nftables-0.9.8-5.el9

- src: add xzalloc_array() and use it to allocate the expression hashtable Related: rhbz#1938823
2021-06-15 12:48:14 +02:00 · 2021-06-15 12:48:14 +02:00 · 2b5611ed68
commit 2b5611ed68
parent a2ea441692
2 changed files with 76 additions and 1 deletions
--- a/0014-src-add-xzalloc_array-and-use-it-to-allocate-the-exp.patch
+++ b/0014-src-add-xzalloc_array-and-use-it-to-allocate-the-exp.patch
@ -0,0 +1,71 @@
+From 6509f63cb68ea2dd737f9b52c146803402efcd7a Mon Sep 17 00:00:00 2001
+From: Pablo Neira Ayuso <pablo@netfilter.org>
+Date: Mon, 14 Jun 2021 14:47:47 +0200
+Subject: [PATCH] src: add xzalloc_array() and use it to allocate the
+ expression hashtable
+
+Otherwise, assertion to ensure that no colission occur is hit due to
+uninitialized hashtable memory area:
+
+nft: netlink_delinearize.c:1741: expr_handler_init: Assertion `expr_handle_ht[hash] == NULL' failed.
+
+Fixes: c4058f96c6a5 ("netlink_delinearize: Fix suspicious calloc() call")
+Acked-by: Phil Sutter <phil@nwl.cc>
+Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+(cherry picked from commit b0e7b294224030abc534c396fffcab9fbce12b11)
+Signed-off-by: Phil Sutter <psutter@redhat.com>
+---
+ include/utils.h           |  1 +
+ src/netlink_delinearize.c |  2 +-
+ src/utils.c               | 10 ++++++++++
+ 3 files changed, 12 insertions(+), 1 deletion(-)
+
+diff --git a/include/utils.h b/include/utils.h
+index f45f25132d18d..ffbe2cbb75be5 100644
+--- a/include/utils.h
+++ b/include/utils.h
+@@ -133,6 +133,7 @@ extern void *xmalloc(size_t size);
+ extern void *xmalloc_array(size_t nmemb, size_t size);
+ extern void *xrealloc(void *ptr, size_t size);
+ extern void *xzalloc(size_t size);
+extern void *xzalloc_array(size_t nmemb, size_t size);
+ extern char *xstrdup(const char *s);
+ extern void xstrunescape(const char *in, char *out);
+ 
+diff --git a/src/netlink_delinearize.c b/src/netlink_delinearize.c
+index 152b3e6cf8c65..7665d6f29c602 100644
+--- a/src/netlink_delinearize.c
+++ b/src/netlink_delinearize.c
+@@ -1732,7 +1732,7 @@ void expr_handler_init(void)
+ 	unsigned int i;
+ 	uint32_t hash;
+ 
+-	expr_handle_ht = xmalloc_array(NFT_EXPR_HSIZE,
+	expr_handle_ht = xzalloc_array(NFT_EXPR_HSIZE,
+ 				       sizeof(expr_handle_ht[0]));
+ 
+ 	for (i = 0; i < array_size(netlink_parsers); i++) {
+diff --git a/src/utils.c b/src/utils.c
+index 47f5b791547b1..925841c571f5d 100644
+--- a/src/utils.c
+++ b/src/utils.c
+@@ -50,6 +50,16 @@ void *xmalloc_array(size_t nmemb, size_t size)
+ 	return xmalloc(nmemb * size);
+ }
+ 
+void *xzalloc_array(size_t nmemb, size_t size)
+{
+	void *ptr;
+
+	ptr = xmalloc_array(nmemb, size);
+	memset(ptr, 0, nmemb * size);
+
+	return ptr;
+}
+
+ void *xrealloc(void *ptr, size_t size)
+ {
+ 	ptr = realloc(ptr, size);
+-- 
+2.31.1
+
--- a/nftables.spec
+++ b/nftables.spec
@ -1,6 +1,6 @@
 Name:           nftables
 Version:        0.9.8
-Release:        4%{?dist}
+Release:        5%{?dist}
 # Upstream released a 0.100 version, then 0.4. Need Epoch to get back on track.
 Epoch:          1
 Summary:        Netfilter Tables userspace utillites
@ -27,6 +27,7 @@ Patch10: 0010-netlink-Avoid-memleak-in-error-path-of-netlink_delin.patch
 Patch11: 0011-netlink-Avoid-memleak-in-error-path-of-netlink_delin.patch
 Patch12: 0012-netlink_delinearize-Fix-suspicious-calloc-call.patch
 Patch13: 0013-rule-Fix-for-potential-off-by-one-in-cmd_add_loc.patch
+patch14: 0014-src-add-xzalloc_array-and-use-it-to-allocate-the-exp.patch

 #BuildRequires: autogen
 #BuildRequires: autoconf
@ -136,6 +137,9 @@ sed -i -e 's/\(sofile=\)".*"/\1"'$sofile'"/' \
 %{python3_sitelib}/nftables/

 %changelog
+* Tue Jun 15 2021 Phil Sutter <psutter@redhat.com> - 1:0.9.8-5
+- src: add xzalloc_array() and use it to allocate the expression hashtable
+
 * Mon Jun 14 2021 Phil Sutter <psutter@redhat.com> - 1:0.9.8-4
 - Install an improved sample config
 - Fix permissions of osf-related configs