Resolves: RHEL-31932 - Addressing findings from static application security testing
This commit is contained in:
parent
9db558266a
commit
771b15ff8e
187
net-tools-sast-findings.patch
Normal file
187
net-tools-sast-findings.patch
Normal file
@ -0,0 +1,187 @@
|
|||||||
|
diff --git a/netstat.c b/netstat.c
|
||||||
|
index d04f0ff..17f680a 100644
|
||||||
|
--- a/netstat.c
|
||||||
|
+++ b/netstat.c
|
||||||
|
@@ -359,7 +359,7 @@ static int extract_type_1_socket_inode(const char lname[], unsigned long * inode
|
||||||
|
if (lname[strlen(lname)-1] != ']') return(-1);
|
||||||
|
|
||||||
|
{
|
||||||
|
- char inode_str[strlen(lname + 1)]; /* e.g. "12345" */
|
||||||
|
+ char inode_str[strlen(lname) + 1]; /* e.g. "12345" */
|
||||||
|
const int inode_str_len = strlen(lname) - PRG_SOCKET_PFXl - 1;
|
||||||
|
char *serr;
|
||||||
|
|
||||||
|
diff --git a/lib/ipx_gr.c b/lib/ipx_gr.c
|
||||||
|
index 2fa717c..fe9dd13 100644
|
||||||
|
--- a/lib/ipx_gr.c
|
||||||
|
+++ b/lib/ipx_gr.c
|
||||||
|
@@ -57,6 +57,7 @@ int IPX_rprint(int options)
|
||||||
|
|
||||||
|
if ((ap = get_afntype(AF_IPX)) == NULL) {
|
||||||
|
EINTERN("lib/ipx_rt.c", "AF_IPX missing");
|
||||||
|
+ fclose(fp);
|
||||||
|
return (-1);
|
||||||
|
}
|
||||||
|
|
||||||
|
diff --git a/lib/unix.c b/lib/unix.c
|
||||||
|
index 8e5dbd1..47a93e6 100644
|
||||||
|
--- a/lib/unix.c
|
||||||
|
+++ b/lib/unix.c
|
||||||
|
@@ -39,7 +39,7 @@ static const char *UNSPEC_print(const char *ptr)
|
||||||
|
unsigned int i;
|
||||||
|
|
||||||
|
pos = buff;
|
||||||
|
- for (i = 0; i < sizeof(struct sockaddr); i++) {
|
||||||
|
+ for (i = 0; i < sizeof(struct sockaddr) - 1; i++) {
|
||||||
|
pos += sprintf(pos, "%02X-", (*ptr++ & 0377));
|
||||||
|
}
|
||||||
|
buff[strlen(buff) - 1] = '\0';
|
||||||
|
diff --git a/lib/netrom.c b/lib/netrom.c
|
||||||
|
index 6bcde2d..f76811a 100644
|
||||||
|
--- a/lib/netrom.c
|
||||||
|
+++ b/lib/netrom.c
|
||||||
|
@@ -75,7 +75,7 @@ static const char *NETROM_sprint(const struct sockaddr_storage *sasp, int numeri
|
||||||
|
{
|
||||||
|
const struct sockaddr_ax25 *ax25_sap = (const struct sockaddr_ax25 *)sasp;
|
||||||
|
const struct sockaddr *sap = (const struct sockaddr *)sasp;
|
||||||
|
- char buf[64];
|
||||||
|
+ static char buf[64];
|
||||||
|
if (sap->sa_family == 0xFFFF || sap->sa_family == 0)
|
||||||
|
return safe_strncpy(buf, _("[NONE SET]"), sizeof(buf));
|
||||||
|
return NETROM_print(ax25_sap->sax25_call.ax25_call);
|
||||||
|
diff --git a/lib/masq_info.c b/lib/masq_info.c
|
||||||
|
index cbfb2be..4224fe1 100644
|
||||||
|
--- a/lib/masq_info.c
|
||||||
|
+++ b/lib/masq_info.c
|
||||||
|
@@ -105,7 +105,7 @@ static int read_masqinfo(FILE * f, struct masq *mslist, int nmslist)
|
||||||
|
for (nread = 0; nread < nmslist; nread++) {
|
||||||
|
ms = &mslist[nread];
|
||||||
|
if (has_pdelta) {
|
||||||
|
- if ((n = fscanf(f, " %s %"PRIx32":%hX %"PRIx32":%hX %hX %lX %hd %hd %lu",
|
||||||
|
+ if ((n = fscanf(f, " %255s %"PRIx32":%hX %"PRIx32":%hX %hX %lX %hd %hd %lu",
|
||||||
|
buf,
|
||||||
|
&src_addr, &ms->sport,
|
||||||
|
&dst_addr, &ms->dport,
|
||||||
|
@@ -115,7 +115,7 @@ static int read_masqinfo(FILE * f, struct masq *mslist, int nmslist)
|
||||||
|
memcpy(&ms->src.sin_addr.s_addr, &src_addr, 4);
|
||||||
|
memcpy(&ms->dst.sin_addr.s_addr, &dst_addr, 4);
|
||||||
|
} else {
|
||||||
|
- if ((n = fscanf(f, " %s %"PRIx32":%hX %"PRIx32":%hX %hX %lX %hd %lu",
|
||||||
|
+ if ((n = fscanf(f, " %255s %"PRIx32":%hX %"PRIx32":%hX %hX %lX %hd %lu",
|
||||||
|
buf,
|
||||||
|
&src_addr, &ms->sport,
|
||||||
|
&dst_addr, &ms->dport,
|
||||||
|
diff --git a/statistics.c b/statistics.c
|
||||||
|
index 0b5a6f3..469c82e 100644
|
||||||
|
--- a/statistics.c
|
||||||
|
+++ b/statistics.c
|
||||||
|
@@ -571,8 +571,11 @@ int parsesnmp(int flag_raw, int flag_tcp, int flag_udp, int flag_sctp)
|
||||||
|
if (ferror(f)) {
|
||||||
|
perror("/proc/net/sctp/snmp");
|
||||||
|
fclose(f);
|
||||||
|
+ return(1);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
+
|
||||||
|
+ fclose(f);
|
||||||
|
return(0);
|
||||||
|
}
|
||||||
|
|
||||||
|
diff --git a/ifconfig.c b/ifconfig.c
|
||||||
|
index 2b8cbbb..9a64f9a 100644
|
||||||
|
--- a/ifconfig.c
|
||||||
|
+++ b/ifconfig.c
|
||||||
|
@@ -964,12 +964,15 @@ int main(int argc, char **argv)
|
||||||
|
exit(1);
|
||||||
|
}
|
||||||
|
if (ap->input(0, host, &_sa) < 0) {
|
||||||
|
- if (ap->herror)
|
||||||
|
- ap->herror(host);
|
||||||
|
- else
|
||||||
|
- fprintf(stderr,_("ifconfig: error resolving '%s' to set address for af=%s\n"), host, ap->name); fprintf(stderr,
|
||||||
|
- _("ifconfig: `--help' gives usage information.\n")); exit(1);
|
||||||
|
+ if (ap->herror)
|
||||||
|
+ ap->herror(host);
|
||||||
|
+ else
|
||||||
|
+ fprintf(stderr,_("ifconfig: error resolving '%s' to set address for af=%s\n"), host, ap->name);
|
||||||
|
+
|
||||||
|
+ fprintf(stderr, _("ifconfig: `--help' gives usage information.\n"));
|
||||||
|
+ exit(1);
|
||||||
|
}
|
||||||
|
+
|
||||||
|
memcpy(&ifr.ifr_addr, sa, sizeof(struct sockaddr));
|
||||||
|
{
|
||||||
|
int r = 0; /* to shut gcc up */
|
||||||
|
diff --git a/lib/netrom_gr.c b/lib/netrom_gr.c
|
||||||
|
index ec82fe8..bd532fb 100644
|
||||||
|
--- a/lib/netrom_gr.c
|
||||||
|
+++ b/lib/netrom_gr.c
|
||||||
|
@@ -43,8 +43,14 @@ int NETROM_rprint(int options)
|
||||||
|
if (!f2) perror(_PATH_PROCNET_NR_NEIGH);
|
||||||
|
|
||||||
|
if (f1 == NULL || f2 == NULL) {
|
||||||
|
- printf(_("NET/ROM not configured in this system.\n"));
|
||||||
|
- return 1;
|
||||||
|
+ printf(_("NET/ROM not configured in this system.\n"));
|
||||||
|
+ if (f1)
|
||||||
|
+ fclose(f1);
|
||||||
|
+
|
||||||
|
+ if (f2)
|
||||||
|
+ fclose(f2);
|
||||||
|
+
|
||||||
|
+ return 1;
|
||||||
|
}
|
||||||
|
printf(_("Kernel NET/ROM routing table\n"));
|
||||||
|
printf(_("Destination Mnemonic Quality Neighbour Iface\n"));
|
||||||
|
diff --git a/lib/inet_gr.c b/lib/inet_gr.c
|
||||||
|
index b172d65..5dcab82 100644
|
||||||
|
--- a/lib/inet_gr.c
|
||||||
|
+++ b/lib/inet_gr.c
|
||||||
|
@@ -289,27 +289,28 @@ int rprint_cache(int ext, int numeric)
|
||||||
|
|
||||||
|
if (format == 2) {
|
||||||
|
if (ext >= 3)
|
||||||
|
- printf(_("Source Destination Gateway "
|
||||||
|
- "Flags Metric Ref Use Iface "
|
||||||
|
- "MSS Window irtt TOS HHRef HHUptod SpecDst\n"));
|
||||||
|
- fmt = proc_gen_fmt(_PATH_PROCNET_RTCACHE, 0, fp,
|
||||||
|
- "Iface", "%15s",
|
||||||
|
- "Destination", "%127s",
|
||||||
|
- "Gateway", "%127s",
|
||||||
|
- "Flags", "%X",
|
||||||
|
- "RefCnt", "%d",
|
||||||
|
- "Use", "%d",
|
||||||
|
- "Metric", "%d",
|
||||||
|
- "Source", "%127s",
|
||||||
|
- "MTU", "%d",
|
||||||
|
- "Window", "%d",
|
||||||
|
- "IRTT", "%d",
|
||||||
|
- "TOS", "%d",
|
||||||
|
- "HHRef", "%d",
|
||||||
|
- "HHUptod", "%d",
|
||||||
|
- "SpecDst", "%127s",
|
||||||
|
- NULL);
|
||||||
|
- /* "%15s %127s %127s %X %d %d %d %127s %d %d %d %d %d %127s\n" */
|
||||||
|
+ printf(_("Source Destination Gateway "
|
||||||
|
+ "Flags Metric Ref Use Iface "
|
||||||
|
+ "MSS Window irtt TOS HHRef HHUptod SpecDst\n"));
|
||||||
|
+
|
||||||
|
+ fmt = proc_gen_fmt(_PATH_PROCNET_RTCACHE, 0, fp,
|
||||||
|
+ "Iface", "%15s",
|
||||||
|
+ "Destination", "%127s",
|
||||||
|
+ "Gateway", "%127s",
|
||||||
|
+ "Flags", "%X",
|
||||||
|
+ "RefCnt", "%d",
|
||||||
|
+ "Use", "%d",
|
||||||
|
+ "Metric", "%d",
|
||||||
|
+ "Source", "%127s",
|
||||||
|
+ "MTU", "%d",
|
||||||
|
+ "Window", "%d",
|
||||||
|
+ "IRTT", "%d",
|
||||||
|
+ "TOS", "%d",
|
||||||
|
+ "HHRef", "%d",
|
||||||
|
+ "HHUptod", "%d",
|
||||||
|
+ "SpecDst", "%127s",
|
||||||
|
+ NULL);
|
||||||
|
+ /* "%15s %127s %127s %X %d %d %d %127s %d %d %d %d %d %127s\n" */
|
||||||
|
}
|
@ -3,7 +3,7 @@
|
|||||||
Summary: Basic networking tools
|
Summary: Basic networking tools
|
||||||
Name: net-tools
|
Name: net-tools
|
||||||
Version: 2.0
|
Version: 2.0
|
||||||
Release: 0.62.%{checkout}%{?dist}
|
Release: 0.63.%{checkout}%{?dist}
|
||||||
License: GPLv2+
|
License: GPLv2+
|
||||||
URL: http://sourceforge.net/projects/net-tools/
|
URL: http://sourceforge.net/projects/net-tools/
|
||||||
|
|
||||||
@ -38,6 +38,7 @@ Patch23: net-tools-interface-name-len.patch
|
|||||||
Patch24: net-tools-correct-exit-code.patch
|
Patch24: net-tools-correct-exit-code.patch
|
||||||
Patch25: net-tools-spelling-error.patch
|
Patch25: net-tools-spelling-error.patch
|
||||||
Patch26: net-tools-route-inet6-output.patch
|
Patch26: net-tools-route-inet6-output.patch
|
||||||
|
Patch27: net-tools-sast-findings.patch
|
||||||
|
|
||||||
BuildRequires: make
|
BuildRequires: make
|
||||||
BuildRequires: bluez-libs-devel
|
BuildRequires: bluez-libs-devel
|
||||||
@ -74,6 +75,7 @@ cp %SOURCE8 ./man/en_US
|
|||||||
%patch24 -p1 -b .exit-codes
|
%patch24 -p1 -b .exit-codes
|
||||||
%patch25 -p1 -b .spelling
|
%patch25 -p1 -b .spelling
|
||||||
%patch26 -p1 -b .route-inet6
|
%patch26 -p1 -b .route-inet6
|
||||||
|
%patch27 -p1 -b .sast
|
||||||
|
|
||||||
touch ./config.h
|
touch ./config.h
|
||||||
|
|
||||||
@ -146,6 +148,9 @@ install -D -p -m 644 %{SOURCE9} %{buildroot}%{_unitdir}/arp-ethers.service
|
|||||||
%attr(0644,root,root) %{_unitdir}/arp-ethers.service
|
%attr(0644,root,root) %{_unitdir}/arp-ethers.service
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu May 09 2024 Michal Ruprich <mruprich@redhat.com> - 2.0-0.63.20160912git
|
||||||
|
- Resolves: RHEL-31932 - Addressing findings from static application security testing
|
||||||
|
|
||||||
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 2.0-0.62.20160912git
|
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 2.0-0.62.20160912git
|
||||||
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
|
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
|
||||||
Related: rhbz#1991688
|
Related: rhbz#1991688
|
||||||
|
Loading…
Reference in New Issue
Block a user