Resolves: RHEL-31932 - Addressing findings from static application security testing
This commit is contained in:
parent
9db558266a
commit
771b15ff8e
187
net-tools-sast-findings.patch
Normal file
187
net-tools-sast-findings.patch
Normal file
@ -0,0 +1,187 @@
|
||||
diff --git a/netstat.c b/netstat.c
|
||||
index d04f0ff..17f680a 100644
|
||||
--- a/netstat.c
|
||||
+++ b/netstat.c
|
||||
@@ -359,7 +359,7 @@ static int extract_type_1_socket_inode(const char lname[], unsigned long * inode
|
||||
if (lname[strlen(lname)-1] != ']') return(-1);
|
||||
|
||||
{
|
||||
- char inode_str[strlen(lname + 1)]; /* e.g. "12345" */
|
||||
+ char inode_str[strlen(lname) + 1]; /* e.g. "12345" */
|
||||
const int inode_str_len = strlen(lname) - PRG_SOCKET_PFXl - 1;
|
||||
char *serr;
|
||||
|
||||
diff --git a/lib/ipx_gr.c b/lib/ipx_gr.c
|
||||
index 2fa717c..fe9dd13 100644
|
||||
--- a/lib/ipx_gr.c
|
||||
+++ b/lib/ipx_gr.c
|
||||
@@ -57,6 +57,7 @@ int IPX_rprint(int options)
|
||||
|
||||
if ((ap = get_afntype(AF_IPX)) == NULL) {
|
||||
EINTERN("lib/ipx_rt.c", "AF_IPX missing");
|
||||
+ fclose(fp);
|
||||
return (-1);
|
||||
}
|
||||
|
||||
diff --git a/lib/unix.c b/lib/unix.c
|
||||
index 8e5dbd1..47a93e6 100644
|
||||
--- a/lib/unix.c
|
||||
+++ b/lib/unix.c
|
||||
@@ -39,7 +39,7 @@ static const char *UNSPEC_print(const char *ptr)
|
||||
unsigned int i;
|
||||
|
||||
pos = buff;
|
||||
- for (i = 0; i < sizeof(struct sockaddr); i++) {
|
||||
+ for (i = 0; i < sizeof(struct sockaddr) - 1; i++) {
|
||||
pos += sprintf(pos, "%02X-", (*ptr++ & 0377));
|
||||
}
|
||||
buff[strlen(buff) - 1] = '\0';
|
||||
diff --git a/lib/netrom.c b/lib/netrom.c
|
||||
index 6bcde2d..f76811a 100644
|
||||
--- a/lib/netrom.c
|
||||
+++ b/lib/netrom.c
|
||||
@@ -75,7 +75,7 @@ static const char *NETROM_sprint(const struct sockaddr_storage *sasp, int numeri
|
||||
{
|
||||
const struct sockaddr_ax25 *ax25_sap = (const struct sockaddr_ax25 *)sasp;
|
||||
const struct sockaddr *sap = (const struct sockaddr *)sasp;
|
||||
- char buf[64];
|
||||
+ static char buf[64];
|
||||
if (sap->sa_family == 0xFFFF || sap->sa_family == 0)
|
||||
return safe_strncpy(buf, _("[NONE SET]"), sizeof(buf));
|
||||
return NETROM_print(ax25_sap->sax25_call.ax25_call);
|
||||
diff --git a/lib/masq_info.c b/lib/masq_info.c
|
||||
index cbfb2be..4224fe1 100644
|
||||
--- a/lib/masq_info.c
|
||||
+++ b/lib/masq_info.c
|
||||
@@ -105,7 +105,7 @@ static int read_masqinfo(FILE * f, struct masq *mslist, int nmslist)
|
||||
for (nread = 0; nread < nmslist; nread++) {
|
||||
ms = &mslist[nread];
|
||||
if (has_pdelta) {
|
||||
- if ((n = fscanf(f, " %s %"PRIx32":%hX %"PRIx32":%hX %hX %lX %hd %hd %lu",
|
||||
+ if ((n = fscanf(f, " %255s %"PRIx32":%hX %"PRIx32":%hX %hX %lX %hd %hd %lu",
|
||||
buf,
|
||||
&src_addr, &ms->sport,
|
||||
&dst_addr, &ms->dport,
|
||||
@@ -115,7 +115,7 @@ static int read_masqinfo(FILE * f, struct masq *mslist, int nmslist)
|
||||
memcpy(&ms->src.sin_addr.s_addr, &src_addr, 4);
|
||||
memcpy(&ms->dst.sin_addr.s_addr, &dst_addr, 4);
|
||||
} else {
|
||||
- if ((n = fscanf(f, " %s %"PRIx32":%hX %"PRIx32":%hX %hX %lX %hd %lu",
|
||||
+ if ((n = fscanf(f, " %255s %"PRIx32":%hX %"PRIx32":%hX %hX %lX %hd %lu",
|
||||
buf,
|
||||
&src_addr, &ms->sport,
|
||||
&dst_addr, &ms->dport,
|
||||
diff --git a/statistics.c b/statistics.c
|
||||
index 0b5a6f3..469c82e 100644
|
||||
--- a/statistics.c
|
||||
+++ b/statistics.c
|
||||
@@ -571,8 +571,11 @@ int parsesnmp(int flag_raw, int flag_tcp, int flag_udp, int flag_sctp)
|
||||
if (ferror(f)) {
|
||||
perror("/proc/net/sctp/snmp");
|
||||
fclose(f);
|
||||
+ return(1);
|
||||
}
|
||||
}
|
||||
+
|
||||
+ fclose(f);
|
||||
return(0);
|
||||
}
|
||||
|
||||
diff --git a/ifconfig.c b/ifconfig.c
|
||||
index 2b8cbbb..9a64f9a 100644
|
||||
--- a/ifconfig.c
|
||||
+++ b/ifconfig.c
|
||||
@@ -964,12 +964,15 @@ int main(int argc, char **argv)
|
||||
exit(1);
|
||||
}
|
||||
if (ap->input(0, host, &_sa) < 0) {
|
||||
- if (ap->herror)
|
||||
- ap->herror(host);
|
||||
- else
|
||||
- fprintf(stderr,_("ifconfig: error resolving '%s' to set address for af=%s\n"), host, ap->name); fprintf(stderr,
|
||||
- _("ifconfig: `--help' gives usage information.\n")); exit(1);
|
||||
+ if (ap->herror)
|
||||
+ ap->herror(host);
|
||||
+ else
|
||||
+ fprintf(stderr,_("ifconfig: error resolving '%s' to set address for af=%s\n"), host, ap->name);
|
||||
+
|
||||
+ fprintf(stderr, _("ifconfig: `--help' gives usage information.\n"));
|
||||
+ exit(1);
|
||||
}
|
||||
+
|
||||
memcpy(&ifr.ifr_addr, sa, sizeof(struct sockaddr));
|
||||
{
|
||||
int r = 0; /* to shut gcc up */
|
||||
diff --git a/lib/netrom_gr.c b/lib/netrom_gr.c
|
||||
index ec82fe8..bd532fb 100644
|
||||
--- a/lib/netrom_gr.c
|
||||
+++ b/lib/netrom_gr.c
|
||||
@@ -43,8 +43,14 @@ int NETROM_rprint(int options)
|
||||
if (!f2) perror(_PATH_PROCNET_NR_NEIGH);
|
||||
|
||||
if (f1 == NULL || f2 == NULL) {
|
||||
- printf(_("NET/ROM not configured in this system.\n"));
|
||||
- return 1;
|
||||
+ printf(_("NET/ROM not configured in this system.\n"));
|
||||
+ if (f1)
|
||||
+ fclose(f1);
|
||||
+
|
||||
+ if (f2)
|
||||
+ fclose(f2);
|
||||
+
|
||||
+ return 1;
|
||||
}
|
||||
printf(_("Kernel NET/ROM routing table\n"));
|
||||
printf(_("Destination Mnemonic Quality Neighbour Iface\n"));
|
||||
diff --git a/lib/inet_gr.c b/lib/inet_gr.c
|
||||
index b172d65..5dcab82 100644
|
||||
--- a/lib/inet_gr.c
|
||||
+++ b/lib/inet_gr.c
|
||||
@@ -289,27 +289,28 @@ int rprint_cache(int ext, int numeric)
|
||||
|
||||
if (format == 2) {
|
||||
if (ext >= 3)
|
||||
- printf(_("Source Destination Gateway "
|
||||
- "Flags Metric Ref Use Iface "
|
||||
- "MSS Window irtt TOS HHRef HHUptod SpecDst\n"));
|
||||
- fmt = proc_gen_fmt(_PATH_PROCNET_RTCACHE, 0, fp,
|
||||
- "Iface", "%15s",
|
||||
- "Destination", "%127s",
|
||||
- "Gateway", "%127s",
|
||||
- "Flags", "%X",
|
||||
- "RefCnt", "%d",
|
||||
- "Use", "%d",
|
||||
- "Metric", "%d",
|
||||
- "Source", "%127s",
|
||||
- "MTU", "%d",
|
||||
- "Window", "%d",
|
||||
- "IRTT", "%d",
|
||||
- "TOS", "%d",
|
||||
- "HHRef", "%d",
|
||||
- "HHUptod", "%d",
|
||||
- "SpecDst", "%127s",
|
||||
- NULL);
|
||||
- /* "%15s %127s %127s %X %d %d %d %127s %d %d %d %d %d %127s\n" */
|
||||
+ printf(_("Source Destination Gateway "
|
||||
+ "Flags Metric Ref Use Iface "
|
||||
+ "MSS Window irtt TOS HHRef HHUptod SpecDst\n"));
|
||||
+
|
||||
+ fmt = proc_gen_fmt(_PATH_PROCNET_RTCACHE, 0, fp,
|
||||
+ "Iface", "%15s",
|
||||
+ "Destination", "%127s",
|
||||
+ "Gateway", "%127s",
|
||||
+ "Flags", "%X",
|
||||
+ "RefCnt", "%d",
|
||||
+ "Use", "%d",
|
||||
+ "Metric", "%d",
|
||||
+ "Source", "%127s",
|
||||
+ "MTU", "%d",
|
||||
+ "Window", "%d",
|
||||
+ "IRTT", "%d",
|
||||
+ "TOS", "%d",
|
||||
+ "HHRef", "%d",
|
||||
+ "HHUptod", "%d",
|
||||
+ "SpecDst", "%127s",
|
||||
+ NULL);
|
||||
+ /* "%15s %127s %127s %X %d %d %d %127s %d %d %d %d %d %127s\n" */
|
||||
}
|
@ -3,7 +3,7 @@
|
||||
Summary: Basic networking tools
|
||||
Name: net-tools
|
||||
Version: 2.0
|
||||
Release: 0.62.%{checkout}%{?dist}
|
||||
Release: 0.63.%{checkout}%{?dist}
|
||||
License: GPLv2+
|
||||
URL: http://sourceforge.net/projects/net-tools/
|
||||
|
||||
@ -38,6 +38,7 @@ Patch23: net-tools-interface-name-len.patch
|
||||
Patch24: net-tools-correct-exit-code.patch
|
||||
Patch25: net-tools-spelling-error.patch
|
||||
Patch26: net-tools-route-inet6-output.patch
|
||||
Patch27: net-tools-sast-findings.patch
|
||||
|
||||
BuildRequires: make
|
||||
BuildRequires: bluez-libs-devel
|
||||
@ -74,6 +75,7 @@ cp %SOURCE8 ./man/en_US
|
||||
%patch24 -p1 -b .exit-codes
|
||||
%patch25 -p1 -b .spelling
|
||||
%patch26 -p1 -b .route-inet6
|
||||
%patch27 -p1 -b .sast
|
||||
|
||||
touch ./config.h
|
||||
|
||||
@ -146,6 +148,9 @@ install -D -p -m 644 %{SOURCE9} %{buildroot}%{_unitdir}/arp-ethers.service
|
||||
%attr(0644,root,root) %{_unitdir}/arp-ethers.service
|
||||
|
||||
%changelog
|
||||
* Thu May 09 2024 Michal Ruprich <mruprich@redhat.com> - 2.0-0.63.20160912git
|
||||
- Resolves: RHEL-31932 - Addressing findings from static application security testing
|
||||
|
||||
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 2.0-0.62.20160912git
|
||||
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
|
||||
Related: rhbz#1991688
|
||||
|
Loading…
Reference in New Issue
Block a user