rpms / iptables

Clone
Source Code
GIT

Blame SOURCES/libxtables-Avoid-calling-memcpy-with-NULL-source.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s c9 c9-beta
  1.   c7-beta
  2.   SOURCES
  3.   libxtables-Avoid-calling-memcpy-with-NULL-source.patch
Blob History Raw
43df5c 
From 3f4e13d60ddbb61bc3256221a98f5c5a954f6f5c Mon Sep 17 00:00:00 2001
43df5c 
From: Phil Sutter <psutter@redhat.com>
43df5c 
Date: Fri, 15 Mar 2019 17:51:28 +0100
43df5c 
Subject: [PATCH] libxtables: Avoid calling memcpy() with NULL source
43df5c
43df5c 
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1525980
43df5c 
Upstream Status: iptables commit ab639f236ff85
43df5c
43df5c 
commit ab639f236ff85d2f447cc6601c7ff42cefdaf853
43df5c 
Author: Phil Sutter <phil@nwl.cc>
43df5c 
Date:   Wed Sep 19 15:16:54 2018 +0200
43df5c
43df5c 
    libxtables: Avoid calling memcpy() with NULL source
43df5c
43df5c 
    Both affected functions check if 'oldopts' is NULL once but later seem
43df5c 
    to ignore that possibility. To catch up on that, increment the pointer
43df5c 
    only if it isn't NULL, also don't copy its content into the merged
43df5c 
    options buffer in that case.
43df5c
43df5c 
    Signed-off-by: Phil Sutter <phil@nwl.cc>
43df5c 
    Signed-off-by: Florian Westphal <fw@strlen.de>
43df5c
43df5c 
Signed-off-by: Phil Sutter <psutter@redhat.com>
43df5c 
---
43df5c 
 libxtables/xtables.c   | 12 ++++++++----
43df5c 
 libxtables/xtoptions.c | 12 ++++++++----
43df5c 
 2 files changed, 16 insertions(+), 8 deletions(-)
43df5c
43df5c 
diff --git a/libxtables/xtables.c b/libxtables/xtables.c
43df5c 
index 4a014e48a9f45..cf9a59d5ec095 100644
43df5c 
--- a/libxtables/xtables.c
43df5c 
+++ b/libxtables/xtables.c
43df5c 
@@ -119,8 +119,10 @@ struct option *xtables_merge_options(struct option *orig_opts,
43df5c 
 	 * Since @oldopts also has @orig_opts already (and does so at the
43df5c 
 	 * start), skip these entries.
43df5c 
 	 */
43df5c 
-	oldopts += num_oold;
43df5c 
-	num_old -= num_oold;
43df5c 
+	if (oldopts != NULL) {
43df5c 
+		oldopts += num_oold;
43df5c 
+		num_old -= num_oold;
43df5c 
+	}
43df5c
43df5c 
 	merge = malloc(sizeof(*mp) * (num_oold + num_old + num_new + 1));
43df5c 
 	if (merge == NULL)
43df5c 
@@ -139,8 +141,10 @@ struct option *xtables_merge_options(struct option *orig_opts,
43df5c 
 		mp->val += *option_offset;
43df5c
43df5c 
 	/* Third, the old options */
43df5c 
-	memcpy(mp, oldopts, sizeof(*mp) * num_old);
43df5c 
-	mp += num_old;
43df5c 
+	if (oldopts != NULL) {
43df5c 
+		memcpy(mp, oldopts, sizeof(*mp) * num_old);
43df5c 
+		mp += num_old;
43df5c 
+	}
43df5c 
 	xtables_free_opts(0);
43df5c
43df5c 
 	/* Clear trailing entry */
43df5c 
diff --git a/libxtables/xtoptions.c b/libxtables/xtoptions.c
43df5c 
index 1ad4cb57f5836..1d3fda73dedf7 100644
43df5c 
--- a/libxtables/xtoptions.c
43df5c 
+++ b/libxtables/xtoptions.c
43df5c 
@@ -91,8 +91,10 @@ xtables_options_xfrm(struct option *orig_opts, struct option *oldopts,
43df5c 
 	 * Since @oldopts also has @orig_opts already (and does so at the
43df5c 
 	 * start), skip these entries.
43df5c 
 	 */
43df5c 
-	oldopts += num_orig;
43df5c 
-	num_old -= num_orig;
43df5c 
+	if (oldopts != NULL) {
43df5c 
+		oldopts += num_orig;
43df5c 
+		num_old -= num_orig;
43df5c 
+	}
43df5c
43df5c 
 	merge = malloc(sizeof(*mp) * (num_orig + num_old + num_new + 1));
43df5c 
 	if (merge == NULL)
43df5c 
@@ -114,8 +116,10 @@ xtables_options_xfrm(struct option *orig_opts, struct option *oldopts,
43df5c 
 	}
43df5c
43df5c 
 	/* Third, the old options */
43df5c 
-	memcpy(mp, oldopts, sizeof(*mp) * num_old);
43df5c 
-	mp += num_old;
43df5c 
+	if (oldopts != NULL) {
43df5c 
+		memcpy(mp, oldopts, sizeof(*mp) * num_old);
43df5c 
+		mp += num_old;
43df5c 
+	}
43df5c 
 	xtables_free_opts(0);
43df5c
43df5c 
 	/* Clear trailing entry */
43df5c 
--
43df5c 
2.21.0
43df5c

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation