import nftables-1.0.4-10.el9_1
This commit is contained in:
parent
6cbae1f4a9
commit
0539347fbb
@ -0,0 +1,44 @@
|
||||
From d6087e02d9f25bba362db0af16355ee3be4e450a Mon Sep 17 00:00:00 2001
|
||||
From: Phil Sutter <psutter@redhat.com>
|
||||
Date: Tue, 21 Feb 2023 19:50:40 +0100
|
||||
Subject: [PATCH] owner: Fix potential array out of bounds access
|
||||
|
||||
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2160049
|
||||
Upstream Status: nftables commit 9967911e3dabb
|
||||
|
||||
commit 9967911e3dabb32901617e81e56602af3b37287f
|
||||
Author: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||
Date: Wed Dec 21 17:37:46 2022 +0100
|
||||
|
||||
owner: Fix potential array out of bounds access
|
||||
|
||||
If the link target length exceeds 'sizeof(tmp)' bytes, readlink() will
|
||||
return 'sizeof(tmp)'. Using this value as index is illegal.
|
||||
|
||||
Original update from Phil, for the conntrack-tools tree, which also has
|
||||
a copy of this function.
|
||||
|
||||
Fixes: 6d085b22a8b5 ("table: support for the table owner flag")
|
||||
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||
|
||||
Signed-off-by: Phil Sutter <psutter@redhat.com>
|
||||
---
|
||||
src/owner.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/owner.c b/src/owner.c
|
||||
index 2d98a2e..20bed38 100644
|
||||
--- a/src/owner.c
|
||||
+++ b/src/owner.c
|
||||
@@ -66,7 +66,7 @@ static char *portid2name(pid_t pid, uint32_t portid, unsigned long inode)
|
||||
continue;
|
||||
|
||||
rl = readlink(procname, tmp, sizeof(tmp));
|
||||
- if (rl <= 0 || rl > (ssize_t)sizeof(tmp))
|
||||
+ if (rl <= 0 || rl >= (ssize_t)sizeof(tmp))
|
||||
continue;
|
||||
|
||||
tmp[rl] = 0;
|
||||
--
|
||||
2.39.2
|
||||
|
@ -0,0 +1,57 @@
|
||||
From 92f540141ca5aa1cc5070ea383c2eabf3206b86e Mon Sep 17 00:00:00 2001
|
||||
From: Phil Sutter <psutter@redhat.com>
|
||||
Date: Tue, 21 Feb 2023 19:50:41 +0100
|
||||
Subject: [PATCH] mnl: dump_nf_hooks() leaks memory in error path
|
||||
|
||||
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2160049
|
||||
Upstream Status: nftables commit ef66f321e49b3
|
||||
|
||||
commit ef66f321e49b337c7e678bb90d6acb94f331dfc4
|
||||
Author: Phil Sutter <phil@nwl.cc>
|
||||
Date: Wed Jan 11 12:28:15 2023 +0100
|
||||
|
||||
mnl: dump_nf_hooks() leaks memory in error path
|
||||
|
||||
Have to free the basehook object before returning to caller.
|
||||
|
||||
Fixes: 4694f7230195b ("src: add support for base hook dumping")
|
||||
Signed-off-by: Phil Sutter <phil@nwl.cc>
|
||||
|
||||
Signed-off-by: Phil Sutter <psutter@redhat.com>
|
||||
---
|
||||
src/mnl.c | 11 +++++++++--
|
||||
1 file changed, 9 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/src/mnl.c b/src/mnl.c
|
||||
index 7dd77be..269d3f1 100644
|
||||
--- a/src/mnl.c
|
||||
+++ b/src/mnl.c
|
||||
@@ -2211,16 +2211,23 @@ static int dump_nf_hooks(const struct nlmsghdr *nlh, void *_data)
|
||||
struct nlattr *nested[NFNLA_HOOK_INFO_MAX + 1] = {};
|
||||
uint32_t type;
|
||||
|
||||
- if (mnl_attr_parse_nested(tb[NFNLA_HOOK_CHAIN_INFO], dump_nf_chain_info_cb, nested) < 0)
|
||||
+ if (mnl_attr_parse_nested(tb[NFNLA_HOOK_CHAIN_INFO],
|
||||
+ dump_nf_chain_info_cb, nested) < 0) {
|
||||
+ basehook_free(hook);
|
||||
return -1;
|
||||
+ }
|
||||
|
||||
type = ntohl(mnl_attr_get_u32(nested[NFNLA_HOOK_INFO_TYPE]));
|
||||
if (type == NFNL_HOOK_TYPE_NFTABLES) {
|
||||
struct nlattr *info[NFNLA_CHAIN_MAX + 1] = {};
|
||||
const char *tablename, *chainname;
|
||||
|
||||
- if (mnl_attr_parse_nested(nested[NFNLA_HOOK_INFO_DESC], dump_nf_attr_chain_cb, info) < 0)
|
||||
+ if (mnl_attr_parse_nested(nested[NFNLA_HOOK_INFO_DESC],
|
||||
+ dump_nf_attr_chain_cb,
|
||||
+ info) < 0) {
|
||||
+ basehook_free(hook);
|
||||
return -1;
|
||||
+ }
|
||||
|
||||
tablename = mnl_attr_get_str(info[NFNLA_CHAIN_TABLE]);
|
||||
chainname = mnl_attr_get_str(info[NFNLA_CHAIN_NAME]);
|
||||
--
|
||||
2.39.2
|
||||
|
41
SOURCES/0027-meta-parse_iso_date-returns-boolean.patch
Normal file
41
SOURCES/0027-meta-parse_iso_date-returns-boolean.patch
Normal file
@ -0,0 +1,41 @@
|
||||
From dc8cd3f9cc5ad2eddba03bad86ce975d28513534 Mon Sep 17 00:00:00 2001
|
||||
From: Phil Sutter <psutter@redhat.com>
|
||||
Date: Tue, 21 Feb 2023 19:50:41 +0100
|
||||
Subject: [PATCH] meta: parse_iso_date() returns boolean
|
||||
|
||||
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2160049
|
||||
Upstream Status: nftables commit db6e97bd667bf
|
||||
|
||||
commit db6e97bd667bf205cee22049f9d0fd6550cb43a7
|
||||
Author: Phil Sutter <phil@nwl.cc>
|
||||
Date: Wed Jan 11 11:26:41 2023 +0100
|
||||
|
||||
meta: parse_iso_date() returns boolean
|
||||
|
||||
Returning ts if 'ts == (time_t) -1' signals success to caller despite
|
||||
failure.
|
||||
|
||||
Fixes: 4460b839b945a ("meta: fix compiler warning in date_type_parse()")
|
||||
Signed-off-by: Phil Sutter <phil@nwl.cc>
|
||||
|
||||
Signed-off-by: Phil Sutter <psutter@redhat.com>
|
||||
---
|
||||
src/meta.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/meta.c b/src/meta.c
|
||||
index 80ace25..73bd1c4 100644
|
||||
--- a/src/meta.c
|
||||
+++ b/src/meta.c
|
||||
@@ -433,7 +433,7 @@ success:
|
||||
cur_tm = localtime(&ts);
|
||||
|
||||
if (ts == (time_t) -1 || cur_tm == NULL)
|
||||
- return ts;
|
||||
+ return false;
|
||||
|
||||
/* Substract tm_gmtoff to get the current time */
|
||||
*tstamp = ts - cur_tm->tm_gmtoff;
|
||||
--
|
||||
2.39.2
|
||||
|
@ -0,0 +1,44 @@
|
||||
From 8bb864ad6586da7767cf4b90b75e62cd7324859d Mon Sep 17 00:00:00 2001
|
||||
From: Phil Sutter <psutter@redhat.com>
|
||||
Date: Tue, 21 Feb 2023 19:50:41 +0100
|
||||
Subject: [PATCH] netlink: Fix for potential NULL-pointer deref
|
||||
|
||||
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2160049
|
||||
Upstream Status: nftables commit 927d5674e7bf6
|
||||
|
||||
commit 927d5674e7bf656428f97c54c9171006e8c3c75e
|
||||
Author: Phil Sutter <phil@nwl.cc>
|
||||
Date: Tue Jan 10 22:36:58 2023 +0100
|
||||
|
||||
netlink: Fix for potential NULL-pointer deref
|
||||
|
||||
If memory allocation fails, calloc() returns NULL which was not checked
|
||||
for. The code seems to expect zero array size though, so simply
|
||||
replacing this call by one of the x*calloc() ones won't work. So guard
|
||||
the call also by a check for 'len'.
|
||||
|
||||
Fixes: db0697ce7f602 ("src: support for flowtable listing")
|
||||
Signed-off-by: Phil Sutter <phil@nwl.cc>
|
||||
|
||||
Signed-off-by: Phil Sutter <psutter@redhat.com>
|
||||
---
|
||||
src/netlink.c | 3 ++-
|
||||
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/netlink.c b/src/netlink.c
|
||||
index 799cf9b..dee1732 100644
|
||||
--- a/src/netlink.c
|
||||
+++ b/src/netlink.c
|
||||
@@ -1700,7 +1700,8 @@ netlink_delinearize_flowtable(struct netlink_ctx *ctx,
|
||||
while (dev_array[len])
|
||||
len++;
|
||||
|
||||
- flowtable->dev_array = calloc(1, len * sizeof(char *));
|
||||
+ if (len)
|
||||
+ flowtable->dev_array = xmalloc(len * sizeof(char *));
|
||||
for (i = 0; i < len; i++)
|
||||
flowtable->dev_array[i] = xstrdup(dev_array[i]);
|
||||
|
||||
--
|
||||
2.39.2
|
||||
|
42
SOURCES/0029-optimize-Do-not-return-garbage-from-stack.patch
Normal file
42
SOURCES/0029-optimize-Do-not-return-garbage-from-stack.patch
Normal file
@ -0,0 +1,42 @@
|
||||
From 9b3e5589c5e1b6ced176ce33f59774a3b1d28c36 Mon Sep 17 00:00:00 2001
|
||||
From: Phil Sutter <psutter@redhat.com>
|
||||
Date: Tue, 21 Feb 2023 19:50:41 +0100
|
||||
Subject: [PATCH] optimize: Do not return garbage from stack
|
||||
|
||||
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2160049
|
||||
Upstream Status: nftables commit d4d47e5bdf943
|
||||
|
||||
commit d4d47e5bdf943be494aeb5d5a29b8f5212acbddf
|
||||
Author: Phil Sutter <phil@nwl.cc>
|
||||
Date: Fri Jan 13 17:09:53 2023 +0100
|
||||
|
||||
optimize: Do not return garbage from stack
|
||||
|
||||
If input does not contain a single 'add' command (unusual, but
|
||||
possible), 'ret' value was not initialized by nft_optimize() before
|
||||
returning its value.
|
||||
|
||||
Fixes: fb298877ece27 ("src: add ruleset optimization infrastructure")
|
||||
Signed-off-by: Phil Sutter <phil@nwl.cc>
|
||||
|
||||
Signed-off-by: Phil Sutter <psutter@redhat.com>
|
||||
---
|
||||
src/optimize.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/optimize.c b/src/optimize.c
|
||||
index 3a3049d..6514cbb 100644
|
||||
--- a/src/optimize.c
|
||||
+++ b/src/optimize.c
|
||||
@@ -1017,7 +1017,7 @@ static int cmd_optimize(struct nft_ctx *nft, struct cmd *cmd)
|
||||
int nft_optimize(struct nft_ctx *nft, struct list_head *cmds)
|
||||
{
|
||||
struct cmd *cmd;
|
||||
- int ret;
|
||||
+ int ret = 0;
|
||||
|
||||
list_for_each_entry(cmd, cmds, list) {
|
||||
switch (cmd->op) {
|
||||
--
|
||||
2.39.2
|
||||
|
@ -0,0 +1,51 @@
|
||||
From 9a41628f4206efe645f5a058a7d71a4503b5869a Mon Sep 17 00:00:00 2001
|
||||
From: Phil Sutter <psutter@redhat.com>
|
||||
Date: Tue, 21 Feb 2023 19:50:41 +0100
|
||||
Subject: [PATCH] optimize: Clarify chain_optimize() array allocations
|
||||
|
||||
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2160049
|
||||
Upstream Status: nftables commit b83a0416cdc88
|
||||
|
||||
commit b83a0416cdc881c6ac35739cd858e4fe5fb2e04f
|
||||
Author: Phil Sutter <phil@nwl.cc>
|
||||
Date: Tue Jan 10 22:13:44 2023 +0100
|
||||
|
||||
optimize: Clarify chain_optimize() array allocations
|
||||
|
||||
Arguments passed to sizeof() where deemed suspicious by covscan due to
|
||||
the different type. Consistently specify size of an array 'a' using
|
||||
'sizeof(*a) * nmemb'.
|
||||
|
||||
For the statement arrays in stmt_matrix, even use xzalloc_array() since
|
||||
the item count is fixed and therefore can't be zero.
|
||||
|
||||
Fixes: fb298877ece27 ("src: add ruleset optimization infrastructure")
|
||||
Signed-off-by: Phil Sutter <phil@nwl.cc>
|
||||
|
||||
Signed-off-by: Phil Sutter <psutter@redhat.com>
|
||||
---
|
||||
src/optimize.c | 7 ++++---
|
||||
1 file changed, 4 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/src/optimize.c b/src/optimize.c
|
||||
index 6514cbb..baa6abc 100644
|
||||
--- a/src/optimize.c
|
||||
+++ b/src/optimize.c
|
||||
@@ -918,10 +918,11 @@ static int chain_optimize(struct nft_ctx *nft, struct list_head *rules)
|
||||
ctx->num_rules++;
|
||||
}
|
||||
|
||||
- ctx->rule = xzalloc(sizeof(ctx->rule) * ctx->num_rules);
|
||||
- ctx->stmt_matrix = xzalloc(sizeof(struct stmt *) * ctx->num_rules);
|
||||
+ ctx->rule = xzalloc(sizeof(*ctx->rule) * ctx->num_rules);
|
||||
+ ctx->stmt_matrix = xzalloc(sizeof(*ctx->stmt_matrix) * ctx->num_rules);
|
||||
for (i = 0; i < ctx->num_rules; i++)
|
||||
- ctx->stmt_matrix[i] = xzalloc(sizeof(struct stmt *) * MAX_STMTS);
|
||||
+ ctx->stmt_matrix[i] = xzalloc_array(MAX_STMTS,
|
||||
+ sizeof(**ctx->stmt_matrix));
|
||||
|
||||
merge = xzalloc(sizeof(*merge) * ctx->num_rules);
|
||||
|
||||
--
|
||||
2.39.2
|
||||
|
@ -0,0 +1,42 @@
|
||||
From 05407602f79391e89e57ef5c4a1a0aea720855e2 Mon Sep 17 00:00:00 2001
|
||||
From: Phil Sutter <psutter@redhat.com>
|
||||
Date: Tue, 21 Feb 2023 19:50:41 +0100
|
||||
Subject: [PATCH] netlink_delinearize: Sanitize concat data element decoding
|
||||
|
||||
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2160049
|
||||
Upstream Status: nftables commit 1344d9e53ba4d
|
||||
|
||||
commit 1344d9e53ba4d67cedd13a2c76a970fc7ce65683
|
||||
Author: Phil Sutter <phil@nwl.cc>
|
||||
Date: Tue Feb 21 18:36:01 2023 +0100
|
||||
|
||||
netlink_delinearize: Sanitize concat data element decoding
|
||||
|
||||
The call to netlink_get_register() might return NULL, catch this before
|
||||
dereferencing the pointer.
|
||||
|
||||
Fixes: db59a5c1204c9 ("netlink_delinearize: fix decoding of concat data element")
|
||||
Signed-off-by: Phil Sutter <phil@nwl.cc>
|
||||
Acked-by: Florian Westphal <fw@strlen.de>
|
||||
|
||||
Signed-off-by: Phil Sutter <psutter@redhat.com>
|
||||
---
|
||||
src/netlink_delinearize.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/netlink_delinearize.c b/src/netlink_delinearize.c
|
||||
index e9e0845..cadb8ec 100644
|
||||
--- a/src/netlink_delinearize.c
|
||||
+++ b/src/netlink_delinearize.c
|
||||
@@ -1660,7 +1660,7 @@ static void netlink_parse_dynset(struct netlink_parse_ctx *ctx,
|
||||
sreg_data = netlink_parse_register(nle, NFTNL_EXPR_DYNSET_SREG_DATA);
|
||||
expr_data = netlink_get_register(ctx, loc, sreg_data);
|
||||
|
||||
- if (expr_data->len < set->data->len) {
|
||||
+ if (expr_data && expr_data->len < set->data->len) {
|
||||
expr_free(expr_data);
|
||||
expr_data = netlink_parse_concat_expr(ctx, loc, sreg_data, set->data->len);
|
||||
if (expr_data == NULL)
|
||||
--
|
||||
2.39.2
|
||||
|
@ -1,5 +1,5 @@
|
||||
%define rpmversion 1.0.4
|
||||
%define specrelease 9
|
||||
%define specrelease 10
|
||||
|
||||
Name: nftables
|
||||
Version: %{rpmversion}
|
||||
@ -43,6 +43,13 @@ Patch21: 0021-monitor-Sanitize-startup-race-condition.patch
|
||||
Patch22: 0022-netlink_delinearize-fix-decoding-of-concat-data-elem.patch
|
||||
Patch23: 0023-netlink_linearize-fix-timeout-with-map-updates.patch
|
||||
Patch24: 0024-tests-add-a-test-case-for-map-update-from-packet-pat.patch
|
||||
Patch25: 0025-owner-Fix-potential-array-out-of-bounds-access.patch
|
||||
Patch26: 0026-mnl-dump_nf_hooks-leaks-memory-in-error-path.patch
|
||||
Patch27: 0027-meta-parse_iso_date-returns-boolean.patch
|
||||
Patch28: 0028-netlink-Fix-for-potential-NULL-pointer-deref.patch
|
||||
Patch29: 0029-optimize-Do-not-return-garbage-from-stack.patch
|
||||
Patch30: 0030-optimize-Clarify-chain_optimize-array-allocations.patch
|
||||
Patch31: 0031-netlink_delinearize-Sanitize-concat-data-element-dec.patch
|
||||
|
||||
BuildRequires: autoconf
|
||||
BuildRequires: automake
|
||||
@ -154,6 +161,15 @@ sed -i -e 's/\(sofile=\)".*"/\1"'$sofile'"/' \
|
||||
%{python3_sitelib}/nftables/
|
||||
|
||||
%changelog
|
||||
* Tue Feb 21 2023 Phil Sutter <psutter@redhat.com> [1.0.4-10.el9]
|
||||
- netlink_delinearize: Sanitize concat data element decoding (Phil Sutter) [2160049]
|
||||
- optimize: Clarify chain_optimize() array allocations (Phil Sutter) [2160049]
|
||||
- optimize: Do not return garbage from stack (Phil Sutter) [2160049]
|
||||
- netlink: Fix for potential NULL-pointer deref (Phil Sutter) [2160049]
|
||||
- meta: parse_iso_date() returns boolean (Phil Sutter) [2160049]
|
||||
- mnl: dump_nf_hooks() leaks memory in error path (Phil Sutter) [2160049]
|
||||
- owner: Fix potential array out of bounds access (Phil Sutter) [2160049]
|
||||
|
||||
* Fri Feb 17 2023 Phil Sutter <psutter@redhat.com> [1.0.4-9.el9]
|
||||
- tests: add a test case for map update from packet path with concat (Phil Sutter) [2094894]
|
||||
- netlink_linearize: fix timeout with map updates (Phil Sutter) [2094894]
|
||||
|
Loading…
Reference in New Issue
Block a user