From c5efc0c41eb01d0c02d1167eecb99bba8f7d9e12 Mon Sep 17 00:00:00 2001 From: Bill O'Donnell Date: Wed, 26 Jun 2024 09:43:16 -0500 Subject: [PATCH] Fix various Coverity issues. Resolves: RHEL-32996 Following is the patch list: xfsprogs-6.5.0-xfs_db.xfs.8-xfs_db-fix-leak-in-flist_find_ftyp.patch xfsprogs-6.5.0-xfs_repair.xfs.8-xfs_repair-make-duration-take-time_t.patch xfsprogs-6.5.0-xfs_repair.xfs.8-xfs_scrub-don-t-call-phase_end-if-phase_rusage-was-n.patch xfsprogs-6.5.0-xfs_fsr.xfs.8-xfs_fsr-convert-fsrallfs-to-use-time_t-instead-of-in.patch xfsprogs-6.5.0-xfs_fsr.xfs.8-xfs_fsr-replace-atoi-with-strtol.patch xfsprogs-6.5.0-xfs_db.xfs.8-xfs_db-add-helper-for-flist_find_type-for-clearer-fi.patch xfsprogs-6.5.0-xfs_repair.xfs.8-xfs_repair-catch-strtol-errors.patch xfsprogs-rhelonly-xfs_db-fix-unitialized-variable-in-check_parents-function.patch Signed-off-by: Bill O'Donnell --- ...r-for-flist_find_type-for-clearer-fi.patch | 102 ++++++++++++++ ...8-xfs_db-fix-leak-in-flist_find_ftyp.patch | 35 +++++ ...fsrallfs-to-use-time_t-instead-of-in.patch | 56 ++++++++ ...s.8-xfs_fsr-replace-atoi-with-strtol.patch | 64 +++++++++ ...xfs.8-xfs_repair-catch-strtol-errors.patch | 129 ++++++++++++++++++ ...xfs_repair-make-duration-take-time_t.patch | 110 +++++++++++++++ ...call-phase_end-if-phase_rusage-was-n.patch | 43 ++++++ ...d-variable-in-check_parents-function.patch | 25 ++++ xfsprogs.spec | 23 +++- 9 files changed, 586 insertions(+), 1 deletion(-) create mode 100644 xfsprogs-6.5.0-xfs_db.xfs.8-xfs_db-add-helper-for-flist_find_type-for-clearer-fi.patch create mode 100644 xfsprogs-6.5.0-xfs_db.xfs.8-xfs_db-fix-leak-in-flist_find_ftyp.patch create mode 100644 xfsprogs-6.5.0-xfs_fsr.xfs.8-xfs_fsr-convert-fsrallfs-to-use-time_t-instead-of-in.patch create mode 100644 xfsprogs-6.5.0-xfs_fsr.xfs.8-xfs_fsr-replace-atoi-with-strtol.patch create mode 100644 xfsprogs-6.5.0-xfs_repair.xfs.8-xfs_repair-catch-strtol-errors.patch create mode 100644 xfsprogs-6.5.0-xfs_repair.xfs.8-xfs_repair-make-duration-take-time_t.patch create mode 100644 xfsprogs-6.5.0-xfs_repair.xfs.8-xfs_scrub-don-t-call-phase_end-if-phase_rusage-was-n.patch create mode 100644 xfsprogs-rhelonly-xfs_db-fix-unitialized-variable-in-check_parents-function.patch diff --git a/xfsprogs-6.5.0-xfs_db.xfs.8-xfs_db-add-helper-for-flist_find_type-for-clearer-fi.patch b/xfsprogs-6.5.0-xfs_db.xfs.8-xfs_db-add-helper-for-flist_find_type-for-clearer-fi.patch new file mode 100644 index 0000000..301b4b2 --- /dev/null +++ b/xfsprogs-6.5.0-xfs_db.xfs.8-xfs_db-add-helper-for-flist_find_type-for-clearer-fi.patch @@ -0,0 +1,102 @@ +From a21daa3a739194b929de644779c359949390d467 Mon Sep 17 00:00:00 2001 +From: Andrey Albershteyn +Date: Wed, 17 Apr 2024 18:19:30 +0200 +Subject: [PATCH] xfs_db: add helper for flist_find_type for clearer field + matching + +Make flist_find_type() more readable by unloading field type +matching to the helper. + +Signed-off-by: Andrey Albershteyn +Reviewed-by: Darrick J. Wong +Reviewed-by: Christoph Hellwig +--- + db/flist.c | 60 ++++++++++++++++++++++++++++++++++-------------------- + 1 file changed, 38 insertions(+), 22 deletions(-) + +diff --git a/db/flist.c b/db/flist.c +index 0a6cc5fc..ab0a0f13 100644 +--- a/db/flist.c ++++ b/db/flist.c +@@ -400,6 +400,40 @@ flist_split( + return v; + } + ++static flist_t * ++flist_field_match( ++ const field_t *field, ++ fldt_t type, ++ void *obj, ++ int startoff) ++{ ++ flist_t *fl; ++ int count; ++ const ftattr_t *fa; ++ flist_t *nfl; ++ ++ fl = flist_make(field->name); ++ fl->fld = field; ++ if (field->ftyp == type) ++ return fl; ++ count = fcount(field, obj, startoff); ++ if (!count) ++ goto out; ++ fa = &ftattrtab[field->ftyp]; ++ if (!fa->subfld) ++ goto out; ++ ++ nfl = flist_find_ftyp(fa->subfld, type, obj, startoff); ++ if (nfl) { ++ fl->child = nfl; ++ return fl; ++ } ++ ++out: ++ flist_free(fl); ++ return NULL; ++} ++ + /* + * Given a set of fields, scan for a field of the given type. + * Return an flist leading to the first found field +@@ -413,33 +447,15 @@ flist_find_ftyp( + void *obj, + int startoff) + { +- flist_t *fl; + const field_t *f; +- int count; +- const ftattr_t *fa; ++ flist_t *fl; + + for (f = fields; f->name; f++) { +- fl = flist_make(f->name); +- fl->fld = f; +- if (f->ftyp == type) ++ fl = flist_field_match(f, type, obj, startoff); ++ if (fl) + return fl; +- count = fcount(f, obj, startoff); +- if (!count) { +- flist_free(fl); +- continue; +- } +- fa = &ftattrtab[f->ftyp]; +- if (fa->subfld) { +- flist_t *nfl; +- +- nfl = flist_find_ftyp(fa->subfld, type, obj, startoff); +- if (nfl) { +- fl->child = nfl; +- return fl; +- } +- } +- flist_free(fl); + } ++ + return NULL; + } + +-- +2.45.2 + diff --git a/xfsprogs-6.5.0-xfs_db.xfs.8-xfs_db-fix-leak-in-flist_find_ftyp.patch b/xfsprogs-6.5.0-xfs_db.xfs.8-xfs_db-fix-leak-in-flist_find_ftyp.patch new file mode 100644 index 0000000..5d6bfd6 --- /dev/null +++ b/xfsprogs-6.5.0-xfs_db.xfs.8-xfs_db-fix-leak-in-flist_find_ftyp.patch @@ -0,0 +1,35 @@ +From 21dc682a3842eb7e4c79f7e511d840e708d7e757 Mon Sep 17 00:00:00 2001 +From: Andrey Albershteyn +Date: Tue, 23 Apr 2024 14:36:14 +0200 +Subject: [PATCH] xfs_db: fix leak in flist_find_ftyp() + +When count is zero fl reference is lost. Fix it by freeing the list. + +Fixes: a0d79cb37a36 ("xfs_db: make flist_find_ftyp() to check for field existance on disk") +Reviewed-by: Darrick J. Wong +Reviewed-by: Bill O'Donnell +Reviewed-by: Christoph Hellwig +Signed-off-by: Andrey Albershteyn +--- + db/flist.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/db/flist.c b/db/flist.c +index c81d229a..0a6cc5fc 100644 +--- a/db/flist.c ++++ b/db/flist.c +@@ -424,8 +424,10 @@ flist_find_ftyp( + if (f->ftyp == type) + return fl; + count = fcount(f, obj, startoff); +- if (!count) ++ if (!count) { ++ flist_free(fl); + continue; ++ } + fa = &ftattrtab[f->ftyp]; + if (fa->subfld) { + flist_t *nfl; +-- +2.45.2 + diff --git a/xfsprogs-6.5.0-xfs_fsr.xfs.8-xfs_fsr-convert-fsrallfs-to-use-time_t-instead-of-in.patch b/xfsprogs-6.5.0-xfs_fsr.xfs.8-xfs_fsr-convert-fsrallfs-to-use-time_t-instead-of-in.patch new file mode 100644 index 0000000..5de1cda --- /dev/null +++ b/xfsprogs-6.5.0-xfs_fsr.xfs.8-xfs_fsr-convert-fsrallfs-to-use-time_t-instead-of-in.patch @@ -0,0 +1,56 @@ +From 9c6e9d8de2d236f630efdd6fddb6277e8664989b Mon Sep 17 00:00:00 2001 +From: Andrey Albershteyn +Date: Tue, 23 Apr 2024 14:36:17 +0200 +Subject: [PATCH] xfs_fsr: convert fsrallfs to use time_t instead of int + +Convert howlong argument to a time_t as it's truncated to int, but in +practice this is not an issue as duration will never be this big. + +Add check for howlong to fit into int (printf can use int format +specifier). Even longer interval doesn't make much sense. + +Reviewed-by: Darrick J. Wong +Reviewed-by: Christoph Hellwig +Signed-off-by: Andrey Albershteyn +--- + fsr/xfs_fsr.c | 10 ++++++++-- + 1 file changed, 8 insertions(+), 2 deletions(-) + +diff --git a/fsr/xfs_fsr.c b/fsr/xfs_fsr.c +index 3077d8f4..02d61ef9 100644 +--- a/fsr/xfs_fsr.c ++++ b/fsr/xfs_fsr.c +@@ -72,7 +72,7 @@ static int packfile(char *fname, char *tname, int fd, + static void fsrdir(char *dirname); + static int fsrfs(char *mntdir, xfs_ino_t ino, int targetrange); + static void initallfs(char *mtab); +-static void fsrallfs(char *mtab, int howlong, char *leftofffile); ++static void fsrallfs(char *mtab, time_t howlong, char *leftofffile); + static void fsrall_cleanup(int timeout); + static int getnextents(int); + int xfsrtextsize(int fd); +@@ -165,6 +165,12 @@ main(int argc, char **argv) + break; + case 't': + howlong = atoi(optarg); ++ if (howlong > INT_MAX) { ++ fprintf(stderr, ++ _("%s: the maximum runtime is %d seconds.\n"), ++ optarg, INT_MAX); ++ exit(1); ++ } + break; + case 'f': + leftofffile = optarg; +@@ -387,7 +393,7 @@ initallfs(char *mtab) + } + + static void +-fsrallfs(char *mtab, int howlong, char *leftofffile) ++fsrallfs(char *mtab, time_t howlong, char *leftofffile) + { + int fd; + int error; +-- +2.45.2 + diff --git a/xfsprogs-6.5.0-xfs_fsr.xfs.8-xfs_fsr-replace-atoi-with-strtol.patch b/xfsprogs-6.5.0-xfs_fsr.xfs.8-xfs_fsr-replace-atoi-with-strtol.patch new file mode 100644 index 0000000..1b9586c --- /dev/null +++ b/xfsprogs-6.5.0-xfs_fsr.xfs.8-xfs_fsr-replace-atoi-with-strtol.patch @@ -0,0 +1,64 @@ +From 652f8066b7ca7dc1e08c2c40cdd9ba593a9de568 Mon Sep 17 00:00:00 2001 +From: Andrey Albershteyn +Date: Wed, 17 Apr 2024 18:19:29 +0200 +Subject: [PATCH] xfs_fsr: replace atoi() with strtol() + +Replace atoi() which silently fails with strtol() and report the +error. + +Signed-off-by: Andrey Albershteyn +Reviewed-by: Darrick J. Wong +Reviewed-by: Christoph Hellwig +--- + fsr/xfs_fsr.c | 26 +++++++++++++++++++++++--- + 1 file changed, 23 insertions(+), 3 deletions(-) + +diff --git a/fsr/xfs_fsr.c b/fsr/xfs_fsr.c +index 02d61ef9..fdd37756 100644 +--- a/fsr/xfs_fsr.c ++++ b/fsr/xfs_fsr.c +@@ -164,7 +164,13 @@ main(int argc, char **argv) + usage(1); + break; + case 't': +- howlong = atoi(optarg); ++ errno = 0; ++ howlong = strtol(optarg, NULL, 10); ++ if (errno) { ++ fprintf(stderr, _("%s: invalid runtime: %s\n"), ++ optarg, strerror(errno)); ++ exit(1); ++ } + if (howlong > INT_MAX) { + fprintf(stderr, + _("%s: the maximum runtime is %d seconds.\n"), +@@ -179,10 +185,24 @@ main(int argc, char **argv) + mtab = optarg; + break; + case 'b': +- argv_blksz_dio = atoi(optarg); ++ errno = 0; ++ argv_blksz_dio = strtol(optarg, NULL, 10); ++ if (errno) { ++ fprintf(stderr, ++ _("%s: invalid block size: %s\n"), ++ optarg, strerror(errno)); ++ exit(1); ++ } + break; + case 'p': +- npasses = atoi(optarg); ++ errno = 0; ++ npasses = strtol(optarg, NULL, 10); ++ if (errno) { ++ fprintf(stderr, ++ _("%s: invalid number of passes: %s\n"), ++ optarg, strerror(errno)); ++ exit(1); ++ } + break; + case 'C': + /* Testing opt: coerses frag count in result */ +-- +2.45.2 + diff --git a/xfsprogs-6.5.0-xfs_repair.xfs.8-xfs_repair-catch-strtol-errors.patch b/xfsprogs-6.5.0-xfs_repair.xfs.8-xfs_repair-catch-strtol-errors.patch new file mode 100644 index 0000000..6b60d48 --- /dev/null +++ b/xfsprogs-6.5.0-xfs_repair.xfs.8-xfs_repair-catch-strtol-errors.patch @@ -0,0 +1,129 @@ +From d03b73d240dc7f5b4c02700c79c2c4eeeb94b08b Mon Sep 17 00:00:00 2001 +From: Andrey Albershteyn +Date: Wed, 17 Apr 2024 18:19:31 +0200 +Subject: [PATCH] xfs_repair: catch strtol() errors + +strtol() sets errno if string parsing. Abort and tell user which +parameter is wrong. + +Signed-off-by: Andrey Albershteyn +Reviewed-by: Darrick J. Wong +Reviewed-by: Christoph Hellwig +--- + repair/xfs_repair.c | 40 +++++++++++++++++++++++++++++++++++++++- + 1 file changed, 39 insertions(+), 1 deletion(-) + +diff --git a/repair/xfs_repair.c b/repair/xfs_repair.c +index 2ceea87d..2fc89dac 100644 +--- a/repair/xfs_repair.c ++++ b/repair/xfs_repair.c +@@ -252,14 +252,22 @@ process_args(int argc, char **argv) + if (!val) + do_abort( + _("-o bhash requires a parameter\n")); ++ errno = 0; + libxfs_bhash_size = (int)strtol(val, NULL, 0); ++ if (errno) ++ do_abort( ++ _("-o bhash invalid parameter: %s\n"), strerror(errno)); + bhash_option_used = 1; + break; + case AG_STRIDE: + if (!val) + do_abort( + _("-o ag_stride requires a parameter\n")); ++ errno = 0; + ag_stride = (int)strtol(val, NULL, 0); ++ if (errno) ++ do_abort( ++ _("-o ag_stride invalid parameter: %s\n"), strerror(errno)); + break; + case FORCE_GEO: + if (val) +@@ -272,19 +280,31 @@ process_args(int argc, char **argv) + if (!val) + do_abort( + _("-o phase2_threads requires a parameter\n")); ++ errno = 0; + phase2_threads = (int)strtol(val, NULL, 0); ++ if (errno) ++ do_abort( ++ _("-o phase2_threads invalid parameter: %s\n"), strerror(errno)); + break; + case BLOAD_LEAF_SLACK: + if (!val) + do_abort( + _("-o debug_bload_leaf_slack requires a parameter\n")); ++ errno = 0; + bload_leaf_slack = (int)strtol(val, NULL, 0); ++ if (errno) ++ do_abort( ++ _("-o debug_bload_leaf_slack invalid parameter: %s\n"), strerror(errno)); + break; + case BLOAD_NODE_SLACK: + if (!val) + do_abort( + _("-o debug_bload_node_slack requires a parameter\n")); ++ errno = 0; + bload_node_slack = (int)strtol(val, NULL, 0); ++ if (errno) ++ do_abort( ++ _("-o debug_bload_node_slack invalid parameter: %s\n"), strerror(errno)); + break; + case NOQUOTA: + quotacheck_skip(); +@@ -305,7 +325,11 @@ process_args(int argc, char **argv) + if (!val) + do_abort( + _("-c lazycount requires a parameter\n")); ++ errno = 0; + lazy_count = (int)strtol(val, NULL, 0); ++ if (errno) ++ do_abort( ++ _("-o lazycount invalid parameter: %s\n"), strerror(errno)); + convert_lazy_count = 1; + break; + case CONVERT_INOBTCOUNT: +@@ -356,7 +380,11 @@ process_args(int argc, char **argv) + if (bhash_option_used) + do_abort(_("-m option cannot be used with " + "-o bhash option\n")); ++ errno = 0; + max_mem_specified = strtol(optarg, NULL, 0); ++ if (errno) ++ do_abort( ++ _("%s: invalid memory amount: %s\n"), optarg, strerror(errno)); + break; + case 'L': + zap_log = 1; +@@ -377,7 +405,11 @@ process_args(int argc, char **argv) + do_prefetch = 0; + break; + case 't': ++ errno = 0; + report_interval = strtol(optarg, NULL, 0); ++ if (errno) ++ do_abort( ++ _("%s: invalid interval: %s\n"), optarg, strerror(errno)); + break; + case 'e': + report_corrected = true; +@@ -397,8 +429,14 @@ process_args(int argc, char **argv) + usage(); + + p = getenv("XFS_REPAIR_FAIL_AFTER_PHASE"); +- if (p) ++ if (p) { ++ errno = 0; + fail_after_phase = (int)strtol(p, NULL, 0); ++ if (errno) ++ do_abort( ++ _("%s: invalid phase in XFS_REPAIR_FAIL_AFTER_PHASE: %s\n"), ++ p, strerror(errno)); ++ } + } + + void __attribute__((noreturn)) +-- +2.45.2 + diff --git a/xfsprogs-6.5.0-xfs_repair.xfs.8-xfs_repair-make-duration-take-time_t.patch b/xfsprogs-6.5.0-xfs_repair.xfs.8-xfs_repair-make-duration-take-time_t.patch new file mode 100644 index 0000000..b16e886 --- /dev/null +++ b/xfsprogs-6.5.0-xfs_repair.xfs.8-xfs_repair-make-duration-take-time_t.patch @@ -0,0 +1,110 @@ +From fcac184ccf342a345ea8fe4d842415841af89e64 Mon Sep 17 00:00:00 2001 +From: Andrey Albershteyn +Date: Tue, 23 Apr 2024 14:36:15 +0200 +Subject: [PATCH] xfs_repair: make duration take time_t + +In most of the uses of duration() takes time_t instead of int. +Convert the rest to use time_t and make duration() take time_t to +not truncate it to int. + +While at it remove unnecessary parentheses around 'elapsed'. + +Reviewed-by: Darrick J. Wong +Reviewed-by: Christoph Hellwig +Signed-off-by: Andrey Albershteyn +--- + repair/globals.c | 2 +- + repair/globals.h | 2 +- + repair/progress.c | 9 +++++---- + repair/progress.h | 2 +- + repair/xfs_repair.c | 2 +- + 5 files changed, 9 insertions(+), 8 deletions(-) + +diff --git a/repair/globals.c b/repair/globals.c +index a68929bd..24f720c4 100644 +--- a/repair/globals.c ++++ b/repair/globals.c +@@ -116,7 +116,7 @@ uint32_t sb_width; + struct aglock *ag_locks; + struct aglock rt_lock; + +-int report_interval; ++time_t report_interval; + uint64_t *prog_rpt_done; + + int ag_stride; +diff --git a/repair/globals.h b/repair/globals.h +index a67e384a..b83a8ae6 100644 +--- a/repair/globals.h ++++ b/repair/globals.h +@@ -160,7 +160,7 @@ struct aglock { + extern struct aglock *ag_locks; + extern struct aglock rt_lock; + +-extern int report_interval; ++extern time_t report_interval; + extern uint64_t *prog_rpt_done; + + extern int ag_stride; +diff --git a/repair/progress.c b/repair/progress.c +index f6c4d988..2ce36cef 100644 +--- a/repair/progress.c ++++ b/repair/progress.c +@@ -265,15 +265,16 @@ progress_rpt_thread (void *p) + (current_phase == 7))) { + /* for inode phase report % complete */ + do_log( +- _("\t- %02d:%02d:%02d: Phase %d: elapsed time %s - processed %d %s per minute\n"), ++ _("\t- %02d:%02d:%02d: Phase %d: elapsed time %s - processed %ld %s per minute\n"), + tmp->tm_hour, tmp->tm_min, tmp->tm_sec, + current_phase, duration(elapsed, msgbuf), +- (int) (60*sum/(elapsed)), *msgp->format->type); ++ 60 * sum / elapsed, *msgp->format->type); + do_log( + _("\t- %02d:%02d:%02d: Phase %d: %" PRIu64 "%% done - estimated remaining time %s\n"), + tmp->tm_hour, tmp->tm_min, tmp->tm_sec, + current_phase, percent, +- duration((int) ((*msgp->total - sum) * (elapsed)/sum), msgbuf)); ++ duration((*msgp->total - sum) * elapsed / sum, ++ msgbuf)); + } + + if (pthread_mutex_unlock(&msgp->mutex) != 0) { +@@ -420,7 +421,7 @@ timestamp(int end, int phase, char *buf) + } + + char * +-duration(int length, char *buf) ++duration(time_t length, char *buf) + { + int sum; + int weeks; +diff --git a/repair/progress.h b/repair/progress.h +index 2c1690db..9575df16 100644 +--- a/repair/progress.h ++++ b/repair/progress.h +@@ -38,7 +38,7 @@ extern void summary_report(void); + extern int set_progress_msg(int report, uint64_t total); + extern uint64_t print_final_rpt(void); + extern char *timestamp(int end, int phase, char *buf); +-extern char *duration(int val, char *buf); ++extern char *duration(time_t val, char *buf); + extern int do_parallel; + + #define PROG_RPT_INC(a,b) if (ag_stride && prog_rpt_done) (a) += (b) +diff --git a/repair/xfs_repair.c b/repair/xfs_repair.c +index ba9d2833..2ceea87d 100644 +--- a/repair/xfs_repair.c ++++ b/repair/xfs_repair.c +@@ -377,7 +377,7 @@ process_args(int argc, char **argv) + do_prefetch = 0; + break; + case 't': +- report_interval = (int)strtol(optarg, NULL, 0); ++ report_interval = strtol(optarg, NULL, 0); + break; + case 'e': + report_corrected = true; +-- +2.45.2 + diff --git a/xfsprogs-6.5.0-xfs_repair.xfs.8-xfs_scrub-don-t-call-phase_end-if-phase_rusage-was-n.patch b/xfsprogs-6.5.0-xfs_repair.xfs.8-xfs_scrub-don-t-call-phase_end-if-phase_rusage-was-n.patch new file mode 100644 index 0000000..f20ec1f --- /dev/null +++ b/xfsprogs-6.5.0-xfs_repair.xfs.8-xfs_scrub-don-t-call-phase_end-if-phase_rusage-was-n.patch @@ -0,0 +1,43 @@ +From c4dd920b8a8900046e0785e55a43c7190b82c59a Mon Sep 17 00:00:00 2001 +From: Andrey Albershteyn +Date: Tue, 23 Apr 2024 14:36:16 +0200 +Subject: [PATCH] xfs_scrub: don't call phase_end if phase_rusage was not + initialized + +If unicrash_load() fails, all_pi can be used uninitialized in +phase_end(). Fix it by going to the unload: section if unicrash_load +fails and just go with unicrash_unload() (the is_service won't be +initialized here). + +Reviewed-by: Darrick J. Wong +Reviewed-by: Bill O'Donnell +Reviewed-by: Christoph Hellwig +Signed-off-by: Andrey Albershteyn +--- + scrub/xfs_scrub.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/scrub/xfs_scrub.c b/scrub/xfs_scrub.c +index 752180d6..50565857 100644 +--- a/scrub/xfs_scrub.c ++++ b/scrub/xfs_scrub.c +@@ -631,7 +631,7 @@ main( + fprintf(stderr, + _("%s: couldn't initialize Unicode library.\n"), + progname); +- goto out; ++ goto out_unicrash; + } + + pthread_mutex_init(&ctx.lock, NULL); +@@ -828,6 +828,7 @@ out: + phase_end(&all_pi, 0); + if (progress_fp) + fclose(progress_fp); ++out_unicrash: + unicrash_unload(); + + /* +-- +2.45.2 + diff --git a/xfsprogs-rhelonly-xfs_db-fix-unitialized-variable-in-check_parents-function.patch b/xfsprogs-rhelonly-xfs_db-fix-unitialized-variable-in-check_parents-function.patch new file mode 100644 index 0000000..d9104e2 --- /dev/null +++ b/xfsprogs-rhelonly-xfs_db-fix-unitialized-variable-in-check_parents-function.patch @@ -0,0 +1,25 @@ +jdm_parentpaths() doesn't initialize count. If count happens to be +non-zero, following loop can result in access overflow. + +Signed-off-by: Andrey Albershteyn +--- + io/parent.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/io/parent.c b/io/parent.c +index 8f63607ffec2..5750d98a3b75 100644 +--- a/io/parent.c ++++ b/io/parent.c +@@ -112,7 +112,7 @@ check_parents(parent_t *parentbuf, size_t *parentbuf_size, + jdm_fshandle_t *fshandlep, struct xfs_bstat *statp) + { + int error, i; +- __u32 count; ++ __u32 count = 0; + parent_t *entryp; + + do { +-- +2.42.0 + + diff --git a/xfsprogs.spec b/xfsprogs.spec index 9c0a477..c48e444 100644 --- a/xfsprogs.spec +++ b/xfsprogs.spec @@ -1,7 +1,7 @@ Summary: Utilities for managing the XFS filesystem Name: xfsprogs Version: 6.4.0 -Release: 1%{?dist} +Release: 2%{?dist} License: GPL+ and LGPLv2+ URL: https://xfs.wiki.kernel.org Source0: http://kernel.org/pub/linux/utils/fs/xfs/xfsprogs/%{name}-%{version}.tar.xz @@ -28,6 +28,14 @@ Patch1: xfsprogs-rhelonly-example-conf.patch Patch2: xfsprogs-rhelonly-mkfs-tolerate-tiny-filesystems.patch Patch3: xfsprogs-rhelonly-upstream-v6.6.0-xfs_quota-fix-missing-mount-point-warning.patch Patch4: xfsprogs-6.5.0-mkfs.xfs.8-correction-on-mkfs.xfs-manpage-since-refl.patch +Patch5: xfsprogs-6.5.0-xfs_db.xfs.8-xfs_db-fix-leak-in-flist_find_ftyp.patch +Patch6: xfsprogs-6.5.0-xfs_repair.xfs.8-xfs_repair-make-duration-take-time_t.patch +Patch7: xfsprogs-6.5.0-xfs_repair.xfs.8-xfs_scrub-don-t-call-phase_end-if-phase_rusage-was-n.patch +Patch8: xfsprogs-6.5.0-xfs_fsr.xfs.8-xfs_fsr-convert-fsrallfs-to-use-time_t-instead-of-in.patch +Patch9: xfsprogs-6.5.0-xfs_fsr.xfs.8-xfs_fsr-replace-atoi-with-strtol.patch +Patch 10: xfsprogs-6.5.0-xfs_db.xfs.8-xfs_db-add-helper-for-flist_find_type-for-clearer-fi.patch +Patch 11: xfsprogs-6.5.0-xfs_repair.xfs.8-xfs_repair-catch-strtol-errors.patch +Patch 12: xfsprogs-rhelonly-xfs_db-fix-unitialized-variable-in-check_parents-function.patch %description A set of commands to use the XFS filesystem, including mkfs.xfs. @@ -139,6 +147,19 @@ install -m 0644 %{SOURCE3} %{buildroot}%{mkfsdir} %{_libdir}/*.so %changelog +* Wed Jun 26 2024 Bill O'Donnell - 6.4.0-2 +- Fix various CVE issues. +- Related: RHEL-32996 +- Following is the patch list: +- xfsprogs-6.5.0-xfs_db.xfs.8-xfs_db-fix-leak-in-flist_find_ftyp.patch +- xfsprogs-6.5.0-xfs_repair.xfs.8-xfs_repair-make-duration-take-time_t.patch +- xfsprogs-6.5.0-xfs_repair.xfs.8-xfs_scrub-don-t-call-phase_end-if-phase_rusage-was-n.patch +- xfsprogs-6.5.0-xfs_fsr.xfs.8-xfs_fsr-convert-fsrallfs-to-use-time_t-instead-of-in.patch +- xfsprogs-6.5.0-xfs_fsr.xfs.8-xfs_fsr-replace-atoi-with-strtol.patch +- xfsprogs-6.5.0-xfs_db.xfs.8-xfs_db-add-helper-for-flist_find_type-for-clearer-fi.patch +- xfsprogs-6.5.0-xfs_repair.xfs.8-xfs_repair-catch-strtol-errors.patch +- xfsprogs-rhelonly-xfs_db-fix-unitialized-variable-in-check_parents-function.patch + * Mon May 20 2024 Pavel Reichl - 6.4.0-1 - Rebase to a more recent upstream release - Related: RHEL-28339