diff --git a/SOURCES/0006-conntrackd-use-strncpy-to-unix-path.patch b/SOURCES/0006-conntrackd-use-strncpy-to-unix-path.patch index db2b230..ad8d2b3 100644 --- a/SOURCES/0006-conntrackd-use-strncpy-to-unix-path.patch +++ b/SOURCES/0006-conntrackd-use-strncpy-to-unix-path.patch @@ -1,4 +1,4 @@ -From 2c020e89fbf2f3c9d18fbd691c7e6785e195defc Mon Sep 17 00:00:00 2001 +From 16b593316dcf2fac1d583397f94b727791af8a1c Mon Sep 17 00:00:00 2001 From: Pablo Neira Ayuso Date: Wed, 20 Mar 2019 08:19:18 +0100 Subject: [PATCH] conntrackd: use strncpy() to unix path diff --git a/SOURCES/0007-conntrackd-Use-strdup-in-lexer.patch b/SOURCES/0007-conntrackd-Use-strdup-in-lexer.patch index d6d05ca..abca62f 100644 --- a/SOURCES/0007-conntrackd-Use-strdup-in-lexer.patch +++ b/SOURCES/0007-conntrackd-Use-strdup-in-lexer.patch @@ -1,4 +1,4 @@ -From a5edeb0b5fe0b6ac819bff1f29a2baf472cef755 Mon Sep 17 00:00:00 2001 +From da531a2ee6f6bd9828c0b64b1651264acdd7e731 Mon Sep 17 00:00:00 2001 From: Ash Hughes Date: Thu, 30 May 2019 21:49:56 +0100 Subject: [PATCH] conntrackd: Use strdup in lexer diff --git a/SOURCES/0008-conntrackd-use-correct-max-unix-path-length.patch b/SOURCES/0008-conntrackd-use-correct-max-unix-path-length.patch index d264e9b..7f9e269 100644 --- a/SOURCES/0008-conntrackd-use-correct-max-unix-path-length.patch +++ b/SOURCES/0008-conntrackd-use-correct-max-unix-path-length.patch @@ -1,4 +1,4 @@ -From 22c53808b5ced8580f2826ca6c268018345fac47 Mon Sep 17 00:00:00 2001 +From 8cb5fba90e0c602922bd2497f2d5ea3946eac172 Mon Sep 17 00:00:00 2001 From: Michal Kubecek Date: Mon, 15 Jul 2019 08:46:23 +0200 Subject: [PATCH] conntrackd: use correct max unix path length diff --git a/SOURCES/0009-hash-Flush-tables-when-destroying.patch b/SOURCES/0009-hash-Flush-tables-when-destroying.patch new file mode 100644 index 0000000..84d9be8 --- /dev/null +++ b/SOURCES/0009-hash-Flush-tables-when-destroying.patch @@ -0,0 +1,29 @@ +From 928268da2fc7e4c3ba393fceba9b38c230b7151e Mon Sep 17 00:00:00 2001 +From: Phil Sutter +Date: Thu, 24 Mar 2022 18:06:39 +0100 +Subject: [PATCH] hash: Flush tables when destroying + +This is cosmetics only, but stops valgrind from complaining about +definitely lost memory. + +Signed-off-by: Phil Sutter +(cherry picked from commit 9be65154696859d94dcdeb7347ba5cca3b8d48ba) +--- + src/hash.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/hash.c b/src/hash.c +index fe6a047fcebe0..a0f240c21fa82 100644 +--- a/src/hash.c ++++ b/src/hash.c +@@ -55,6 +55,7 @@ hashtable_create(int hashsize, int limit, + + void hashtable_destroy(struct hashtable *h) + { ++ hashtable_flush(h); + free(h); + } + +-- +2.34.1 + diff --git a/SOURCES/0010-cache-Fix-features-array-allocation.patch b/SOURCES/0010-cache-Fix-features-array-allocation.patch new file mode 100644 index 0000000..8d19715 --- /dev/null +++ b/SOURCES/0010-cache-Fix-features-array-allocation.patch @@ -0,0 +1,37 @@ +From 22c02399e51367b8ec1b2e66a4359ae5cd8db4ae Mon Sep 17 00:00:00 2001 +From: Phil Sutter +Date: Thu, 24 Mar 2022 18:07:51 +0100 +Subject: [PATCH] cache: Fix features array allocation + +struct cache::features is of type struct cache_feature **, allocate and +populate accordingly. + +Fixes: ad31f852c3454 ("initial import of the conntrack daemon to Netfilter SVN") +Signed-off-by: Phil Sutter +(cherry picked from commit 549f90d8a7847f201aa604a0cf7c24b73d4b5a56) +--- + src/cache.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/cache.c b/src/cache.c +index 79a024f8b6bb0..9bc8d0f5bf34a 100644 +--- a/src/cache.c ++++ b/src/cache.c +@@ -69,12 +69,12 @@ struct cache *cache_create(const char *name, enum cache_type type, + + memcpy(c->feature_type, feature_type, sizeof(feature_type)); + +- c->features = malloc(sizeof(struct cache_feature) * j); ++ c->features = malloc(sizeof(struct cache_feature *) * j); + if (!c->features) { + free(c); + return NULL; + } +- memcpy(c->features, feature_array, sizeof(struct cache_feature) * j); ++ memcpy(c->features, feature_array, sizeof(struct cache_feature *) * j); + c->num_features = j; + + c->extra_offset = size; +-- +2.34.1 + diff --git a/SOURCES/0011-Fix-potential-buffer-overrun-in-snprintf-calls.patch b/SOURCES/0011-Fix-potential-buffer-overrun-in-snprintf-calls.patch new file mode 100644 index 0000000..3a1a66d --- /dev/null +++ b/SOURCES/0011-Fix-potential-buffer-overrun-in-snprintf-calls.patch @@ -0,0 +1,50 @@ +From a26eb6eba3f318271d3fbd52152ad43acfc15393 Mon Sep 17 00:00:00 2001 +From: Phil Sutter +Date: Thu, 24 Mar 2022 18:14:50 +0100 +Subject: [PATCH] Fix potential buffer overrun in snprintf() calls + +When consecutively printing into the same buffer at increasing offset, +reduce buffer size passed to snprintf() to not defeat its size checking. + +Signed-off-by: Phil Sutter +(cherry picked from commit 0e05989f3247e9aef0d96aafc144b2d853732891) +--- + src/process.c | 2 +- + src/queue.c | 4 ++-- + 2 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/src/process.c b/src/process.c +index 3ddad5ffa7959..08598eeae84de 100644 +--- a/src/process.c ++++ b/src/process.c +@@ -84,7 +84,7 @@ void fork_process_dump(int fd) + int size = 0; + + list_for_each_entry(this, &process_list, head) { +- size += snprintf(buf+size, sizeof(buf), ++ size += snprintf(buf + size, sizeof(buf) - size, + "PID=%u type=%s\n", + this->pid, + this->type < CTD_PROC_MAX ? +diff --git a/src/queue.c b/src/queue.c +index 76425b18495b5..e94dc7c45d1fd 100644 +--- a/src/queue.c ++++ b/src/queue.c +@@ -69,12 +69,12 @@ void queue_stats_show(int fd) + int size = 0; + char buf[512]; + +- size += snprintf(buf+size, sizeof(buf), ++ size += snprintf(buf + size, sizeof(buf) - size, + "allocated queue nodes:\t\t%12u\n\n", + qobjects_num); + + list_for_each_entry(this, &queue_list, list) { +- size += snprintf(buf+size, sizeof(buf), ++ size += snprintf(buf + size, sizeof(buf) - size, + "queue %s:\n" + "current elements:\t\t%12u\n" + "maximum elements:\t\t%12u\n" +-- +2.34.1 + diff --git a/SOURCES/0012-helpers-ftp-Avoid-ugly-casts.patch b/SOURCES/0012-helpers-ftp-Avoid-ugly-casts.patch new file mode 100644 index 0000000..c2482f5 --- /dev/null +++ b/SOURCES/0012-helpers-ftp-Avoid-ugly-casts.patch @@ -0,0 +1,55 @@ +From 2c8cc74e2fbfbed8fad8e80513fc7a34674bb382 Mon Sep 17 00:00:00 2001 +From: Phil Sutter +Date: Thu, 24 Mar 2022 18:27:56 +0100 +Subject: [PATCH] helpers: ftp: Avoid ugly casts + +Coverity tool complains about accessing a local variable at non-zero +offset. Avoid this by using a helper union. This should silence the +checker, although the code is still probably not Big Endian-safe. + +Signed-off-by: Phil Sutter +(cherry picked from commit ff4e57e890a8628208a004587cd7a5ee955bb5fe) +--- + src/helpers/ftp.c | 20 +++++++++----------- + 1 file changed, 9 insertions(+), 11 deletions(-) + +diff --git a/src/helpers/ftp.c b/src/helpers/ftp.c +index bd3f11788cc24..0694d38c6ea13 100644 +--- a/src/helpers/ftp.c ++++ b/src/helpers/ftp.c +@@ -331,23 +331,21 @@ static int nf_nat_ftp_fmt_cmd(enum nf_ct_ftp_type type, + char *buffer, size_t buflen, + uint32_t addr, uint16_t port) + { ++ union { ++ unsigned char c[4]; ++ uint32_t d; ++ } tmp; ++ ++ tmp.d = addr; + switch (type) { + case NF_CT_FTP_PORT: + case NF_CT_FTP_PASV: + return snprintf(buffer, buflen, "%u,%u,%u,%u,%u,%u", +- ((unsigned char *)&addr)[0], +- ((unsigned char *)&addr)[1], +- ((unsigned char *)&addr)[2], +- ((unsigned char *)&addr)[3], +- port >> 8, +- port & 0xFF); ++ tmp.c[0], tmp.c[1], tmp.c[2], tmp.c[3], ++ port >> 8, port & 0xFF); + case NF_CT_FTP_EPRT: + return snprintf(buffer, buflen, "|1|%u.%u.%u.%u|%u|", +- ((unsigned char *)&addr)[0], +- ((unsigned char *)&addr)[1], +- ((unsigned char *)&addr)[2], +- ((unsigned char *)&addr)[3], +- port); ++ tmp.c[0], tmp.c[1], tmp.c[2], tmp.c[3], port); + case NF_CT_FTP_EPSV: + return snprintf(buffer, buflen, "|||%u|", port); + } +-- +2.34.1 + diff --git a/SOURCES/0013-read_config_yy-Drop-extra-argument-from-dlog-call.patch b/SOURCES/0013-read_config_yy-Drop-extra-argument-from-dlog-call.patch new file mode 100644 index 0000000..b7e4e3a --- /dev/null +++ b/SOURCES/0013-read_config_yy-Drop-extra-argument-from-dlog-call.patch @@ -0,0 +1,30 @@ +From 385a065550fba6afc9132df07b8ef9da40431c55 Mon Sep 17 00:00:00 2001 +From: Phil Sutter +Date: Thu, 24 Mar 2022 19:09:22 +0100 +Subject: [PATCH] read_config_yy: Drop extra argument from dlog() call + +False priority value was never printed. + +Fixes: dfb88dae65fbd ("conntrackd: change scheduler and priority via configuration file") +Signed-off-by: Phil Sutter +(cherry picked from commit f2fed05adbd05df23a063e0a9f2809399d924c64) +--- + src/read_config_yy.y | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/read_config_yy.y b/src/read_config_yy.y +index 4311cd6c9a2f5..6aee67623953b 100644 +--- a/src/read_config_yy.y ++++ b/src/read_config_yy.y +@@ -1042,7 +1042,7 @@ scheduler_line : T_PRIO T_NUMBER + { + conf.sched.prio = $2; + if (conf.sched.prio < 0 || conf.sched.prio > 99) { +- dlog(LOG_ERR, "`Priority' must be [0, 99]\n", $2); ++ dlog(LOG_ERR, "`Priority' must be [0, 99]\n"); + exit(EXIT_FAILURE); + } + }; +-- +2.34.1 + diff --git a/SOURCES/0014-Don-t-call-exit-from-signal-handler.patch b/SOURCES/0014-Don-t-call-exit-from-signal-handler.patch new file mode 100644 index 0000000..bda2cfa --- /dev/null +++ b/SOURCES/0014-Don-t-call-exit-from-signal-handler.patch @@ -0,0 +1,30 @@ +From 6441d719c562135db1a41ff34a28f9edf8caf0fb Mon Sep 17 00:00:00 2001 +From: Phil Sutter +Date: Fri, 25 Mar 2022 09:50:18 +0100 +Subject: [PATCH] Don't call exit() from signal handler + +Coverity tool complains that exit() is not signal-safe and therefore +should not be called from within a signal handler. Call _exit() instead. + +Signed-off-by: Phil Sutter +(cherry picked from commit 7e4d4abd47c6b9b2af745c0a4c8b5532c1886399) +--- + src/run.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/run.c b/src/run.c +index f11a5327fe5e6..37a0eb1c6b957 100644 +--- a/src/run.c ++++ b/src/run.c +@@ -67,7 +67,7 @@ void killer(int signo) + close_log(); + + sd_ct_stop(); +- exit(0); ++ _exit(0); + } + + static void child(int foo) +-- +2.34.1 + diff --git a/SOURCES/0015-Drop-pointless-assignments.patch b/SOURCES/0015-Drop-pointless-assignments.patch new file mode 100644 index 0000000..71d5d49 --- /dev/null +++ b/SOURCES/0015-Drop-pointless-assignments.patch @@ -0,0 +1,43 @@ +From addd3c1ab24b64e9569095bcf02378904444f744 Mon Sep 17 00:00:00 2001 +From: Phil Sutter +Date: Fri, 25 Mar 2022 10:15:13 +0100 +Subject: [PATCH] Drop pointless assignments + +These variables are not referred to after assigning within their scope +(or until they're overwritten). + +Signed-off-by: Phil Sutter +(cherry picked from commit 5ecb1226d73eb4f9407faa8d663d7038046d34c6) +--- + src/helpers/ssdp.c | 1 - + src/main.c | 2 +- + 2 files changed, 1 insertion(+), 2 deletions(-) + +diff --git a/src/helpers/ssdp.c b/src/helpers/ssdp.c +index 58658e39d0a21..41a637a9ce720 100644 +--- a/src/helpers/ssdp.c ++++ b/src/helpers/ssdp.c +@@ -259,7 +259,6 @@ static int find_hdr(const char *name, const uint8_t *data, int data_len, + data += i+2; + } + +- data_len -= name_len; + data += name_len; + if (pos) + *pos = data; +diff --git a/src/main.c b/src/main.c +index 7062e12085f11..8c3fa1c943a96 100644 +--- a/src/main.c ++++ b/src/main.c +@@ -320,7 +320,7 @@ int main(int argc, char *argv[]) + + umask(0177); + +- if ((ret = init_config(config_file)) == -1) { ++ if (init_config(config_file) == -1) { + dlog(LOG_ERR, "can't open config file `%s'", config_file); + exit(EXIT_FAILURE); + } +-- +2.34.1 + diff --git a/SOURCES/0016-connntrack-Fix-for-memleak-when-parsing-j-arg.patch b/SOURCES/0016-connntrack-Fix-for-memleak-when-parsing-j-arg.patch new file mode 100644 index 0000000..8f4c849 --- /dev/null +++ b/SOURCES/0016-connntrack-Fix-for-memleak-when-parsing-j-arg.patch @@ -0,0 +1,30 @@ +From aff26dfeea91e70032bdc99bdf5bb5a194dd431d Mon Sep 17 00:00:00 2001 +From: Phil Sutter +Date: Fri, 25 Mar 2022 10:30:29 +0100 +Subject: [PATCH] connntrack: Fix for memleak when parsing -j arg + +Have to free the strings allocated by split_address_and_port(). + +Fixes: 29b390a212214 ("conntrack: Support IPv6 NAT") +Signed-off-by: Phil Sutter +(cherry picked from commit 42cb292d6c9e8567db2e30e183b1bd31093700ad) +--- + src/conntrack.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/src/conntrack.c b/src/conntrack.c +index 06f60e85fa1ed..eea5fd339c831 100644 +--- a/src/conntrack.c ++++ b/src/conntrack.c +@@ -2432,6 +2432,8 @@ int main(int argc, char *argv[]) + nfct_set_nat_details(c, tmpl.ct, &ad, + port_str, family); + } ++ free(port_str); ++ free(nat_address); + } + break; + case 'w': +-- +2.34.1 + diff --git a/SOURCES/0017-src-fix-strncpy-Wstringop-truncation-warnings.patch b/SOURCES/0017-src-fix-strncpy-Wstringop-truncation-warnings.patch new file mode 100644 index 0000000..f3168ce --- /dev/null +++ b/SOURCES/0017-src-fix-strncpy-Wstringop-truncation-warnings.patch @@ -0,0 +1,225 @@ +From a045ef8abc1c81ac359103ac61841bae860d8960 Mon Sep 17 00:00:00 2001 +From: "Jose M. Guisado Gomez" +Date: Fri, 16 Aug 2019 11:25:11 +0200 +Subject: [PATCH] src: fix strncpy -Wstringop-truncation warnings +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +-Wstringop-truncation warning was introduced in GCC-8 as truncation +checker for strncpy and strncat. + +Systems using gcc version >= 8 would receive the following warnings: + +read_config_yy.c: In function ‘yyparse’: +read_config_yy.y:1594:2: warning: ‘strncpy’ specified bound 16 equals destination size [-Wstringop-truncation] + 1594 | strncpy(policy->name, $2, CTD_HELPER_NAME_LEN); + | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +read_config_yy.y:1384:2: warning: ‘strncpy’ specified bound 256 equals destination size [-Wstringop-truncation] + 1384 | strncpy(conf.stats.logfile, $2, FILENAME_MAXLEN); + | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +read_config_yy.y:692:2: warning: ‘strncpy’ specified bound 108 equals destination size [-Wstringop-truncation] + 692 | strncpy(conf.local.path, $2, UNIX_PATH_MAX); + | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +read_config_yy.y:169:2: warning: ‘strncpy’ specified bound 256 equals destination size [-Wstringop-truncation] + 169 | strncpy(conf.lockfile, $2, FILENAME_MAXLEN); + | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +read_config_yy.y:119:2: warning: ‘strncpy’ specified bound 256 equals destination size [-Wstringop-truncation] + 119 | strncpy(conf.logfile, $2, FILENAME_MAXLEN); + | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +main.c: In function ‘main’: +main.c:168:5: warning: ‘strncpy’ specified bound 4096 equals destination size [-Wstringop-truncation] + 168 | strncpy(config_file, argv[i], PATH_MAX); + | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Fix the issue by checking for string length first. Also using +snprintf instead. + +In addition, correct an off-by-one when warning about maximum config +file path length. + +Signed-off-by: Jose M. Guisado Gomez +Signed-off-by: Pablo Neira Ayuso +(cherry picked from commit f196de88cdd9764ddc2e4de737a960972d82fe9d) +--- + include/conntrackd.h | 6 +++--- + include/helper.h | 2 +- + include/local.h | 4 ++-- + src/main.c | 7 +++---- + src/read_config_yy.y | 39 +++++++++++++++++++++++++++++---------- + 5 files changed, 38 insertions(+), 20 deletions(-) + +diff --git a/include/conntrackd.h b/include/conntrackd.h +index 81dff221e96de..fe9ec1854a7d2 100644 +--- a/include/conntrackd.h ++++ b/include/conntrackd.h +@@ -85,9 +85,9 @@ union inet_address { + #define CONFIG(x) conf.x + + struct ct_conf { +- char logfile[FILENAME_MAXLEN]; ++ char logfile[FILENAME_MAXLEN + 1]; + int syslog_facility; +- char lockfile[FILENAME_MAXLEN]; ++ char lockfile[FILENAME_MAXLEN + 1]; + int hashsize; /* hashtable size */ + int channel_num; + int channel_default; +@@ -132,7 +132,7 @@ struct ct_conf { + int prio; + } sched; + struct { +- char logfile[FILENAME_MAXLEN]; ++ char logfile[FILENAME_MAXLEN + 1]; + int syslog_facility; + size_t buffer_size; + } stats; +diff --git a/include/helper.h b/include/helper.h +index 7353dfa9b2073..08d4cf4642802 100644 +--- a/include/helper.h ++++ b/include/helper.h +@@ -13,7 +13,7 @@ struct pkt_buff; + #define CTD_HELPER_POLICY_MAX 4 + + struct ctd_helper_policy { +- char name[CTD_HELPER_NAME_LEN]; ++ char name[CTD_HELPER_NAME_LEN + 1]; + uint32_t expect_timeout; + uint32_t expect_max; + }; +diff --git a/include/local.h b/include/local.h +index 22859d7ab60aa..9379446732eed 100644 +--- a/include/local.h ++++ b/include/local.h +@@ -7,12 +7,12 @@ + + struct local_conf { + int reuseaddr; +- char path[UNIX_PATH_MAX]; ++ char path[UNIX_PATH_MAX + 1]; + }; + + struct local_server { + int fd; +- char path[UNIX_PATH_MAX]; ++ char path[UNIX_PATH_MAX + 1]; + }; + + /* callback return values */ +diff --git a/src/main.c b/src/main.c +index 8c3fa1c943a96..de4773df8a204 100644 +--- a/src/main.c ++++ b/src/main.c +@@ -120,8 +120,8 @@ do_chdir(const char *d) + + int main(int argc, char *argv[]) + { ++ char config_file[PATH_MAX + 1] = {}; + int ret, i, action = -1; +- char config_file[PATH_MAX] = {}; + int type = 0; + struct utsname u; + int version, major, minor; +@@ -165,13 +165,12 @@ int main(int argc, char *argv[]) + break; + case 'C': + if (++i < argc) { +- strncpy(config_file, argv[i], PATH_MAX); +- if (strlen(argv[i]) >= PATH_MAX){ +- config_file[PATH_MAX-1]='\0'; ++ if (strlen(argv[i]) > PATH_MAX) { + dlog(LOG_WARNING, "Path to config file" + " to long. Cutting it down to %d" + " characters", PATH_MAX); + } ++ snprintf(config_file, PATH_MAX, "%s", argv[i]); + break; + } + show_usage(argv[0]); +diff --git a/src/read_config_yy.y b/src/read_config_yy.y +index 6aee67623953b..d963c494be1fc 100644 +--- a/src/read_config_yy.y ++++ b/src/read_config_yy.y +@@ -116,7 +116,12 @@ logfile_bool : T_LOG T_OFF + + logfile_path : T_LOG T_PATH_VAL + { +- strncpy(conf.logfile, $2, FILENAME_MAXLEN); ++ if (strlen($2) > FILENAME_MAXLEN) { ++ dlog(LOG_ERR, "LogFile path is longer than %u characters", ++ FILENAME_MAXLEN); ++ exit(EXIT_FAILURE); ++ } ++ snprintf(conf.logfile, FILENAME_MAXLEN, "%s", $2); + free($2); + }; + +@@ -166,7 +171,12 @@ syslog_facility : T_SYSLOG T_STRING + + lock : T_LOCK T_PATH_VAL + { +- strncpy(conf.lockfile, $2, FILENAME_MAXLEN); ++ if (strlen($2) > FILENAME_MAXLEN) { ++ dlog(LOG_ERR, "LockFile path is longer than %u characters", ++ FILENAME_MAXLEN); ++ exit(EXIT_FAILURE); ++ } ++ snprintf(conf.lockfile, FILENAME_MAXLEN, "%s", $2); + free($2); + }; + +@@ -689,13 +699,13 @@ unix_options: + + unix_option : T_PATH T_PATH_VAL + { +- strncpy(conf.local.path, $2, UNIX_PATH_MAX); +- free($2); +- if (conf.local.path[UNIX_PATH_MAX - 1]) { +- dlog(LOG_ERR, "UNIX Path is longer than %u characters", +- UNIX_PATH_MAX - 1); ++ if (strlen($2) > UNIX_PATH_MAX) { ++ dlog(LOG_ERR, "Path is longer than %u characters", ++ UNIX_PATH_MAX); + exit(EXIT_FAILURE); + } ++ snprintf(conf.local.path, UNIX_PATH_MAX, "%s", $2); ++ free($2); + }; + + unix_option : T_BACKLOG T_NUMBER +@@ -1381,7 +1391,12 @@ stat_logfile_bool : T_LOG T_OFF + + stat_logfile_path : T_LOG T_PATH_VAL + { +- strncpy(conf.stats.logfile, $2, FILENAME_MAXLEN); ++ if (strlen($2) > FILENAME_MAXLEN) { ++ dlog(LOG_ERR, "stats LogFile path is longer than %u characters", ++ FILENAME_MAXLEN); ++ exit(EXIT_FAILURE); ++ } ++ snprintf(conf.stats.logfile, FILENAME_MAXLEN, "%s", $2); + free($2); + }; + +@@ -1589,11 +1604,15 @@ helper_type: T_HELPER_POLICY T_STRING '{' helper_policy_list '}' + exit(EXIT_FAILURE); + break; + } ++ if (strlen($2) > CTD_HELPER_NAME_LEN) { ++ dlog(LOG_ERR, "Helper Policy is longer than %u characters", ++ CTD_HELPER_NAME_LEN); ++ exit(EXIT_FAILURE); ++ } + + policy = (struct ctd_helper_policy *) &e->data; +- strncpy(policy->name, $2, CTD_HELPER_NAME_LEN); ++ snprintf(policy->name, CTD_HELPER_NAME_LEN, "%s", $2); + free($2); +- policy->name[CTD_HELPER_NAME_LEN-1] = '\0'; + /* Now object is complete. */ + e->type = SYMBOL_HELPER_POLICY_EXPECT_ROOT; + stack_item_push(&symbol_stack, e); +-- +2.34.1 + diff --git a/SOURCES/0018-conntrack-fix-compiler-warnings.patch b/SOURCES/0018-conntrack-fix-compiler-warnings.patch new file mode 100644 index 0000000..2c77396 --- /dev/null +++ b/SOURCES/0018-conntrack-fix-compiler-warnings.patch @@ -0,0 +1,101 @@ +From 6dda36aceaedf88b33e5a2cf216bbd3b047611a6 Mon Sep 17 00:00:00 2001 +From: Florian Westphal +Date: Mon, 17 Jan 2022 16:42:52 +0100 +Subject: [PATCH] conntrack: fix compiler warnings + +.... those do not indicate bugs, but they are distracting. + +'exp_filter_add' at filter.c:513:2: +__builtin_strncpy specified bound 16 equals destination size [-Wstringop-truncation] + +This warning is because the size argument passed to strncpy() is +identical to buffer size, i.e. if hit the resulting string is not +0-terminated. + +read_config_yy.y:1625: warning: '__builtin_snprintf' output may be truncated before the last format character [-Wformat-truncation=] + 1625 | snprintf(policy->name, CTD_HELPER_NAME_LEN, "%s", $2); +read_config_yy.y:1399: warning: '__builtin_snprintf' output may be ... + 1399 | snprintf(conf.stats.logfile, FILENAME_MAXLEN, "%s", $2); +read_config_yy.y:707: warning: '__builtin_snprintf' output may be ... + 707 | snprintf(conf.local.path, UNIX_PATH_MAX, "%s", $2); +read_config_yy.y:179: warning: '__builtin_snprintf' output may be ... + 179 | snprintf(conf.lockfile, FILENAME_MAXLEN, "%s", $2); +read_config_yy.y:124: warning: '__builtin_snprintf' output may be ... + 124 | snprintf(conf.logfile, FILENAME_MAXLEN, "%s", $2); + +... its because the _MAXLEN constants are one less than the output +buffer size, i.e. could use either .._MAXLEN + 1 or sizeof, this uses +sizeof(). + +Signed-off-by: Florian Westphal +(cherry picked from commit 5f15bb47bbcdb7581c80c5e488cd109450494ec2) +--- + src/filter.c | 2 +- + src/read_config_yy.y | 10 +++++----- + 2 files changed, 6 insertions(+), 6 deletions(-) + +diff --git a/src/filter.c b/src/filter.c +index 00a5e96ecc248..9f961b1fe5b1b 100644 +--- a/src/filter.c ++++ b/src/filter.c +@@ -470,7 +470,7 @@ struct exp_filter *exp_filter_create(void) + + struct exp_filter_item { + struct list_head head; +- char helper_name[NFCT_HELPER_NAME_MAX]; ++ char helper_name[NFCT_HELPER_NAME_MAX + 1]; + }; + + /* this is ugly, but it simplifies read_config_yy.y */ +diff --git a/src/read_config_yy.y b/src/read_config_yy.y +index d963c494be1fc..401a1575014d0 100644 +--- a/src/read_config_yy.y ++++ b/src/read_config_yy.y +@@ -121,7 +121,7 @@ logfile_path : T_LOG T_PATH_VAL + FILENAME_MAXLEN); + exit(EXIT_FAILURE); + } +- snprintf(conf.logfile, FILENAME_MAXLEN, "%s", $2); ++ snprintf(conf.logfile, sizeof(conf.logfile), "%s", $2); + free($2); + }; + +@@ -176,7 +176,7 @@ lock : T_LOCK T_PATH_VAL + FILENAME_MAXLEN); + exit(EXIT_FAILURE); + } +- snprintf(conf.lockfile, FILENAME_MAXLEN, "%s", $2); ++ snprintf(conf.lockfile, sizeof(conf.lockfile), "%s", $2); + free($2); + }; + +@@ -704,7 +704,7 @@ unix_option : T_PATH T_PATH_VAL + UNIX_PATH_MAX); + exit(EXIT_FAILURE); + } +- snprintf(conf.local.path, UNIX_PATH_MAX, "%s", $2); ++ snprintf(conf.local.path, sizeof(conf.local.path), "%s", $2); + free($2); + }; + +@@ -1396,7 +1396,7 @@ stat_logfile_path : T_LOG T_PATH_VAL + FILENAME_MAXLEN); + exit(EXIT_FAILURE); + } +- snprintf(conf.stats.logfile, FILENAME_MAXLEN, "%s", $2); ++ snprintf(conf.stats.logfile, sizeof(conf.stats.logfile), "%s", $2); + free($2); + }; + +@@ -1611,7 +1611,7 @@ helper_type: T_HELPER_POLICY T_STRING '{' helper_policy_list '}' + } + + policy = (struct ctd_helper_policy *) &e->data; +- snprintf(policy->name, CTD_HELPER_NAME_LEN, "%s", $2); ++ snprintf(policy->name, sizeof(policy->name), "%s", $2); + free($2); + /* Now object is complete. */ + e->type = SYMBOL_HELPER_POLICY_EXPECT_ROOT; +-- +2.34.1 + diff --git a/SPECS/conntrack-tools.spec b/SPECS/conntrack-tools.spec index d0548a7..b5f22f1 100644 --- a/SPECS/conntrack-tools.spec +++ b/SPECS/conntrack-tools.spec @@ -1,6 +1,6 @@ Name: conntrack-tools Version: 1.4.5 -Release: 10%{?dist}.1 +Release: 15%{?dist} Summary: Manipulate netfilter connection tracking table and run High Availability License: GPLv2 URL: http://conntrack-tools.netfilter.org/ @@ -16,6 +16,16 @@ Patch05: 0005-nfct-remove-lazy-binding.patch Patch06: 0006-conntrackd-use-strncpy-to-unix-path.patch Patch07: 0007-conntrackd-Use-strdup-in-lexer.patch Patch08: 0008-conntrackd-use-correct-max-unix-path-length.patch +Patch09: 0009-hash-Flush-tables-when-destroying.patch +Patch10: 0010-cache-Fix-features-array-allocation.patch +Patch11: 0011-Fix-potential-buffer-overrun-in-snprintf-calls.patch +Patch12: 0012-helpers-ftp-Avoid-ugly-casts.patch +Patch13: 0013-read_config_yy-Drop-extra-argument-from-dlog-call.patch +Patch14: 0014-Don-t-call-exit-from-signal-handler.patch +Patch15: 0015-Drop-pointless-assignments.patch +Patch16: 0016-connntrack-Fix-for-memleak-when-parsing-j-arg.patch +Patch17: 0017-src-fix-strncpy-Wstringop-truncation-warnings.patch +Patch18: 0018-conntrack-fix-compiler-warnings.patch BuildRequires: gcc BuildRequires: libnfnetlink-devel >= 1.0.1, libnetfilter_conntrack-devel >= 1.0.7 @@ -96,16 +106,34 @@ install -m 0644 %{SOURCE2} %{buildroot}%{_sysconfdir}/conntrackd/ %systemd_postun conntrackd.service %changelog -* Thu Sep 15 2022 Phil Sutter - 1.4.5-10.1 +* Mon Aug 15 2022 Phil Sutter - 1.4.5-15 +- conntrack: fix compiler warnings +- src: fix strncpy -Wstringop-truncation warnings +- connntrack: Fix for memleak when parsing -j arg +- Drop pointless assignments +- Don't call exit() from signal handler +- read_config_yy: Drop extra argument from dlog() call +- helpers: ftp: Avoid ugly casts +- Fix potential buffer overrun in snprintf() calls +- cache: Fix features array allocation +- hash: Flush tables when destroying + +* Mon Mar 28 2022 Phil Sutter - 1.4.5-14 - conntrackd: use correct max unix path length + +* Thu Mar 24 2022 Phil Sutter - 1.4.5-13 - conntrackd: Use strdup in lexer - conntrackd: use strncpy() to unix path +* Tue Mar 15 2022 Phil Sutter - 1.4.5-12 +- Fix source compile in tests.yml + +* Tue Mar 15 2022 Phil Sutter - 1.4.5-11 +- Enable hardened builds again. + * Tue Jan 25 2022 Phil Sutter - 1.4.5-10 - Drop lazy binding via patch from upstream - Add patches to fix for failing RPC header search -- Enable hardened builds again -- Fix source compile in tests.yml * Mon Aug 09 2021 Mohan Boddu - 1.4.5-9 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags