Rebase to new stable branch version 1.30.8
resolves: rhbz#2059289 - Fix multiple Coverity problems - Fix bounds error in nbdkit-checkwrite-filter resolves: rhbz#2108545
This commit is contained in:
parent
82a691cb64
commit
d7e3d19b6a
@ -1,4 +1,4 @@
|
||||
From 9f9f1edb5a93574bf717e2d884a30a87b231a572 Mon Sep 17 00:00:00 2001
|
||||
From 6a2b0aac8be655524ea223e32cac0395fcc9f975 Mon Sep 17 00:00:00 2001
|
||||
From: "Richard W.M. Jones" <rjones@redhat.com>
|
||||
Date: Fri, 15 Apr 2022 12:08:37 +0100
|
||||
Subject: [PATCH] ssh: Allow the remote file to be created
|
||||
|
@ -1,4 +1,4 @@
|
||||
From c9c5a1455096822264df02cc157a693310144a62 Mon Sep 17 00:00:00 2001
|
||||
From ac40ae11bc9983e11185749b23e793568cb366cc Mon Sep 17 00:00:00 2001
|
||||
From: "Richard W.M. Jones" <rjones@redhat.com>
|
||||
Date: Sat, 16 Apr 2022 18:39:13 +0100
|
||||
Subject: [PATCH] readahead: Rewrite this filter so it prefetches using .cache
|
||||
|
@ -1,4 +1,4 @@
|
||||
From ce5607d2bf2f895464d0cb2ba9c285c67325e7f5 Mon Sep 17 00:00:00 2001
|
||||
From b41b7d7ddf6d3fba23ac7978c8b272f2ff84265d Mon Sep 17 00:00:00 2001
|
||||
From: "Richard W.M. Jones" <rjones@redhat.com>
|
||||
Date: Thu, 21 Apr 2022 16:14:46 +0100
|
||||
Subject: [PATCH] readahead: Fix test
|
||||
|
@ -1,4 +1,4 @@
|
||||
From f69d0db070ee3a02351c3c4ada0ab00c33bc76ef Mon Sep 17 00:00:00 2001
|
||||
From c19936170cf8b385687cf40f5a9507d87ae08267 Mon Sep 17 00:00:00 2001
|
||||
From: "Richard W.M. Jones" <rjones@redhat.com>
|
||||
Date: Sat, 30 Apr 2022 12:35:07 +0100
|
||||
Subject: [PATCH] New filter: luks
|
||||
@ -55,7 +55,7 @@ index 4d2a9796..0f5dc41d 100644
|
||||
|
||||
* The filter should open a new connection to the plugin per background
|
||||
diff --git a/configure.ac b/configure.ac
|
||||
index 10729d8a..78af16d5 100644
|
||||
index a402921b..de85b4da 100644
|
||||
--- a/configure.ac
|
||||
+++ b/configure.ac
|
||||
@@ -127,6 +127,7 @@ filters="\
|
||||
@ -76,7 +76,7 @@ index 10729d8a..78af16d5 100644
|
||||
+AS_IF([test "x$GNUTLS_LIBS" != "x"],[
|
||||
AC_MSG_CHECKING([for default TLS session priority string])
|
||||
AC_ARG_WITH([tls-priority],
|
||||
[AS_HELP_STRING([--with-tls-priority],
|
||||
[AS_HELP_STRING([--with-tls-priority=...],
|
||||
@@ -1383,6 +1385,7 @@ AC_CONFIG_FILES([Makefile
|
||||
filters/ip/Makefile
|
||||
filters/limit/Makefile
|
||||
@ -1596,10 +1596,10 @@ index f8f0e198..b95e7349 100644
|
||||
|
||||
=head1 AUTHORS
|
||||
diff --git a/tests/Makefile.am b/tests/Makefile.am
|
||||
index b9c1137c..b041b186 100644
|
||||
index b310e8a2..c29453ba 100644
|
||||
--- a/tests/Makefile.am
|
||||
+++ b/tests/Makefile.am
|
||||
@@ -1594,6 +1594,18 @@ EXTRA_DIST += \
|
||||
@@ -1596,6 +1596,18 @@ EXTRA_DIST += \
|
||||
test-log-script-info.sh \
|
||||
$(NULL)
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
From cc0bc042e260334b7f5b39ea4c283c9ad9bac164 Mon Sep 17 00:00:00 2001
|
||||
From 66daae1a7daf680e06f884e9af6a14830263c932 Mon Sep 17 00:00:00 2001
|
||||
From: "Richard W.M. Jones" <rjones@redhat.com>
|
||||
Date: Sun, 8 May 2022 12:13:39 +0100
|
||||
Subject: [PATCH] luks: Disable filter with old GnuTLS in Debian 10
|
||||
@ -36,7 +36,7 @@ Fixes: commit 468919dce6c5eb57503eacac0f67e5dd87c58e6c
|
||||
3 files changed, 6 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/configure.ac b/configure.ac
|
||||
index 78af16d5..7089f937 100644
|
||||
index de85b4da..1d209f67 100644
|
||||
--- a/configure.ac
|
||||
+++ b/configure.ac
|
||||
@@ -636,12 +636,15 @@ AS_IF([test "x$GNUTLS_LIBS" != "x"],[
|
||||
@ -78,10 +78,10 @@ index 30089621..622e5c3d 100644
|
||||
filter_LTLIBRARIES = nbdkit-luks-filter.la
|
||||
|
||||
diff --git a/tests/Makefile.am b/tests/Makefile.am
|
||||
index b041b186..937d2919 100644
|
||||
index c29453ba..5585b3b7 100644
|
||||
--- a/tests/Makefile.am
|
||||
+++ b/tests/Makefile.am
|
||||
@@ -1595,7 +1595,7 @@ EXTRA_DIST += \
|
||||
@@ -1597,7 +1597,7 @@ EXTRA_DIST += \
|
||||
$(NULL)
|
||||
|
||||
# luks filter test.
|
||||
|
@ -1,4 +1,4 @@
|
||||
From 9961cd8018d6287af45d7691656c56d9443660cf Mon Sep 17 00:00:00 2001
|
||||
From b3c05065801c723966a3e8d93c9b84e808ff38b9 Mon Sep 17 00:00:00 2001
|
||||
From: "Richard W.M. Jones" <rjones@redhat.com>
|
||||
Date: Sun, 8 May 2022 12:30:09 +0100
|
||||
Subject: [PATCH] luks: Various fixes for Clang
|
||||
|
@ -1,4 +1,4 @@
|
||||
From 24963801a0a0a4eb1c33d2cfa213e0564fef889c Mon Sep 17 00:00:00 2001
|
||||
From 9416effd73a5cb2e1c929449fca88fd7152aa1be Mon Sep 17 00:00:00 2001
|
||||
From: "Richard W.M. Jones" <rjones@redhat.com>
|
||||
Date: Sun, 8 May 2022 12:38:00 +0100
|
||||
Subject: [PATCH] luks: Link with libcompat on Windows
|
||||
|
@ -1,4 +1,4 @@
|
||||
From 22b56fee6d3ed2a5ea37f9b1ed62b9d5144e5369 Mon Sep 17 00:00:00 2001
|
||||
From e8279107801bb93303b22e1b927929ce18279dc5 Mon Sep 17 00:00:00 2001
|
||||
From: "Richard W.M. Jones" <rjones@redhat.com>
|
||||
Date: Sun, 8 May 2022 16:13:13 +0100
|
||||
Subject: [PATCH] luks: Refactor the filter
|
||||
|
@ -1,4 +1,4 @@
|
||||
From b3989481c7c605f1872ac15d42cf6a9ac738ab00 Mon Sep 17 00:00:00 2001
|
||||
From 387bd4c6fee8ab339fd04e0b841b0c67e6020c8a Mon Sep 17 00:00:00 2001
|
||||
From: "Richard W.M. Jones" <rjones@redhat.com>
|
||||
Date: Sun, 8 May 2022 18:05:45 +0100
|
||||
Subject: [PATCH] tests: luks: Reduce time taken to run these tests
|
||||
|
@ -1,4 +1,4 @@
|
||||
From 509c71f425945e219ceb507f06bbac546fb26c7c Mon Sep 17 00:00:00 2001
|
||||
From 52ee1dab95436128b44c37cc495022ff90108b2e Mon Sep 17 00:00:00 2001
|
||||
From: Nikolaus Rath <Nikolaus@rath.org>
|
||||
Date: Mon, 9 May 2022 10:04:30 +0100
|
||||
Subject: [PATCH] Add nbdkit.parse_size() Python function.
|
||||
|
@ -1,4 +1,4 @@
|
||||
From cf7bb8134726263b8f0f1dc0478ca82cdc22dbd4 Mon Sep 17 00:00:00 2001
|
||||
From 644e0ed6333cf5fe2c1e39da157e8f1ce97267b9 Mon Sep 17 00:00:00 2001
|
||||
From: "Richard W.M. Jones" <rjones@redhat.com>
|
||||
Date: Sat, 14 May 2022 13:47:19 +0100
|
||||
Subject: [PATCH] cache: Fix cross-reference nbdkit-readahead-filter
|
||||
|
@ -1,4 +1,4 @@
|
||||
From 75a84b37dba4907b790ebb2dc56ac689ea8370e7 Mon Sep 17 00:00:00 2001
|
||||
From 4a7e5169935c8850fddcea8da79639ded907c549 Mon Sep 17 00:00:00 2001
|
||||
From: "Richard W.M. Jones" <rjones@redhat.com>
|
||||
Date: Sat, 14 May 2022 14:00:16 +0100
|
||||
Subject: [PATCH] curl: Don't document curl plugin + readahead filter
|
||||
|
@ -1,4 +1,4 @@
|
||||
From 46b2d3954011b2f0ebf5203ce549cb7e8f822b09 Mon Sep 17 00:00:00 2001
|
||||
From 8bfe6512d07caf778fd001425435b048c45513eb Mon Sep 17 00:00:00 2001
|
||||
From: "Richard W.M. Jones" <rjones@redhat.com>
|
||||
Date: Sat, 14 May 2022 13:46:56 +0100
|
||||
Subject: [PATCH] New filter: scan
|
||||
@ -54,7 +54,7 @@ index 0f5dc41d..8600d9e4 100644
|
||||
single context into the backend shared among multiple client
|
||||
connections. This may even allow a filter to offer a more parallel
|
||||
diff --git a/configure.ac b/configure.ac
|
||||
index 7089f937..a02d16d9 100644
|
||||
index 1d209f67..466dbd9b 100644
|
||||
--- a/configure.ac
|
||||
+++ b/configure.ac
|
||||
@@ -142,6 +142,7 @@ filters="\
|
||||
@ -896,10 +896,10 @@ index ea5899dc..3991e86b 100644
|
||||
L<https://libvirt.org/drvesx.html>,
|
||||
L<https://www.vmware.com/support/developer/vddk/>,
|
||||
diff --git a/tests/Makefile.am b/tests/Makefile.am
|
||||
index 937d2919..6a63e4e8 100644
|
||||
index 5585b3b7..799aa6c2 100644
|
||||
--- a/tests/Makefile.am
|
||||
+++ b/tests/Makefile.am
|
||||
@@ -1752,6 +1752,16 @@ test_retry_request_mirror_LDADD = \
|
||||
@@ -1754,6 +1754,16 @@ test_retry_request_mirror_LDADD = \
|
||||
$(LIBNBD_LIBS) \
|
||||
$(NULL)
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
From fd743f16847520207304e7f7f66839708abaffd9 Mon Sep 17 00:00:00 2001
|
||||
From 91677241184ab1aa77adadd612fa069d084863ec Mon Sep 17 00:00:00 2001
|
||||
From: "Richard W.M. Jones" <rjones@redhat.com>
|
||||
Date: Sat, 14 May 2022 18:54:32 +0100
|
||||
Subject: [PATCH] scan: Remove condition variable
|
||||
|
@ -1,4 +1,4 @@
|
||||
From f5e7beb490131d5674b7c1ff8b312da3f6d5e078 Mon Sep 17 00:00:00 2001
|
||||
From c191f45530d4dd7f978803c0bfa402ca0fc950df Mon Sep 17 00:00:00 2001
|
||||
From: "Richard W.M. Jones" <rjones@redhat.com>
|
||||
Date: Sat, 14 May 2022 19:02:48 +0100
|
||||
Subject: [PATCH] scan: Small typographical fix in manual
|
||||
|
@ -1,4 +1,4 @@
|
||||
From 1bd582bce19ed3beb27879a1bfcee247d22c7fba Mon Sep 17 00:00:00 2001
|
||||
From 651045d703804d7dafab04a0387ca92573f52467 Mon Sep 17 00:00:00 2001
|
||||
From: "Richard W.M. Jones" <rjones@redhat.com>
|
||||
Date: Sat, 14 May 2022 20:57:38 +0100
|
||||
Subject: [PATCH] ssh: Don't reference readahead or scan filters from this
|
||||
|
@ -1,4 +1,4 @@
|
||||
From cad7357b2d4dd70bd75adbbd44aa1715bd0d090c Mon Sep 17 00:00:00 2001
|
||||
From f58d2a04338edc647e2334ff58b49508424e3f3b Mon Sep 17 00:00:00 2001
|
||||
From: "Richard W.M. Jones" <rjones@redhat.com>
|
||||
Date: Tue, 17 May 2022 13:20:17 +0100
|
||||
Subject: [PATCH] scan: Fix bound so we don't try to prefetch beyond end of
|
||||
|
@ -1,4 +1,4 @@
|
||||
From ec7154cb4010e5c20ae8b1df8a95550bc5e42ee2 Mon Sep 17 00:00:00 2001
|
||||
From d1d2f43223bcda062d10c8e68776590956892f71 Mon Sep 17 00:00:00 2001
|
||||
From: "Richard W.M. Jones" <rjones@redhat.com>
|
||||
Date: Fri, 10 Jun 2022 22:11:44 +0100
|
||||
Subject: [PATCH] tests: Add a regression test for LUKS zeroing crash
|
||||
@ -12,10 +12,10 @@ https://listman.redhat.com/archives/libguestfs/2022-June/029188.html
|
||||
create mode 100755 tests/test-luks-copy-zero.sh
|
||||
|
||||
diff --git a/tests/Makefile.am b/tests/Makefile.am
|
||||
index 6a63e4e8..824232d1 100644
|
||||
index 799aa6c2..0f4b0746 100644
|
||||
--- a/tests/Makefile.am
|
||||
+++ b/tests/Makefile.am
|
||||
@@ -1599,11 +1599,13 @@ if HAVE_GNUTLS_PBKDF2
|
||||
@@ -1601,11 +1601,13 @@ if HAVE_GNUTLS_PBKDF2
|
||||
TESTS += \
|
||||
test-luks-info.sh \
|
||||
test-luks-copy.sh \
|
||||
|
@ -1,4 +1,4 @@
|
||||
From 7c7557d9954eb7d8fa6249af316879dada22829d Mon Sep 17 00:00:00 2001
|
||||
From c1a7c87fb9710fb29d699d1f39d0da19caf98da0 Mon Sep 17 00:00:00 2001
|
||||
From: "Richard W.M. Jones" <rjones@redhat.com>
|
||||
Date: Sat, 11 Jun 2022 12:34:02 +0100
|
||||
Subject: [PATCH] rate: Allow burstiness to be controlled
|
||||
|
104
0020-luks-Check-return-values-from-malloc-more-carefully.patch
Normal file
104
0020-luks-Check-return-values-from-malloc-more-carefully.patch
Normal file
@ -0,0 +1,104 @@
|
||||
From 4e8599886ba4802fef1683811a725e7c4bc4fe72 Mon Sep 17 00:00:00 2001
|
||||
From: "Richard W.M. Jones" <rjones@redhat.com>
|
||||
Date: Tue, 12 Jul 2022 18:00:38 +0100
|
||||
Subject: [PATCH] luks: Check return values from malloc more carefully
|
||||
|
||||
Found by Coverity:
|
||||
|
||||
Error: GCC_ANALYZER_WARNING (CWE-688): [#def53]
|
||||
nbdkit-1.30.7/filters/luks/luks-encryption.c: scope_hint: In function 'calculate_iv'
|
||||
nbdkit-1.30.7/filters/luks/luks-encryption.c:175:5: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL 'iv' where non-null expected
|
||||
nbdkit-1.30.7/filters/luks/luks-encryption.c:39: included_from: Included from here.
|
||||
/usr/include/string.h:43:14: note: argument 1 of 'memcpy' must be non-null
|
||||
# 173| sector32 = (uint32_t) sector; /* truncate to only lower bits */
|
||||
# 174| sector32 = htole32 (sector32);
|
||||
# 175|-> memcpy (iv, §or32, prefixlen);
|
||||
# 176| memset (iv + prefixlen, 0, ivlen - prefixlen);
|
||||
# 177| break;
|
||||
|
||||
Error: GCC_ANALYZER_WARNING (CWE-688): [#def54]
|
||||
nbdkit-1.30.7/filters/luks/luks-encryption.c:184:5: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL 'iv' where non-null expected
|
||||
nbdkit-1.30.7/filters/luks/luks-encryption.c:39: included_from: Included from here.
|
||||
/usr/include/string.h:43:14: note: argument 1 of 'memcpy' must be non-null
|
||||
# 182| prefixlen = ivlen;
|
||||
# 183| sector = htole64 (sector);
|
||||
# 184|-> memcpy (iv, §or, prefixlen);
|
||||
# 185| memset (iv + prefixlen, 0, ivlen - prefixlen);
|
||||
# 186| break;
|
||||
|
||||
Error: NULL_RETURNS (CWE-476): [#def55]
|
||||
nbdkit-1.30.7/filters/luks/luks-encryption.c:498: returned_null: "malloc" returns "NULL" (checked 86 out of 94 times).
|
||||
nbdkit-1.30.7/filters/luks/luks-encryption.c:498: var_assigned: Assigning: "temp" = "NULL" return value from "malloc".
|
||||
nbdkit-1.30.7/filters/luks/luks-encryption.c:523: dereference: Dereferencing a pointer that might be "NULL" "temp" when calling "memcpy". [Note: The source code implementation of the function has been overridden by a builtin model.]
|
||||
# 521| gnutls_hash_deinit (hash, temp);
|
||||
# 522|
|
||||
# 523|-> memcpy (&block[i*digest_bytes], temp, blen);
|
||||
# 524| }
|
||||
# 525|
|
||||
|
||||
Fixes: commit 468919dce6c5eb57503eacac0f67e5dd87c58e6c
|
||||
(cherry picked from commit 00c8bbd9e321681843140f697985505de7177f34)
|
||||
---
|
||||
filters/luks/luks-encryption.c | 28 +++++++++++++++++++++++-----
|
||||
1 file changed, 23 insertions(+), 5 deletions(-)
|
||||
|
||||
diff --git a/filters/luks/luks-encryption.c b/filters/luks/luks-encryption.c
|
||||
index 8ee0eb35..19aaf06a 100644
|
||||
--- a/filters/luks/luks-encryption.c
|
||||
+++ b/filters/luks/luks-encryption.c
|
||||
@@ -495,9 +495,15 @@ af_hash (gnutls_digest_algorithm_t hash_alg, uint8_t *block, size_t len)
|
||||
size_t digest_bytes = gnutls_hash_get_len (hash_alg);
|
||||
size_t nr_blocks, last_block_len;
|
||||
size_t i;
|
||||
- CLEANUP_FREE uint8_t *temp = malloc (digest_bytes);
|
||||
int r;
|
||||
gnutls_hash_hd_t hash;
|
||||
+ CLEANUP_FREE uint8_t *temp;
|
||||
+
|
||||
+ temp = malloc (digest_bytes);
|
||||
+ if (!temp) {
|
||||
+ nbdkit_error ("malloc: %m");
|
||||
+ return -1;
|
||||
+ }
|
||||
|
||||
nr_blocks = len / digest_bytes;
|
||||
last_block_len = len % digest_bytes;
|
||||
@@ -874,9 +880,15 @@ int
|
||||
do_decrypt (struct luks_data *h, gnutls_cipher_hd_t cipher,
|
||||
uint64_t sector, uint8_t *buf, size_t nr_sectors)
|
||||
{
|
||||
- const size_t ivlen = cipher_alg_iv_len (h->cipher_alg, h->cipher_mode);
|
||||
- CLEANUP_FREE uint8_t *iv = malloc (ivlen);
|
||||
int r;
|
||||
+ const size_t ivlen = cipher_alg_iv_len (h->cipher_alg, h->cipher_mode);
|
||||
+ CLEANUP_FREE uint8_t *iv;
|
||||
+
|
||||
+ iv = malloc (ivlen);
|
||||
+ if (!iv) {
|
||||
+ nbdkit_error ("malloc: %m");
|
||||
+ return -1;
|
||||
+ }
|
||||
|
||||
while (nr_sectors) {
|
||||
calculate_iv (h->ivgen_alg, iv, ivlen, sector);
|
||||
@@ -902,9 +914,15 @@ int
|
||||
do_encrypt (struct luks_data *h, gnutls_cipher_hd_t cipher,
|
||||
uint64_t sector, uint8_t *buf, size_t nr_sectors)
|
||||
{
|
||||
- const size_t ivlen = cipher_alg_iv_len (h->cipher_alg, h->cipher_mode);
|
||||
- CLEANUP_FREE uint8_t *iv = malloc (ivlen);
|
||||
int r;
|
||||
+ const size_t ivlen = cipher_alg_iv_len (h->cipher_alg, h->cipher_mode);
|
||||
+ CLEANUP_FREE uint8_t *iv;
|
||||
+
|
||||
+ iv = malloc (ivlen);
|
||||
+ if (!iv) {
|
||||
+ nbdkit_error ("malloc: %m");
|
||||
+ return -1;
|
||||
+ }
|
||||
|
||||
while (nr_sectors) {
|
||||
calculate_iv (h->ivgen_alg, iv, ivlen, sector);
|
||||
--
|
||||
2.31.1
|
||||
|
@ -0,0 +1,57 @@
|
||||
From 1d593a76796574845d7e32aaadd9f7d1ed4e7987 Mon Sep 17 00:00:00 2001
|
||||
From: "Richard W.M. Jones" <rjones@redhat.com>
|
||||
Date: Tue, 12 Jul 2022 18:07:25 +0100
|
||||
Subject: [PATCH] luks: Avoid potential overflow when computing key material
|
||||
offset and length
|
||||
|
||||
Found by Coverity:
|
||||
|
||||
Error: OVERFLOW_BEFORE_WIDEN (CWE-190): [#def58]
|
||||
nbdkit-1.30.7/filters/luks/luks-encryption.c:558: overflow_before_widen: Potentially overflowing expression "h->phdr.master_key_len * h->phdr.keyslot[i].stripes" with type "unsigned int" (32 bits, unsigned) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "uint64_t" (64 bits, unsigned).
|
||||
nbdkit-1.30.7/filters/luks/luks-encryption.c:558: remediation: To avoid overflow, cast either "h->phdr.master_key_len" or "h->phdr.keyslot[i].stripes" to type "uint64_t".
|
||||
# 556| uint64_t len, r;
|
||||
# 557|
|
||||
# 558|-> len = h->phdr.master_key_len * h->phdr.keyslot[i].stripes;
|
||||
# 559| r = DIV_ROUND_UP (len, LUKS_SECTOR_SIZE);
|
||||
# 560| r = ROUND_UP (r, LUKS_ALIGN_KEYSLOTS / LUKS_SECTOR_SIZE);
|
||||
|
||||
Error: OVERFLOW_BEFORE_WIDEN (CWE-190): [#def62]
|
||||
nbdkit-1.30.7/filters/luks/luks-encryption.c:616: overflow_before_widen: Potentially overflowing expression "ks->key_material_offset * 512U" with type "unsigned int" (32 bits, unsigned) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "uint64_t" (64 bits, unsigned).
|
||||
nbdkit-1.30.7/filters/luks/luks-encryption.c:616: remediation: To avoid overflow, cast either "ks->key_material_offset" or "512U" to type "uint64_t".
|
||||
# 614|
|
||||
# 615| /* Read master key material from plugin. */
|
||||
# 616|-> start = ks->key_material_offset * LUKS_SECTOR_SIZE;
|
||||
# 617| if (next->pread (next, split_key, split_key_len, start, 0, &err) == -1) {
|
||||
# 618| errno = err;
|
||||
|
||||
Fixes: commit 468919dce6c5eb57503eacac0f67e5dd87c58e6c
|
||||
(cherry picked from commit 808d88fbc7b58b7c95e05f41fec729cba92ef518)
|
||||
---
|
||||
filters/luks/luks-encryption.c | 4 ++--
|
||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/filters/luks/luks-encryption.c b/filters/luks/luks-encryption.c
|
||||
index 19aaf06a..06435b27 100644
|
||||
--- a/filters/luks/luks-encryption.c
|
||||
+++ b/filters/luks/luks-encryption.c
|
||||
@@ -561,7 +561,7 @@ key_material_length_in_sectors (struct luks_data *h, size_t i)
|
||||
{
|
||||
uint64_t len, r;
|
||||
|
||||
- len = h->phdr.master_key_len * h->phdr.keyslot[i].stripes;
|
||||
+ len = (uint64_t) h->phdr.master_key_len * h->phdr.keyslot[i].stripes;
|
||||
r = DIV_ROUND_UP (len, LUKS_SECTOR_SIZE);
|
||||
r = ROUND_UP (r, LUKS_ALIGN_KEYSLOTS / LUKS_SECTOR_SIZE);
|
||||
return r;
|
||||
@@ -619,7 +619,7 @@ try_passphrase_in_keyslot (nbdkit_next *next, struct luks_data *h,
|
||||
}
|
||||
|
||||
/* Read master key material from plugin. */
|
||||
- start = ks->key_material_offset * LUKS_SECTOR_SIZE;
|
||||
+ start = (uint64_t) ks->key_material_offset * LUKS_SECTOR_SIZE;
|
||||
if (next->pread (next, split_key, split_key_len, start, 0, &err) == -1) {
|
||||
errno = err;
|
||||
return -1;
|
||||
--
|
||||
2.31.1
|
||||
|
36
0022-luks-Avoid-memory-leak-on-error-path.patch
Normal file
36
0022-luks-Avoid-memory-leak-on-error-path.patch
Normal file
@ -0,0 +1,36 @@
|
||||
From ee25c1be953bf385caf23f96384a9834c1f1c250 Mon Sep 17 00:00:00 2001
|
||||
From: "Richard W.M. Jones" <rjones@redhat.com>
|
||||
Date: Tue, 12 Jul 2022 18:10:30 +0100
|
||||
Subject: [PATCH] luks: Avoid memory leak on error path
|
||||
|
||||
Found by Coverity:
|
||||
|
||||
Error: CPPCHECK_WARNING (CWE-401): [#def65] [important]
|
||||
nbdkit-1.30.7/filters/luks/luks-encryption.c:707: error[memleak]: Memory leak: h
|
||||
# 705| if (memcmp (h->phdr.magic, expected_magic, LUKS_MAGIC_LEN) != 0) {
|
||||
# 706| nbdkit_error ("this disk does not contain a LUKS header");
|
||||
# 707|-> return NULL;
|
||||
# 708| }
|
||||
# 709| h->phdr.version = be16toh (h->phdr.version);
|
||||
|
||||
Fixes: commit 468919dce6c5eb57503eacac0f67e5dd87c58e6c
|
||||
(cherry picked from commit a345cff137763f105f07bb8942c1bbefd0959cff)
|
||||
---
|
||||
filters/luks/luks-encryption.c | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/filters/luks/luks-encryption.c b/filters/luks/luks-encryption.c
|
||||
index 06435b27..207a4e46 100644
|
||||
--- a/filters/luks/luks-encryption.c
|
||||
+++ b/filters/luks/luks-encryption.c
|
||||
@@ -710,6 +710,7 @@ load_header (nbdkit_next *next, const char *passphrase)
|
||||
|
||||
if (memcmp (h->phdr.magic, expected_magic, LUKS_MAGIC_LEN) != 0) {
|
||||
nbdkit_error ("this disk does not contain a LUKS header");
|
||||
+ free (h);
|
||||
return NULL;
|
||||
}
|
||||
h->phdr.version = be16toh (h->phdr.version);
|
||||
--
|
||||
2.31.1
|
||||
|
@ -0,0 +1,48 @@
|
||||
From 5ccf1068703d300c8b5579b3a6ef0e409b5a713e Mon Sep 17 00:00:00 2001
|
||||
From: "Richard W.M. Jones" <rjones@redhat.com>
|
||||
Date: Tue, 19 Jul 2022 11:56:47 +0100
|
||||
Subject: [PATCH] tests: Hoist some EXTRA_DIST out of automake conditionals
|
||||
|
||||
We can fail to add some test files (test.tcl, test.lua) to the tarball
|
||||
if compiling with those languages disabled, which would cause knock-on
|
||||
failures when the tarball was used with the languages enabled. We
|
||||
already fixed this for Ruby etc, this commit fixes it for Tcl and Lua.
|
||||
|
||||
(cherry picked from commit 3b6763c82909c95431ff57c2fe9be1b98316b057)
|
||||
---
|
||||
tests/Makefile.am | 6 ++++--
|
||||
1 file changed, 4 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/tests/Makefile.am b/tests/Makefile.am
|
||||
index 0f4b0746..2667be32 100644
|
||||
--- a/tests/Makefile.am
|
||||
+++ b/tests/Makefile.am
|
||||
@@ -1203,10 +1203,11 @@ EXTRA_DIST += \
|
||||
$(NULL)
|
||||
|
||||
# Tcl plugin test.
|
||||
+EXTRA_DIST += test.tcl
|
||||
+
|
||||
if HAVE_TCL
|
||||
|
||||
LIBGUESTFS_TESTS += test-tcl
|
||||
-EXTRA_DIST += test.tcl
|
||||
|
||||
test_tcl_SOURCES = test-lang-plugins.c test.h
|
||||
test_tcl_CFLAGS = \
|
||||
@@ -1219,10 +1220,11 @@ test_tcl_LDADD = libtest.la $(LIBGUESTFS_LIBS)
|
||||
endif HAVE_TCL
|
||||
|
||||
# Lua plugin test.
|
||||
+EXTRA_DIST += test.lua
|
||||
+
|
||||
if HAVE_LUA
|
||||
|
||||
LIBGUESTFS_TESTS += test-lua
|
||||
-EXTRA_DIST += test.lua
|
||||
|
||||
test_lua_SOURCES = test-lang-plugins.c test.h
|
||||
test_lua_CFLAGS = \
|
||||
--
|
||||
2.31.1
|
||||
|
13
nbdkit.spec
13
nbdkit.spec
@ -52,7 +52,7 @@ ExclusiveArch: x86_64
|
||||
%global source_directory 1.30-stable
|
||||
|
||||
Name: nbdkit
|
||||
Version: 1.30.7
|
||||
Version: 1.30.8
|
||||
Release: 1%{?dist}
|
||||
Summary: NBD server
|
||||
|
||||
@ -97,6 +97,10 @@ Patch0016: 0016-ssh-Don-t-reference-readahead-or-scan-filters-from-t.patch
|
||||
Patch0017: 0017-scan-Fix-bound-so-we-don-t-try-to-prefetch-beyond-en.patch
|
||||
Patch0018: 0018-tests-Add-a-regression-test-for-LUKS-zeroing-crash.patch
|
||||
Patch0019: 0019-rate-Allow-burstiness-to-be-controlled.patch
|
||||
Patch0020: 0020-luks-Check-return-values-from-malloc-more-carefully.patch
|
||||
Patch0021: 0021-luks-Avoid-potential-overflow-when-computing-key-mat.patch
|
||||
Patch0022: 0022-luks-Avoid-memory-leak-on-error-path.patch
|
||||
Patch0023: 0023-tests-Hoist-some-EXTRA_DIST-out-of-automake-conditio.patch
|
||||
|
||||
# For automatic RPM Provides generation.
|
||||
# See: https://rpm-software-management.github.io/rpm/manual/dependency_generators.html
|
||||
@ -1204,8 +1208,8 @@ export LIBGUESTFS_TRACE=1
|
||||
|
||||
|
||||
%changelog
|
||||
* Tue Jul 12 2022 Richard W.M. Jones <rjones@redhat.com> - 1.30.7-1
|
||||
- Rebase to new stable branch version 1.30.7
|
||||
* Tue Jul 19 2022 Richard W.M. Jones <rjones@redhat.com> - 1.30.8-1
|
||||
- Rebase to new stable branch version 1.30.8
|
||||
resolves: rhbz#2059289
|
||||
- Add automatic provides generator and subpackage nbdkit-srpm-macros
|
||||
resolves: rhbz#2059291
|
||||
@ -1231,6 +1235,9 @@ export LIBGUESTFS_TRACE=1
|
||||
resolves: rhbz#1905772
|
||||
- Fix memory allocator=malloc,mlock=true
|
||||
resolves: rhbz#2044432
|
||||
- Fix multiple Coverity problems
|
||||
- Fix bounds error in nbdkit-checkwrite-filter
|
||||
resolves: rhbz#2108545
|
||||
|
||||
* Mon Jan 24 2022 Richard W.M. Jones <rjones@redhat.com> - 1.28.5-1
|
||||
- Rebase to new stable branch version 1.28.5
|
||||
|
4
sources
4
sources
@ -1,2 +1,2 @@
|
||||
SHA512 (nbdkit-1.30.7.tar.gz) = acf48dc8f2b2d8967aca106f9c267cd8f022c54dbe07d1f32c8b5d14df33215f71029622f095fef1a442a2ab495618e81844b0b5f4a24b2be2869b3b3c990bf1
|
||||
SHA512 (nbdkit-1.30.7.tar.gz.sig) = 46f5c265240b447af7703ec8bce473e5951452c163c8f302291e3495c4c6ca5790b9382063c68613390bccf998d8c18efddda4878870af72029b854bb69e308e
|
||||
SHA512 (nbdkit-1.30.8.tar.gz) = 984e2ef921b0f339d2950cc87b9e5cfd3a6c45c107116a2ff8b5d30aa08bb9c9edbb8e16aa0a57c93b160ad411df842f1fa72f90f80fc261a0c30ec6a7d99795
|
||||
SHA512 (nbdkit-1.30.8.tar.gz.sig) = 2794da218bd052d9bed818343ae186945304a467ebd7ae75373faf471ff4fd18ed161dc1f866f17e4f190b5acc18141ff92e914ddb497a5e07065ebac3461f3b
|
||||
|
Loading…
Reference in New Issue
Block a user