Rebase to new stable branch version 1.30.8

resolves: rhbz#2059289

- Fix multiple Coverity problems
- Fix bounds error in nbdkit-checkwrite-filter
  resolves: rhbz#2108545
This commit is contained in:
Richard W.M. Jones 2022-07-19 11:59:24 +01:00
parent 82a691cb64
commit d7e3d19b6a
25 changed files with 288 additions and 36 deletions

View File

@ -1,4 +1,4 @@
From 9f9f1edb5a93574bf717e2d884a30a87b231a572 Mon Sep 17 00:00:00 2001 From 6a2b0aac8be655524ea223e32cac0395fcc9f975 Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com> From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Fri, 15 Apr 2022 12:08:37 +0100 Date: Fri, 15 Apr 2022 12:08:37 +0100
Subject: [PATCH] ssh: Allow the remote file to be created Subject: [PATCH] ssh: Allow the remote file to be created

View File

@ -1,4 +1,4 @@
From c9c5a1455096822264df02cc157a693310144a62 Mon Sep 17 00:00:00 2001 From ac40ae11bc9983e11185749b23e793568cb366cc Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com> From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Sat, 16 Apr 2022 18:39:13 +0100 Date: Sat, 16 Apr 2022 18:39:13 +0100
Subject: [PATCH] readahead: Rewrite this filter so it prefetches using .cache Subject: [PATCH] readahead: Rewrite this filter so it prefetches using .cache

View File

@ -1,4 +1,4 @@
From ce5607d2bf2f895464d0cb2ba9c285c67325e7f5 Mon Sep 17 00:00:00 2001 From b41b7d7ddf6d3fba23ac7978c8b272f2ff84265d Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com> From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Thu, 21 Apr 2022 16:14:46 +0100 Date: Thu, 21 Apr 2022 16:14:46 +0100
Subject: [PATCH] readahead: Fix test Subject: [PATCH] readahead: Fix test

View File

@ -1,4 +1,4 @@
From f69d0db070ee3a02351c3c4ada0ab00c33bc76ef Mon Sep 17 00:00:00 2001 From c19936170cf8b385687cf40f5a9507d87ae08267 Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com> From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Sat, 30 Apr 2022 12:35:07 +0100 Date: Sat, 30 Apr 2022 12:35:07 +0100
Subject: [PATCH] New filter: luks Subject: [PATCH] New filter: luks
@ -55,7 +55,7 @@ index 4d2a9796..0f5dc41d 100644
* The filter should open a new connection to the plugin per background * The filter should open a new connection to the plugin per background
diff --git a/configure.ac b/configure.ac diff --git a/configure.ac b/configure.ac
index 10729d8a..78af16d5 100644 index a402921b..de85b4da 100644
--- a/configure.ac --- a/configure.ac
+++ b/configure.ac +++ b/configure.ac
@@ -127,6 +127,7 @@ filters="\ @@ -127,6 +127,7 @@ filters="\
@ -76,7 +76,7 @@ index 10729d8a..78af16d5 100644
+AS_IF([test "x$GNUTLS_LIBS" != "x"],[ +AS_IF([test "x$GNUTLS_LIBS" != "x"],[
AC_MSG_CHECKING([for default TLS session priority string]) AC_MSG_CHECKING([for default TLS session priority string])
AC_ARG_WITH([tls-priority], AC_ARG_WITH([tls-priority],
[AS_HELP_STRING([--with-tls-priority], [AS_HELP_STRING([--with-tls-priority=...],
@@ -1383,6 +1385,7 @@ AC_CONFIG_FILES([Makefile @@ -1383,6 +1385,7 @@ AC_CONFIG_FILES([Makefile
filters/ip/Makefile filters/ip/Makefile
filters/limit/Makefile filters/limit/Makefile
@ -1596,10 +1596,10 @@ index f8f0e198..b95e7349 100644
=head1 AUTHORS =head1 AUTHORS
diff --git a/tests/Makefile.am b/tests/Makefile.am diff --git a/tests/Makefile.am b/tests/Makefile.am
index b9c1137c..b041b186 100644 index b310e8a2..c29453ba 100644
--- a/tests/Makefile.am --- a/tests/Makefile.am
+++ b/tests/Makefile.am +++ b/tests/Makefile.am
@@ -1594,6 +1594,18 @@ EXTRA_DIST += \ @@ -1596,6 +1596,18 @@ EXTRA_DIST += \
test-log-script-info.sh \ test-log-script-info.sh \
$(NULL) $(NULL)

View File

@ -1,4 +1,4 @@
From cc0bc042e260334b7f5b39ea4c283c9ad9bac164 Mon Sep 17 00:00:00 2001 From 66daae1a7daf680e06f884e9af6a14830263c932 Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com> From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Sun, 8 May 2022 12:13:39 +0100 Date: Sun, 8 May 2022 12:13:39 +0100
Subject: [PATCH] luks: Disable filter with old GnuTLS in Debian 10 Subject: [PATCH] luks: Disable filter with old GnuTLS in Debian 10
@ -36,7 +36,7 @@ Fixes: commit 468919dce6c5eb57503eacac0f67e5dd87c58e6c
3 files changed, 6 insertions(+), 3 deletions(-) 3 files changed, 6 insertions(+), 3 deletions(-)
diff --git a/configure.ac b/configure.ac diff --git a/configure.ac b/configure.ac
index 78af16d5..7089f937 100644 index de85b4da..1d209f67 100644
--- a/configure.ac --- a/configure.ac
+++ b/configure.ac +++ b/configure.ac
@@ -636,12 +636,15 @@ AS_IF([test "x$GNUTLS_LIBS" != "x"],[ @@ -636,12 +636,15 @@ AS_IF([test "x$GNUTLS_LIBS" != "x"],[
@ -78,10 +78,10 @@ index 30089621..622e5c3d 100644
filter_LTLIBRARIES = nbdkit-luks-filter.la filter_LTLIBRARIES = nbdkit-luks-filter.la
diff --git a/tests/Makefile.am b/tests/Makefile.am diff --git a/tests/Makefile.am b/tests/Makefile.am
index b041b186..937d2919 100644 index c29453ba..5585b3b7 100644
--- a/tests/Makefile.am --- a/tests/Makefile.am
+++ b/tests/Makefile.am +++ b/tests/Makefile.am
@@ -1595,7 +1595,7 @@ EXTRA_DIST += \ @@ -1597,7 +1597,7 @@ EXTRA_DIST += \
$(NULL) $(NULL)
# luks filter test. # luks filter test.

View File

@ -1,4 +1,4 @@
From 9961cd8018d6287af45d7691656c56d9443660cf Mon Sep 17 00:00:00 2001 From b3c05065801c723966a3e8d93c9b84e808ff38b9 Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com> From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Sun, 8 May 2022 12:30:09 +0100 Date: Sun, 8 May 2022 12:30:09 +0100
Subject: [PATCH] luks: Various fixes for Clang Subject: [PATCH] luks: Various fixes for Clang

View File

@ -1,4 +1,4 @@
From 24963801a0a0a4eb1c33d2cfa213e0564fef889c Mon Sep 17 00:00:00 2001 From 9416effd73a5cb2e1c929449fca88fd7152aa1be Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com> From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Sun, 8 May 2022 12:38:00 +0100 Date: Sun, 8 May 2022 12:38:00 +0100
Subject: [PATCH] luks: Link with libcompat on Windows Subject: [PATCH] luks: Link with libcompat on Windows

View File

@ -1,4 +1,4 @@
From 22b56fee6d3ed2a5ea37f9b1ed62b9d5144e5369 Mon Sep 17 00:00:00 2001 From e8279107801bb93303b22e1b927929ce18279dc5 Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com> From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Sun, 8 May 2022 16:13:13 +0100 Date: Sun, 8 May 2022 16:13:13 +0100
Subject: [PATCH] luks: Refactor the filter Subject: [PATCH] luks: Refactor the filter

View File

@ -1,4 +1,4 @@
From b3989481c7c605f1872ac15d42cf6a9ac738ab00 Mon Sep 17 00:00:00 2001 From 387bd4c6fee8ab339fd04e0b841b0c67e6020c8a Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com> From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Sun, 8 May 2022 18:05:45 +0100 Date: Sun, 8 May 2022 18:05:45 +0100
Subject: [PATCH] tests: luks: Reduce time taken to run these tests Subject: [PATCH] tests: luks: Reduce time taken to run these tests

View File

@ -1,4 +1,4 @@
From 509c71f425945e219ceb507f06bbac546fb26c7c Mon Sep 17 00:00:00 2001 From 52ee1dab95436128b44c37cc495022ff90108b2e Mon Sep 17 00:00:00 2001
From: Nikolaus Rath <Nikolaus@rath.org> From: Nikolaus Rath <Nikolaus@rath.org>
Date: Mon, 9 May 2022 10:04:30 +0100 Date: Mon, 9 May 2022 10:04:30 +0100
Subject: [PATCH] Add nbdkit.parse_size() Python function. Subject: [PATCH] Add nbdkit.parse_size() Python function.

View File

@ -1,4 +1,4 @@
From cf7bb8134726263b8f0f1dc0478ca82cdc22dbd4 Mon Sep 17 00:00:00 2001 From 644e0ed6333cf5fe2c1e39da157e8f1ce97267b9 Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com> From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Sat, 14 May 2022 13:47:19 +0100 Date: Sat, 14 May 2022 13:47:19 +0100
Subject: [PATCH] cache: Fix cross-reference nbdkit-readahead-filter Subject: [PATCH] cache: Fix cross-reference nbdkit-readahead-filter

View File

@ -1,4 +1,4 @@
From 75a84b37dba4907b790ebb2dc56ac689ea8370e7 Mon Sep 17 00:00:00 2001 From 4a7e5169935c8850fddcea8da79639ded907c549 Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com> From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Sat, 14 May 2022 14:00:16 +0100 Date: Sat, 14 May 2022 14:00:16 +0100
Subject: [PATCH] curl: Don't document curl plugin + readahead filter Subject: [PATCH] curl: Don't document curl plugin + readahead filter

View File

@ -1,4 +1,4 @@
From 46b2d3954011b2f0ebf5203ce549cb7e8f822b09 Mon Sep 17 00:00:00 2001 From 8bfe6512d07caf778fd001425435b048c45513eb Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com> From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Sat, 14 May 2022 13:46:56 +0100 Date: Sat, 14 May 2022 13:46:56 +0100
Subject: [PATCH] New filter: scan Subject: [PATCH] New filter: scan
@ -54,7 +54,7 @@ index 0f5dc41d..8600d9e4 100644
single context into the backend shared among multiple client single context into the backend shared among multiple client
connections. This may even allow a filter to offer a more parallel connections. This may even allow a filter to offer a more parallel
diff --git a/configure.ac b/configure.ac diff --git a/configure.ac b/configure.ac
index 7089f937..a02d16d9 100644 index 1d209f67..466dbd9b 100644
--- a/configure.ac --- a/configure.ac
+++ b/configure.ac +++ b/configure.ac
@@ -142,6 +142,7 @@ filters="\ @@ -142,6 +142,7 @@ filters="\
@ -896,10 +896,10 @@ index ea5899dc..3991e86b 100644
L<https://libvirt.org/drvesx.html>, L<https://libvirt.org/drvesx.html>,
L<https://www.vmware.com/support/developer/vddk/>, L<https://www.vmware.com/support/developer/vddk/>,
diff --git a/tests/Makefile.am b/tests/Makefile.am diff --git a/tests/Makefile.am b/tests/Makefile.am
index 937d2919..6a63e4e8 100644 index 5585b3b7..799aa6c2 100644
--- a/tests/Makefile.am --- a/tests/Makefile.am
+++ b/tests/Makefile.am +++ b/tests/Makefile.am
@@ -1752,6 +1752,16 @@ test_retry_request_mirror_LDADD = \ @@ -1754,6 +1754,16 @@ test_retry_request_mirror_LDADD = \
$(LIBNBD_LIBS) \ $(LIBNBD_LIBS) \
$(NULL) $(NULL)

View File

@ -1,4 +1,4 @@
From fd743f16847520207304e7f7f66839708abaffd9 Mon Sep 17 00:00:00 2001 From 91677241184ab1aa77adadd612fa069d084863ec Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com> From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Sat, 14 May 2022 18:54:32 +0100 Date: Sat, 14 May 2022 18:54:32 +0100
Subject: [PATCH] scan: Remove condition variable Subject: [PATCH] scan: Remove condition variable

View File

@ -1,4 +1,4 @@
From f5e7beb490131d5674b7c1ff8b312da3f6d5e078 Mon Sep 17 00:00:00 2001 From c191f45530d4dd7f978803c0bfa402ca0fc950df Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com> From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Sat, 14 May 2022 19:02:48 +0100 Date: Sat, 14 May 2022 19:02:48 +0100
Subject: [PATCH] scan: Small typographical fix in manual Subject: [PATCH] scan: Small typographical fix in manual

View File

@ -1,4 +1,4 @@
From 1bd582bce19ed3beb27879a1bfcee247d22c7fba Mon Sep 17 00:00:00 2001 From 651045d703804d7dafab04a0387ca92573f52467 Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com> From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Sat, 14 May 2022 20:57:38 +0100 Date: Sat, 14 May 2022 20:57:38 +0100
Subject: [PATCH] ssh: Don't reference readahead or scan filters from this Subject: [PATCH] ssh: Don't reference readahead or scan filters from this

View File

@ -1,4 +1,4 @@
From cad7357b2d4dd70bd75adbbd44aa1715bd0d090c Mon Sep 17 00:00:00 2001 From f58d2a04338edc647e2334ff58b49508424e3f3b Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com> From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Tue, 17 May 2022 13:20:17 +0100 Date: Tue, 17 May 2022 13:20:17 +0100
Subject: [PATCH] scan: Fix bound so we don't try to prefetch beyond end of Subject: [PATCH] scan: Fix bound so we don't try to prefetch beyond end of

View File

@ -1,4 +1,4 @@
From ec7154cb4010e5c20ae8b1df8a95550bc5e42ee2 Mon Sep 17 00:00:00 2001 From d1d2f43223bcda062d10c8e68776590956892f71 Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com> From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Fri, 10 Jun 2022 22:11:44 +0100 Date: Fri, 10 Jun 2022 22:11:44 +0100
Subject: [PATCH] tests: Add a regression test for LUKS zeroing crash Subject: [PATCH] tests: Add a regression test for LUKS zeroing crash
@ -12,10 +12,10 @@ https://listman.redhat.com/archives/libguestfs/2022-June/029188.html
create mode 100755 tests/test-luks-copy-zero.sh create mode 100755 tests/test-luks-copy-zero.sh
diff --git a/tests/Makefile.am b/tests/Makefile.am diff --git a/tests/Makefile.am b/tests/Makefile.am
index 6a63e4e8..824232d1 100644 index 799aa6c2..0f4b0746 100644
--- a/tests/Makefile.am --- a/tests/Makefile.am
+++ b/tests/Makefile.am +++ b/tests/Makefile.am
@@ -1599,11 +1599,13 @@ if HAVE_GNUTLS_PBKDF2 @@ -1601,11 +1601,13 @@ if HAVE_GNUTLS_PBKDF2
TESTS += \ TESTS += \
test-luks-info.sh \ test-luks-info.sh \
test-luks-copy.sh \ test-luks-copy.sh \

View File

@ -1,4 +1,4 @@
From 7c7557d9954eb7d8fa6249af316879dada22829d Mon Sep 17 00:00:00 2001 From c1a7c87fb9710fb29d699d1f39d0da19caf98da0 Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com> From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Sat, 11 Jun 2022 12:34:02 +0100 Date: Sat, 11 Jun 2022 12:34:02 +0100
Subject: [PATCH] rate: Allow burstiness to be controlled Subject: [PATCH] rate: Allow burstiness to be controlled

View File

@ -0,0 +1,104 @@
From 4e8599886ba4802fef1683811a725e7c4bc4fe72 Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Tue, 12 Jul 2022 18:00:38 +0100
Subject: [PATCH] luks: Check return values from malloc more carefully
Found by Coverity:
Error: GCC_ANALYZER_WARNING (CWE-688): [#def53]
nbdkit-1.30.7/filters/luks/luks-encryption.c: scope_hint: In function 'calculate_iv'
nbdkit-1.30.7/filters/luks/luks-encryption.c:175:5: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL 'iv' where non-null expected
nbdkit-1.30.7/filters/luks/luks-encryption.c:39: included_from: Included from here.
/usr/include/string.h:43:14: note: argument 1 of 'memcpy' must be non-null
# 173| sector32 = (uint32_t) sector; /* truncate to only lower bits */
# 174| sector32 = htole32 (sector32);
# 175|-> memcpy (iv, &sector32, prefixlen);
# 176| memset (iv + prefixlen, 0, ivlen - prefixlen);
# 177| break;
Error: GCC_ANALYZER_WARNING (CWE-688): [#def54]
nbdkit-1.30.7/filters/luks/luks-encryption.c:184:5: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL 'iv' where non-null expected
nbdkit-1.30.7/filters/luks/luks-encryption.c:39: included_from: Included from here.
/usr/include/string.h:43:14: note: argument 1 of 'memcpy' must be non-null
# 182| prefixlen = ivlen;
# 183| sector = htole64 (sector);
# 184|-> memcpy (iv, &sector, prefixlen);
# 185| memset (iv + prefixlen, 0, ivlen - prefixlen);
# 186| break;
Error: NULL_RETURNS (CWE-476): [#def55]
nbdkit-1.30.7/filters/luks/luks-encryption.c:498: returned_null: "malloc" returns "NULL" (checked 86 out of 94 times).
nbdkit-1.30.7/filters/luks/luks-encryption.c:498: var_assigned: Assigning: "temp" = "NULL" return value from "malloc".
nbdkit-1.30.7/filters/luks/luks-encryption.c:523: dereference: Dereferencing a pointer that might be "NULL" "temp" when calling "memcpy". [Note: The source code implementation of the function has been overridden by a builtin model.]
# 521| gnutls_hash_deinit (hash, temp);
# 522|
# 523|-> memcpy (&block[i*digest_bytes], temp, blen);
# 524| }
# 525|
Fixes: commit 468919dce6c5eb57503eacac0f67e5dd87c58e6c
(cherry picked from commit 00c8bbd9e321681843140f697985505de7177f34)
---
filters/luks/luks-encryption.c | 28 +++++++++++++++++++++++-----
1 file changed, 23 insertions(+), 5 deletions(-)
diff --git a/filters/luks/luks-encryption.c b/filters/luks/luks-encryption.c
index 8ee0eb35..19aaf06a 100644
--- a/filters/luks/luks-encryption.c
+++ b/filters/luks/luks-encryption.c
@@ -495,9 +495,15 @@ af_hash (gnutls_digest_algorithm_t hash_alg, uint8_t *block, size_t len)
size_t digest_bytes = gnutls_hash_get_len (hash_alg);
size_t nr_blocks, last_block_len;
size_t i;
- CLEANUP_FREE uint8_t *temp = malloc (digest_bytes);
int r;
gnutls_hash_hd_t hash;
+ CLEANUP_FREE uint8_t *temp;
+
+ temp = malloc (digest_bytes);
+ if (!temp) {
+ nbdkit_error ("malloc: %m");
+ return -1;
+ }
nr_blocks = len / digest_bytes;
last_block_len = len % digest_bytes;
@@ -874,9 +880,15 @@ int
do_decrypt (struct luks_data *h, gnutls_cipher_hd_t cipher,
uint64_t sector, uint8_t *buf, size_t nr_sectors)
{
- const size_t ivlen = cipher_alg_iv_len (h->cipher_alg, h->cipher_mode);
- CLEANUP_FREE uint8_t *iv = malloc (ivlen);
int r;
+ const size_t ivlen = cipher_alg_iv_len (h->cipher_alg, h->cipher_mode);
+ CLEANUP_FREE uint8_t *iv;
+
+ iv = malloc (ivlen);
+ if (!iv) {
+ nbdkit_error ("malloc: %m");
+ return -1;
+ }
while (nr_sectors) {
calculate_iv (h->ivgen_alg, iv, ivlen, sector);
@@ -902,9 +914,15 @@ int
do_encrypt (struct luks_data *h, gnutls_cipher_hd_t cipher,
uint64_t sector, uint8_t *buf, size_t nr_sectors)
{
- const size_t ivlen = cipher_alg_iv_len (h->cipher_alg, h->cipher_mode);
- CLEANUP_FREE uint8_t *iv = malloc (ivlen);
int r;
+ const size_t ivlen = cipher_alg_iv_len (h->cipher_alg, h->cipher_mode);
+ CLEANUP_FREE uint8_t *iv;
+
+ iv = malloc (ivlen);
+ if (!iv) {
+ nbdkit_error ("malloc: %m");
+ return -1;
+ }
while (nr_sectors) {
calculate_iv (h->ivgen_alg, iv, ivlen, sector);
--
2.31.1

View File

@ -0,0 +1,57 @@
From 1d593a76796574845d7e32aaadd9f7d1ed4e7987 Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Tue, 12 Jul 2022 18:07:25 +0100
Subject: [PATCH] luks: Avoid potential overflow when computing key material
offset and length
Found by Coverity:
Error: OVERFLOW_BEFORE_WIDEN (CWE-190): [#def58]
nbdkit-1.30.7/filters/luks/luks-encryption.c:558: overflow_before_widen: Potentially overflowing expression "h->phdr.master_key_len * h->phdr.keyslot[i].stripes" with type "unsigned int" (32 bits, unsigned) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "uint64_t" (64 bits, unsigned).
nbdkit-1.30.7/filters/luks/luks-encryption.c:558: remediation: To avoid overflow, cast either "h->phdr.master_key_len" or "h->phdr.keyslot[i].stripes" to type "uint64_t".
# 556| uint64_t len, r;
# 557|
# 558|-> len = h->phdr.master_key_len * h->phdr.keyslot[i].stripes;
# 559| r = DIV_ROUND_UP (len, LUKS_SECTOR_SIZE);
# 560| r = ROUND_UP (r, LUKS_ALIGN_KEYSLOTS / LUKS_SECTOR_SIZE);
Error: OVERFLOW_BEFORE_WIDEN (CWE-190): [#def62]
nbdkit-1.30.7/filters/luks/luks-encryption.c:616: overflow_before_widen: Potentially overflowing expression "ks->key_material_offset * 512U" with type "unsigned int" (32 bits, unsigned) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "uint64_t" (64 bits, unsigned).
nbdkit-1.30.7/filters/luks/luks-encryption.c:616: remediation: To avoid overflow, cast either "ks->key_material_offset" or "512U" to type "uint64_t".
# 614|
# 615| /* Read master key material from plugin. */
# 616|-> start = ks->key_material_offset * LUKS_SECTOR_SIZE;
# 617| if (next->pread (next, split_key, split_key_len, start, 0, &err) == -1) {
# 618| errno = err;
Fixes: commit 468919dce6c5eb57503eacac0f67e5dd87c58e6c
(cherry picked from commit 808d88fbc7b58b7c95e05f41fec729cba92ef518)
---
filters/luks/luks-encryption.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/filters/luks/luks-encryption.c b/filters/luks/luks-encryption.c
index 19aaf06a..06435b27 100644
--- a/filters/luks/luks-encryption.c
+++ b/filters/luks/luks-encryption.c
@@ -561,7 +561,7 @@ key_material_length_in_sectors (struct luks_data *h, size_t i)
{
uint64_t len, r;
- len = h->phdr.master_key_len * h->phdr.keyslot[i].stripes;
+ len = (uint64_t) h->phdr.master_key_len * h->phdr.keyslot[i].stripes;
r = DIV_ROUND_UP (len, LUKS_SECTOR_SIZE);
r = ROUND_UP (r, LUKS_ALIGN_KEYSLOTS / LUKS_SECTOR_SIZE);
return r;
@@ -619,7 +619,7 @@ try_passphrase_in_keyslot (nbdkit_next *next, struct luks_data *h,
}
/* Read master key material from plugin. */
- start = ks->key_material_offset * LUKS_SECTOR_SIZE;
+ start = (uint64_t) ks->key_material_offset * LUKS_SECTOR_SIZE;
if (next->pread (next, split_key, split_key_len, start, 0, &err) == -1) {
errno = err;
return -1;
--
2.31.1

View File

@ -0,0 +1,36 @@
From ee25c1be953bf385caf23f96384a9834c1f1c250 Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Tue, 12 Jul 2022 18:10:30 +0100
Subject: [PATCH] luks: Avoid memory leak on error path
Found by Coverity:
Error: CPPCHECK_WARNING (CWE-401): [#def65] [important]
nbdkit-1.30.7/filters/luks/luks-encryption.c:707: error[memleak]: Memory leak: h
# 705| if (memcmp (h->phdr.magic, expected_magic, LUKS_MAGIC_LEN) != 0) {
# 706| nbdkit_error ("this disk does not contain a LUKS header");
# 707|-> return NULL;
# 708| }
# 709| h->phdr.version = be16toh (h->phdr.version);
Fixes: commit 468919dce6c5eb57503eacac0f67e5dd87c58e6c
(cherry picked from commit a345cff137763f105f07bb8942c1bbefd0959cff)
---
filters/luks/luks-encryption.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/filters/luks/luks-encryption.c b/filters/luks/luks-encryption.c
index 06435b27..207a4e46 100644
--- a/filters/luks/luks-encryption.c
+++ b/filters/luks/luks-encryption.c
@@ -710,6 +710,7 @@ load_header (nbdkit_next *next, const char *passphrase)
if (memcmp (h->phdr.magic, expected_magic, LUKS_MAGIC_LEN) != 0) {
nbdkit_error ("this disk does not contain a LUKS header");
+ free (h);
return NULL;
}
h->phdr.version = be16toh (h->phdr.version);
--
2.31.1

View File

@ -0,0 +1,48 @@
From 5ccf1068703d300c8b5579b3a6ef0e409b5a713e Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Tue, 19 Jul 2022 11:56:47 +0100
Subject: [PATCH] tests: Hoist some EXTRA_DIST out of automake conditionals
We can fail to add some test files (test.tcl, test.lua) to the tarball
if compiling with those languages disabled, which would cause knock-on
failures when the tarball was used with the languages enabled. We
already fixed this for Ruby etc, this commit fixes it for Tcl and Lua.
(cherry picked from commit 3b6763c82909c95431ff57c2fe9be1b98316b057)
---
tests/Makefile.am | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/tests/Makefile.am b/tests/Makefile.am
index 0f4b0746..2667be32 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -1203,10 +1203,11 @@ EXTRA_DIST += \
$(NULL)
# Tcl plugin test.
+EXTRA_DIST += test.tcl
+
if HAVE_TCL
LIBGUESTFS_TESTS += test-tcl
-EXTRA_DIST += test.tcl
test_tcl_SOURCES = test-lang-plugins.c test.h
test_tcl_CFLAGS = \
@@ -1219,10 +1220,11 @@ test_tcl_LDADD = libtest.la $(LIBGUESTFS_LIBS)
endif HAVE_TCL
# Lua plugin test.
+EXTRA_DIST += test.lua
+
if HAVE_LUA
LIBGUESTFS_TESTS += test-lua
-EXTRA_DIST += test.lua
test_lua_SOURCES = test-lang-plugins.c test.h
test_lua_CFLAGS = \
--
2.31.1

View File

@ -52,7 +52,7 @@ ExclusiveArch: x86_64
%global source_directory 1.30-stable %global source_directory 1.30-stable
Name: nbdkit Name: nbdkit
Version: 1.30.7 Version: 1.30.8
Release: 1%{?dist} Release: 1%{?dist}
Summary: NBD server Summary: NBD server
@ -97,6 +97,10 @@ Patch0016: 0016-ssh-Don-t-reference-readahead-or-scan-filters-from-t.patch
Patch0017: 0017-scan-Fix-bound-so-we-don-t-try-to-prefetch-beyond-en.patch Patch0017: 0017-scan-Fix-bound-so-we-don-t-try-to-prefetch-beyond-en.patch
Patch0018: 0018-tests-Add-a-regression-test-for-LUKS-zeroing-crash.patch Patch0018: 0018-tests-Add-a-regression-test-for-LUKS-zeroing-crash.patch
Patch0019: 0019-rate-Allow-burstiness-to-be-controlled.patch Patch0019: 0019-rate-Allow-burstiness-to-be-controlled.patch
Patch0020: 0020-luks-Check-return-values-from-malloc-more-carefully.patch
Patch0021: 0021-luks-Avoid-potential-overflow-when-computing-key-mat.patch
Patch0022: 0022-luks-Avoid-memory-leak-on-error-path.patch
Patch0023: 0023-tests-Hoist-some-EXTRA_DIST-out-of-automake-conditio.patch
# For automatic RPM Provides generation. # For automatic RPM Provides generation.
# See: https://rpm-software-management.github.io/rpm/manual/dependency_generators.html # See: https://rpm-software-management.github.io/rpm/manual/dependency_generators.html
@ -1204,8 +1208,8 @@ export LIBGUESTFS_TRACE=1
%changelog %changelog
* Tue Jul 12 2022 Richard W.M. Jones <rjones@redhat.com> - 1.30.7-1 * Tue Jul 19 2022 Richard W.M. Jones <rjones@redhat.com> - 1.30.8-1
- Rebase to new stable branch version 1.30.7 - Rebase to new stable branch version 1.30.8
resolves: rhbz#2059289 resolves: rhbz#2059289
- Add automatic provides generator and subpackage nbdkit-srpm-macros - Add automatic provides generator and subpackage nbdkit-srpm-macros
resolves: rhbz#2059291 resolves: rhbz#2059291
@ -1231,6 +1235,9 @@ export LIBGUESTFS_TRACE=1
resolves: rhbz#1905772 resolves: rhbz#1905772
- Fix memory allocator=malloc,mlock=true - Fix memory allocator=malloc,mlock=true
resolves: rhbz#2044432 resolves: rhbz#2044432
- Fix multiple Coverity problems
- Fix bounds error in nbdkit-checkwrite-filter
resolves: rhbz#2108545
* Mon Jan 24 2022 Richard W.M. Jones <rjones@redhat.com> - 1.28.5-1 * Mon Jan 24 2022 Richard W.M. Jones <rjones@redhat.com> - 1.28.5-1
- Rebase to new stable branch version 1.28.5 - Rebase to new stable branch version 1.28.5

View File

@ -1,2 +1,2 @@
SHA512 (nbdkit-1.30.7.tar.gz) = acf48dc8f2b2d8967aca106f9c267cd8f022c54dbe07d1f32c8b5d14df33215f71029622f095fef1a442a2ab495618e81844b0b5f4a24b2be2869b3b3c990bf1 SHA512 (nbdkit-1.30.8.tar.gz) = 984e2ef921b0f339d2950cc87b9e5cfd3a6c45c107116a2ff8b5d30aa08bb9c9edbb8e16aa0a57c93b160ad411df842f1fa72f90f80fc261a0c30ec6a7d99795
SHA512 (nbdkit-1.30.7.tar.gz.sig) = 46f5c265240b447af7703ec8bce473e5951452c163c8f302291e3495c4c6ca5790b9382063c68613390bccf998d8c18efddda4878870af72029b854bb69e308e SHA512 (nbdkit-1.30.8.tar.gz.sig) = 2794da218bd052d9bed818343ae186945304a467ebd7ae75373faf471ff4fd18ed161dc1f866f17e4f190b5acc18141ff92e914ddb497a5e07065ebac3461f3b