnftnl.spec +++ b/libnftnl.spec @@ -1,5 +1,5 @@ Name: libnftnl -Version: 1.1.4 +Version: 1.1.5 Release: 1%{?dist} Summary: Library for low-level interaction with nftables Netlink's API over libmnl @@ -7,6 +7,12 @@ License: GPLv2+ URL: http://netfilter.org/projects/libnftnl/ Source0: http://ftp.netfilter.org/pub/libnftnl/libnftnl-%{version}.tar.bz2 +Patch1: 0001-tests-flowtable-Don-t-check-NFTNL_FLOWTABLE_SIZE.patch +Patch2: 0002-flowtable-Fix-memleak-in-error-path-of-nftnl_flowtab.patch +Patch3: 0003-chain-Fix-memleak-in-error-path-of-nftnl_chain_parse.patch +Patch4: 0004-flowtable-Correctly-check-realloc-call.patch +Patch5: 0005-chain-Correctly-check-realloc-call.patch + BuildRequires: libmnl-devel BuildRequires: jansson-devel BuildRequires: gcc @@ -30,7 +36,7 @@ The %{name}-devel package contains libraries and header files for developing applications that use %{name}. %prep -%setup -q +%autosetup -p1 %build %configure --disable-static --disable-silent-rules --with-json-parsing @@ -57,6 +63,9 @@ find $RPM_BUILD_ROOT -name '*.la' -exec rm -f {} ';' %{_includedir}/libnftnl %changelog +* Wed Dec 04 2019 Phil Sutter - 1.1.5-1 +- Update to 1.1.5. Fixes bug #1778850 + * Fri Aug 23 2019 Kevin Fenzi - 1.1.4-1 - Update to 1.1.4. Fixes bug #1743175 diff --git a/sources b/sources index 9076f11..b220a26 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (libnftnl-1.1.4.tar.bz2) = 6fe248b1340decc1ec8ae40dd0ed60b8d4b819c2f36f2399d39e13e92fc5e6f6ec693b736d6c188bff954afb2bf2dbce67d54a9e664b45f43288b2c5c6cc08f6 +SHA512 (libnftnl-1.1.5.tar.bz2) = a0495e1a99ea9efcf3994db48e50943023ff3d8101055887574ff4eb6b0df8600cf7db68a9c91ca02bbbcc1f01099b008649f88321bb956897bcc90eb4167ee7