packages/libnftnl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!31 [sync] PR-30: 回合社区补丁

Browse Source 
From: @openeuler-sync-bot 
Reviewed-by: @hubin95 
Signed-off-by: @hubin95
This commit is contained in:
openeuler-ci-bot 2023-06-05 08:23:50 +00:00 committed by Gitee
commit 6c3bed551d
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
3 changed files with 115 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

69
backport-set-Do-not-leave-free-d-expr_list-elements-in-place.patch Normal file
View File

@ -0,0 +1,69 @@
From 2d83a7d4f58fbf6eaa9aeace49c78d91a86a3b28 Mon Sep 17 00:00:00 2001
From: Phil Sutter <phil@nwl.cc>
Date: Wed, 31 May 2023 14:09:09 +0200
Subject: [PATCH] set: Do not leave free'd expr_list elements in place
When freeing elements, remove them also to prevent a potential UAF.
Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1685
Fixes: 3469f09286cee ("src: add NFTNL_SET_EXPRESSIONS")
Signed-off-by: Phil Sutter <phil@nwl.cc>
---
src/set.c | 16 ++++++++++++----
1 file changed, 12 insertions(+), 4 deletions(-)
diff --git a/src/set.c b/src/set.c
index c46f827..719e596 100644
--- a/src/set.c
+++ b/src/set.c
@@ -54,8 +54,10 @@ void nftnl_set_free(const struct nftnl_set *s)
if (s->flags & (1 << NFTNL_SET_USERDATA))
xfree(s->user.data);
- list_for_each_entry_safe(expr, next, &s->expr_list, head)
+ list_for_each_entry_safe(expr, next, &s->expr_list, head) {
+ list_del(&expr->head);
nftnl_expr_free(expr);
+ }
list_for_each_entry_safe(elem, tmp, &s->element_list, head) {
list_del(&elem->head);
@@ -105,8 +107,10 @@ void nftnl_set_unset(struct nftnl_set *s, uint16_t attr)
break;
case NFTNL_SET_EXPR:
case NFTNL_SET_EXPRESSIONS:
- list_for_each_entry_safe(expr, tmp, &s->expr_list, head)
+ list_for_each_entry_safe(expr, tmp, &s->expr_list, head) {
+ list_del(&expr->head);
nftnl_expr_free(expr);
+ }
break;
default:
return;
@@ -210,8 +214,10 @@ int nftnl_set_set_data(struct nftnl_set *s, uint16_t attr, const void *data,
s->user.len = data_len;
break;
case NFTNL_SET_EXPR:
- list_for_each_entry_safe(expr, tmp, &s->expr_list, head)
+ list_for_each_entry_safe(expr, tmp, &s->expr_list, head) {
+ list_del(&expr->head);
nftnl_expr_free(expr);
+ }
expr = (void *)data;
list_add(&expr->head, &s->expr_list);
@@ -742,8 +748,10 @@ int nftnl_set_nlmsg_parse(const struct nlmsghdr *nlh, struct nftnl_set *s)
return 0;
out_set_expr:
- list_for_each_entry_safe(expr, next, &s->expr_list, head)
+ list_for_each_entry_safe(expr, next, &s->expr_list, head) {
+ list_del(&expr->head);
nftnl_expr_free(expr);
+ }
return -1;
}
--
2.27.0

40
backport-tests-nft-rule-test-Add-test-cases-to-improve-code-c.patch Normal file
View File

@ -0,0 +1,40 @@
From 53ccf6e7a50d33ec6da5501bf75a1a621459f7aa Mon Sep 17 00:00:00 2001
From: shixuantong <tongxiaoge1001@126.com>
Date: Fri, 2 Jun 2023 00:05:37 +0800
Subject: [PATCH] tests: nft-rule-test: Add test cases to improve code coverage
Signed-off-by: shixuantong <tongxiaoge1001@126.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
tests/nft-rule-test.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/tests/nft-rule-test.c b/tests/nft-rule-test.c
index 3652bf6..3a92223 100644
--- a/tests/nft-rule-test.c
+++ b/tests/nft-rule-test.c
@@ -48,6 +48,12 @@ static void cmp_nftnl_rule(struct nftnl_rule *a, struct nftnl_rule *b)
if (nftnl_rule_get_u32(a, NFTNL_RULE_COMPAT_FLAGS) !=
nftnl_rule_get_u32(b, NFTNL_RULE_COMPAT_FLAGS))
print_err("Rule compat_flags mismatches");
+ if (nftnl_rule_get_u32(a, NFTNL_RULE_ID) !=
+ nftnl_rule_get_u32(b, NFTNL_RULE_ID))
+ print_err("Rule id mismatches");
+ if (nftnl_rule_get_u32(a, NFTNL_RULE_POSITION_ID) !=
+ nftnl_rule_get_u32(b, NFTNL_RULE_POSITION_ID))
+ print_err("Rule position_id mismatches");
if (nftnl_rule_get_u64(a, NFTNL_RULE_POSITION) !=
nftnl_rule_get_u64(b, NFTNL_RULE_POSITION))
print_err("Rule compat_position mismatches");
@@ -84,6 +90,8 @@ int main(int argc, char *argv[])
nftnl_rule_set_u64(a, NFTNL_RULE_HANDLE, 0x1234567812345678);
nftnl_rule_set_u32(a, NFTNL_RULE_COMPAT_PROTO, 0x12345678);
nftnl_rule_set_u32(a, NFTNL_RULE_COMPAT_FLAGS, 0x12345678);
+ nftnl_rule_set_u32(a, NFTNL_RULE_ID, 0x12345678);
+ nftnl_rule_set_u32(a, NFTNL_RULE_POSITION_ID, 0x12345678);
nftnl_rule_set_u64(a, NFTNL_RULE_POSITION, 0x1234567812345678);
nftnl_rule_set_data(a, NFTNL_RULE_USERDATA,
nftnl_udata_buf_data(udata),
--
2.27.0

7
libnftnl.spec
View File

@ -1,6 +1,6 @@
Name: libnftnl Name: libnftnl
Version: 1.2.0 Version: 1.2.0
Release: 4 Release: 5
Summary: Library for low-level interaction with nftables Netlink's API over libmnl Summary: Library for low-level interaction with nftables Netlink's API over libmnl
License: GPLv2+ License: GPLv2+
URL: http://netfilter.org/projects/libnftnl/ URL: http://netfilter.org/projects/libnftnl/
@ -9,6 +9,8 @@ Source0: http://netfilter.org/projects/libnftnl/files/%{name}-%{version}.tar.bz2
Patch6000: backport-rule-set_elem-fix-printing-of-user-data.patch Patch6000: backport-rule-set_elem-fix-printing-of-user-data.patch
Patch6001: backport-rule-set_elem-remove-trailing-n-in-userdata-snprintf.patch Patch6001: backport-rule-set_elem-remove-trailing-n-in-userdata-snprintf.patch
Patch6002: backport-libnftnl-Fix-res_id-byte-order.patch Patch6002: backport-libnftnl-Fix-res_id-byte-order.patch
Patch6003: backport-set-Do-not-leave-free-d-expr_list-elements-in-place.patch
Patch6004: backport-tests-nft-rule-test-Add-test-cases-to-improve-code-c.patch
BuildRequires: libmnl-devel jansson-devel gcc BuildRequires: libmnl-devel jansson-devel gcc
@ -55,6 +57,9 @@ make %{?_smp_mflags} check
%{_includedir}/libnftnl %{_includedir}/libnftnl
%changelog %changelog
* Mon Jun 05 2023 shixuantong <shixuantong1@huawei.com> - 1.2.0-5
- Do not leave free'd expr_list elements in place and add test cases
* Mon May 29 2023 shixuantong <shixuantong1@huawei.com> - 1.2.0-4 * Mon May 29 2023 shixuantong <shixuantong1@huawei.com> - 1.2.0-4
- Fix res_id byte order - Fix res_id byte order