From 897c91742463561da429134e6ae4f5de37d891c0 Mon Sep 17 00:00:00 2001 From: Jerome Marchand Date: Thu, 28 Nov 2024 11:55:26 +0100 Subject: [PATCH] Rebase to 1.5.2 and backport further SAST patches Rebasing to the latest version fixes most SAST issue, but doesn't includes the latest 8 fixes which have to be bacported on top of it. Resolves: RHEL-40112 --- .gitignore | 1 + libtracecmd.spec | 19 +++++-- sources | 2 +- ...Prevent-buffer-overrun-in-dump_clock.patch | 34 +++++++++++ ...eck-the-return-value-of-do_lseek-in-.patch | 36 ++++++++++++ ...event-a-memory-leak-in-handle_option.patch | 57 +++++++++++++++++++ ...event-memory-leak-in-tracecmd_create.patch | 33 +++++++++++ ...m-Prevent-a-memory-leak-in-trace_mem.patch | 36 ++++++++++++ ...-Check-the-length-of-the-protocol-ve.patch | 39 +++++++++++++ ...-Prevent-a-memory-leak-in-show_error.patch | 38 +++++++++++++ ...-Prevent-memory-leak-in-setup_networ.patch | 41 +++++++++++++ 11 files changed, 331 insertions(+), 5 deletions(-) create mode 100644 trace-cmd-dump-Prevent-buffer-overrun-in-dump_clock.patch create mode 100644 trace-cmd-lib-Check-the-return-value-of-do_lseek-in-.patch create mode 100644 trace-cmd-lib-Prevent-a-memory-leak-in-handle_option.patch create mode 100644 trace-cmd-lib-Prevent-memory-leak-in-tracecmd_create.patch create mode 100644 trace-cmd-mem-Prevent-a-memory-leak-in-trace_mem.patch create mode 100644 trace-cmd-record-Check-the-length-of-the-protocol-ve.patch create mode 100644 trace-cmd-record-Prevent-a-memory-leak-in-show_error.patch create mode 100644 trace-cmd-record-Prevent-memory-leak-in-setup_networ.patch diff --git a/.gitignore b/.gitignore index cf1557e..967cd66 100644 --- a/.gitignore +++ b/.gitignore @@ -3,3 +3,4 @@ /trace-cmd-libtracecmd-1.2.0.tar.gz /trace-cmd-libtracecmd-1.3.1.tar.gz /trace-cmd-libtracecmd-1.5.1.tar.gz +/trace-cmd-libtracecmd-1.5.2.tar.gz diff --git a/libtracecmd.spec b/libtracecmd.spec index 33017d2..054445b 100644 --- a/libtracecmd.spec +++ b/libtracecmd.spec @@ -1,11 +1,19 @@ Name: libtracecmd -Version: 1.5.1 -Release: 5%{?dist} +Version: 1.5.2 +Release: 1%{?dist} License: LGPL-2.1-only AND LGPL-2.1-or-later AND GPL-2.0-only AND GPL-2.0-or-later Summary: A library for reading tracing instances stored in a trace file URL: https://git.kernel.org/pub/scm/utils/trace-cmd/trace-cmd.git/ Source0: https://git.kernel.org/pub/scm/utils/trace-cmd/trace-cmd.git/snapshot/trace-cmd-libtracecmd-%{version}.tar.gz +Patch0: trace-cmd-lib-Prevent-a-memory-leak-in-handle_option.patch +Patch1: trace-cmd-record-Prevent-a-memory-leak-in-show_error.patch +Patch2: trace-cmd-lib-Check-the-return-value-of-do_lseek-in-.patch +Patch3: trace-cmd-dump-Prevent-buffer-overrun-in-dump_clock.patch +Patch4: trace-cmd-record-Prevent-memory-leak-in-setup_networ.patch +Patch5: trace-cmd-lib-Prevent-memory-leak-in-tracecmd_create.patch +Patch6: trace-cmd-mem-Prevent-a-memory-leak-in-trace_mem.patch +Patch7: trace-cmd-record-Check-the-length-of-the-protocol-ve.patch ExcludeArch: %{ix86} %{arm} @@ -36,7 +44,7 @@ Requires: libtracecmd%{_isa} = %{version}-%{release} Development files of the libtracecmd library %prep -%autosetup -n trace-cmd-libtracecmd-%{version} +%autosetup -p1 -n trace-cmd-libtracecmd-%{version} %build # MANPAGE_DOCBOOK_XSL define is hack to avoid using locate @@ -57,7 +65,7 @@ chrpath --delete %{buildroot}/%{_libdir}/libtracecmd.so* %license COPYING COPYING.LIB %doc README %{_libdir}/libtracecmd.so.1 -%{_libdir}/libtracecmd.so.1.5.1 +%{_libdir}/libtracecmd.so.%{version} %{_docdir}/libtracecmd-doc %{_mandir}/man3/libtracecmd* %{_mandir}/man3/tracecmd* @@ -68,6 +76,9 @@ chrpath --delete %{buildroot}/%{_libdir}/libtracecmd.so* %{_includedir}/trace-cmd %changelog +* Thu Nov 28 2024 Jerome Marchand - 1.5.2-1 +- Rebase to 1.5.2 and backport further SAST patches (RHEL-40112) + * Tue Oct 29 2024 Troy Dawson - 1.5.1-5 - Bump release for October 2024 mass rebuild: Resolves: RHEL-64018 diff --git a/sources b/sources index d23fd83..0d8c774 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (trace-cmd-libtracecmd-1.5.1.tar.gz) = 0fa0b6a912164284e6db3c95d99c46e0f6726021fa7f76e531871d6424c0a5d8f316244f75a5c85b06b1cd5aa7349dcb286185fa3a0b36a08c8b7eac38ad8192 +SHA512 (trace-cmd-libtracecmd-1.5.2.tar.gz) = aaaa65fde06d71bf0e2199bf32a767f900b68c1bf5adc726adad5b76123daf0c9118ef10a5d276fcc375b63614a11428998c837a8c7e01c78c0411087a095f2f diff --git a/trace-cmd-dump-Prevent-buffer-overrun-in-dump_clock.patch b/trace-cmd-dump-Prevent-buffer-overrun-in-dump_clock.patch new file mode 100644 index 0000000..e42cf42 --- /dev/null +++ b/trace-cmd-dump-Prevent-buffer-overrun-in-dump_clock.patch @@ -0,0 +1,34 @@ +From 7a0d3baf2ab09f7a729e4de592b784e307caa70f Mon Sep 17 00:00:00 2001 +From: Jerome Marchand +Date: Tue, 29 Oct 2024 09:01:13 +0100 +Subject: [PATCH 4/8] trace-cmd dump: Prevent buffer overrun in dump_clock() + +The clock isn't big enough to hold the string with the null +terminating character. Worse, clock[size], which is out of range, is +set to 0. Allocate a big enough buffer. + +Fixes an OVERRUN error (CWE-119) + +Link: https://lore.kernel.org/20241029080117.625177-5-jmarchan@redhat.com +Signed-off-by: Jerome Marchand +Signed-off-by: Steven Rostedt (Google) +--- + tracecmd/trace-dump.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/tracecmd/trace-dump.c b/tracecmd/trace-dump.c +index 11c1baf1..0a21356e 100644 +--- a/tracecmd/trace-dump.c ++++ b/tracecmd/trace-dump.c +@@ -961,7 +961,7 @@ static void dump_clock(int fd) + } + if (read_file_number(fd, &size, 8)) + die("cannot read clock size"); +- clock = calloc(1, size); ++ clock = calloc(1, size + 1); + if (!clock) + die("cannot allocate clock %lld bytes", size); + +-- +2.47.0 + diff --git a/trace-cmd-lib-Check-the-return-value-of-do_lseek-in-.patch b/trace-cmd-lib-Check-the-return-value-of-do_lseek-in-.patch new file mode 100644 index 0000000..d95c8ea --- /dev/null +++ b/trace-cmd-lib-Check-the-return-value-of-do_lseek-in-.patch @@ -0,0 +1,36 @@ +From ea419e8e8f5e56c166b14aef26be814daebe2832 Mon Sep 17 00:00:00 2001 +From: Jerome Marchand +Date: Tue, 29 Oct 2024 09:01:12 +0100 +Subject: [PATCH 3/8] trace-cmd lib: Check the return value of do_lseek() in + trace_get_options() + +Check that do_lseek doesn't fail before calling malloc() with a -1 +argument. + +This is flagged as an overrun error (CWE-119) by static anaysis +because of the call to read() later, but I don't imagine that malloc +would succeed. + +Link: https://lore.kernel.org/20241029080117.625177-4-jmarchan@redhat.com +Signed-off-by: Jerome Marchand +Signed-off-by: Steven Rostedt (Google) +--- + lib/trace-cmd/trace-output.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/lib/trace-cmd/trace-output.c b/lib/trace-cmd/trace-output.c +index 66e11ddc..8bc9325c 100644 +--- a/lib/trace-cmd/trace-output.c ++++ b/lib/trace-cmd/trace-output.c +@@ -2070,6 +2070,8 @@ __hidden void *trace_get_options(struct tracecmd_output *handle, size_t *len) + } + + offset = do_lseek(&out_handle, 0, SEEK_CUR); ++ if (offset == (off_t)-1) ++ goto out; + buf = malloc(offset); + if (!buf) + goto out; +-- +2.47.0 + diff --git a/trace-cmd-lib-Prevent-a-memory-leak-in-handle_option.patch b/trace-cmd-lib-Prevent-a-memory-leak-in-handle_option.patch new file mode 100644 index 0000000..2196854 --- /dev/null +++ b/trace-cmd-lib-Prevent-a-memory-leak-in-handle_option.patch @@ -0,0 +1,57 @@ +From 3be4066b9a9c6a76a824fc7a7a6a983fd23088a7 Mon Sep 17 00:00:00 2001 +From: Jerome Marchand +Date: Tue, 29 Oct 2024 09:01:10 +0100 +Subject: [PATCH 1/8] trace-cmd lib: Prevent a memory leak in handle_options() + +Buf isn't always fred in the error path. Instead of freing buf at the +end of the loop, free it in the exit path and before reallocating it. + +Fixes a RESOURCE_LEAK error (CWE-772) + +Link: https://lore.kernel.org/20241029080117.625177-2-jmarchan@redhat.com +Signed-off-by: Jerome Marchand +Signed-off-by: Steven Rostedt (Google) +--- + lib/trace-cmd/trace-input.c | 7 +++---- + 1 file changed, 3 insertions(+), 4 deletions(-) + +diff --git a/lib/trace-cmd/trace-input.c b/lib/trace-cmd/trace-input.c +index 8b6e3d0c..ad662fc6 100644 +--- a/lib/trace-cmd/trace-input.c ++++ b/lib/trace-cmd/trace-input.c +@@ -4006,7 +4006,7 @@ static int handle_options(struct tracecmd_input *handle) + char *cpustats = NULL; + struct hook_list *hook; + bool compress = false; +- char *buf; ++ char *buf = NULL; + int cpus; + int ret; + +@@ -4036,6 +4036,7 @@ static int handle_options(struct tracecmd_input *handle) + ret = read4(handle, &size); + if (ret) + goto out; ++ free(buf); + buf = malloc(size); + if (!buf) { + ret = -ENOMEM; +@@ -4189,14 +4190,12 @@ static int handle_options(struct tracecmd_input *handle) + tracecmd_warning("unknown option %d", option); + break; + } +- +- free(buf); +- + } + + ret = 0; + + out: ++ free(buf); + if (compress) + in_uncompress_reset(handle); + return ret; +-- +2.47.0 + diff --git a/trace-cmd-lib-Prevent-memory-leak-in-tracecmd_create.patch b/trace-cmd-lib-Prevent-memory-leak-in-tracecmd_create.patch new file mode 100644 index 0000000..af829cb --- /dev/null +++ b/trace-cmd-lib-Prevent-memory-leak-in-tracecmd_create.patch @@ -0,0 +1,33 @@ +From cbe42ab193ac866e9a6644b8509ab341a8aa474d Mon Sep 17 00:00:00 2001 +From: Jerome Marchand +Date: Tue, 29 Oct 2024 09:01:15 +0100 +Subject: [PATCH 6/8] trace-cmd lib: Prevent memory leak in + tracecmd_create_event_hook() + +Free hook and hook->str in the error path. + +Fixes a RESOURCE_LEAK error (CWE-772) + +Link: https://lore.kernel.org/20241029080117.625177-7-jmarchan@redhat.com +Signed-off-by: Jerome Marchand +Signed-off-by: Steven Rostedt (Google) +--- + lib/trace-cmd/trace-hooks.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/lib/trace-cmd/trace-hooks.c b/lib/trace-cmd/trace-hooks.c +index a58b5356..aa12f6e9 100644 +--- a/lib/trace-cmd/trace-hooks.c ++++ b/lib/trace-cmd/trace-hooks.c +@@ -151,6 +151,8 @@ struct hook_list *tracecmd_create_event_hook(const char *arg) + + invalid_tok: + tracecmd_warning("Invalid hook format '%s'", arg); ++ free(hook->str); ++ free(hook); + return NULL; + } + +-- +2.47.0 + diff --git a/trace-cmd-mem-Prevent-a-memory-leak-in-trace_mem.patch b/trace-cmd-mem-Prevent-a-memory-leak-in-trace_mem.patch new file mode 100644 index 0000000..f8e9343 --- /dev/null +++ b/trace-cmd-mem-Prevent-a-memory-leak-in-trace_mem.patch @@ -0,0 +1,36 @@ +From b0e1a9c5c099282d30fee8f6aa89bd12ce5e8a73 Mon Sep 17 00:00:00 2001 +From: Jerome Marchand +Date: Tue, 29 Oct 2024 09:01:16 +0100 +Subject: [PATCH 7/8] trace-cmd mem: Prevent a memory leak in trace_mem() + +Close the tracecmd handle in the error path. + +Fixes a RESOURCE_LEAK error (CWE-772) + +Link: https://lore.kernel.org/20241029080117.625177-8-jmarchan@redhat.com +Signed-off-by: Jerome Marchand +Signed-off-by: Steven Rostedt (Google) +--- + tracecmd/trace-mem.c | 6 ++---- + 1 file changed, 2 insertions(+), 4 deletions(-) + +diff --git a/tracecmd/trace-mem.c b/tracecmd/trace-mem.c +index 3e1ac9f3..b8babbbc 100644 +--- a/tracecmd/trace-mem.c ++++ b/tracecmd/trace-mem.c +@@ -554,10 +554,8 @@ void trace_mem(int argc, char **argv) + die("can't open %s\n", input_file); + + ret = tracecmd_read_headers(handle, 0); +- if (ret) +- return; +- +- do_trace_mem(handle); ++ if (!ret) ++ do_trace_mem(handle); + + tracecmd_close(handle); + } +-- +2.47.0 + diff --git a/trace-cmd-record-Check-the-length-of-the-protocol-ve.patch b/trace-cmd-record-Check-the-length-of-the-protocol-ve.patch new file mode 100644 index 0000000..2ad001a --- /dev/null +++ b/trace-cmd-record-Check-the-length-of-the-protocol-ve.patch @@ -0,0 +1,39 @@ +From 75d8bba90d8b4cbe1a80381f1dfbd80cbb0fbd60 Mon Sep 17 00:00:00 2001 +From: Jerome Marchand +Date: Tue, 29 Oct 2024 09:01:17 +0100 +Subject: [PATCH 8/8] trace-cmd record: Check the length of the protocol + version received + +In check_protocol_version we compare the protocol version string with +the expected one ("V3") with memcmp(). The received string could be +longer than the constant string used for the comparison. That could +lead to out of range access. + +Use the known length of the fixed "V3" string for the comparison and +check that the received protocol version is not too short. + +Fixes a OVERRUN error (CWE-119) + +Link: https://lore.kernel.org/20241029080117.625177-9-jmarchan@redhat.com +Signed-off-by: Jerome Marchand +Signed-off-by: Steven Rostedt (Google) +--- + tracecmd/trace-record.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/tracecmd/trace-record.c b/tracecmd/trace-record.c +index d78c13c2..febf8578 100644 +--- a/tracecmd/trace-record.c ++++ b/tracecmd/trace-record.c +@@ -3811,7 +3811,7 @@ static void check_protocol_version(struct tracecmd_msg_handle *msg_handle) + msg_handle->version = V1_PROTOCOL; + tracecmd_plog("Use the v1 protocol\n"); + } else { +- if (memcmp(buf, "V3", n) != 0) ++ if (n < 3 || memcmp(buf, "V3", 3) != 0) + die("Cannot handle the protocol %s", buf); + /* OK, let's use v3 protocol */ + write(fd, V3_MAGIC, sizeof(V3_MAGIC)); +-- +2.47.0 + diff --git a/trace-cmd-record-Prevent-a-memory-leak-in-show_error.patch b/trace-cmd-record-Prevent-a-memory-leak-in-show_error.patch new file mode 100644 index 0000000..49be9ce --- /dev/null +++ b/trace-cmd-record-Prevent-a-memory-leak-in-show_error.patch @@ -0,0 +1,38 @@ +From 8e7de34bca5fdfcd8276116db4dd02308de0e194 Mon Sep 17 00:00:00 2001 +From: Jerome Marchand +Date: Tue, 29 Oct 2024 09:01:11 +0100 +Subject: [PATCH 2/8] trace-cmd record: Prevent a memory leak in show_error() + +In show_error() the pointer p is used for several functions. At first, +it contain a substring of path. + +Then it is replaced by either an allocated string containing the path +to the error log file or the result of read_path(), neither of which +are freed when exiting. + +Free p in both case in the exit path. + +Fixes a RESOURCE_LEAK error (CWE-772) + +Link: https://lore.kernel.org/20241029080117.625177-3-jmarchan@redhat.com +Signed-off-by: Jerome Marchand +Signed-off-by: Steven Rostedt (Google) +--- + tracecmd/trace-record.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/tracecmd/trace-record.c b/tracecmd/trace-record.c +index 0063d528..bdfa57b0 100644 +--- a/tracecmd/trace-record.c ++++ b/tracecmd/trace-record.c +@@ -2374,6 +2374,7 @@ static void show_error(const char *file, const char *type) + + out: + printf("Failed %s of %s\n", type, file); ++ free(p); + free(path); + return; + } +-- +2.47.0 + diff --git a/trace-cmd-record-Prevent-memory-leak-in-setup_networ.patch b/trace-cmd-record-Prevent-memory-leak-in-setup_networ.patch new file mode 100644 index 0000000..9acbec8 --- /dev/null +++ b/trace-cmd-record-Prevent-memory-leak-in-setup_networ.patch @@ -0,0 +1,41 @@ +From e48db64dcb0dfddb6b8f6cd8624e1e2ff2c1302c Mon Sep 17 00:00:00 2001 +From: Jerome Marchand +Date: Tue, 29 Oct 2024 09:01:14 +0100 +Subject: [PATCH 5/8] trace-cmd record: Prevent memory leak in setup_network() + +Because of the again label, msg_handle can be already allocated if we +exit after we got a negative socket file descriptor. Free it there. +Also unassign msg_handle->fd as to not double close sfd. + +Fixes a RESOURCE_LEAK error (CWE-772) + +Link: https://lore.kernel.org/20241029080117.625177-6-jmarchan@redhat.com +Signed-off-by: Jerome Marchand +Signed-off-by: Steven Rostedt (Google) +--- + tracecmd/trace-record.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/tracecmd/trace-record.c b/tracecmd/trace-record.c +index bdfa57b0..d78c13c2 100644 +--- a/tracecmd/trace-record.c ++++ b/tracecmd/trace-record.c +@@ -3904,6 +3904,7 @@ static struct tracecmd_msg_handle *setup_network(struct buffer_instance *instanc + + if (sfd < 0) { + free(thost); ++ tracecmd_msg_handle_close(msg_handle); + return NULL; + } + +@@ -3934,6 +3935,7 @@ static struct tracecmd_msg_handle *setup_network(struct buffer_instance *instanc + if (msg_handle->version == V1_PROTOCOL) { + /* reconnect to the server for using the v1 protocol */ + close(sfd); ++ msg_handle->fd = -1; + free(host); + host = NULL; + goto again; +-- +2.47.0 +