diff --git a/backport-libnetlink-fix-socket-leak-in-rtnl_open_byproto.patch b/backport-libnetlink-fix-socket-leak-in-rtnl_open_byproto.patch new file mode 100644 index 0000000000000000000000000000000000000000..002a09ce5f6d8ddc7740daa31d81e9f17aa12574 --- /dev/null +++ b/backport-libnetlink-fix-socket-leak-in-rtnl_open_byproto.patch @@ -0,0 +1,75 @@ +From f8beda6e00e57b8f875442351f91e5c01530ad8e Mon Sep 17 00:00:00 2001 +From: Maxim Petrov +Date: Tue, 8 Feb 2022 20:20:45 +0300 +Subject: [PATCH] libnetlink: fix socket leak in rtnl_open_byproto() + +rtnl_open_byproto() does not close the opened socket in case of +errors, and the socket is returned to the caller in the `fd` field of +the struct. However, none of the callers care about the socket, so +close it in the function immediately to avoid any potential resource +leaks. + +Signed-off-by: Maxim Petrov +Signed-off-by: Stephen Hemminger +Conflict: NA +Reference: https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit?id=f8beda6e00e +--- + lib/libnetlink.c | 15 +++++++++------ + 1 file changed, 9 insertions(+), 6 deletions(-) + +diff --git a/lib/libnetlink.c b/lib/libnetlink.c +index 7e977a67..6d1b1187 100644 +--- a/lib/libnetlink.c ++++ b/lib/libnetlink.c +@@ -210,13 +210,13 @@ int rtnl_open_byproto(struct rtnl_handle *rth, unsigned int subscriptions, + if (setsockopt(rth->fd, SOL_SOCKET, SO_SNDBUF, + &sndbuf, sizeof(sndbuf)) < 0) { + perror("SO_SNDBUF"); +- return -1; ++ goto err; + } + + if (setsockopt(rth->fd, SOL_SOCKET, SO_RCVBUF, + &rcvbuf, sizeof(rcvbuf)) < 0) { + perror("SO_RCVBUF"); +- return -1; ++ goto err; + } + + /* Older kernels may no support extended ACK reporting */ +@@ -230,25 +230,28 @@ int rtnl_open_byproto(struct rtnl_handle *rth, unsigned int subscriptions, + if (bind(rth->fd, (struct sockaddr *)&rth->local, + sizeof(rth->local)) < 0) { + perror("Cannot bind netlink socket"); +- return -1; ++ goto err; + } + addr_len = sizeof(rth->local); + if (getsockname(rth->fd, (struct sockaddr *)&rth->local, + &addr_len) < 0) { + perror("Cannot getsockname"); +- return -1; ++ goto err; + } + if (addr_len != sizeof(rth->local)) { + fprintf(stderr, "Wrong address length %d\n", addr_len); +- return -1; ++ goto err; + } + if (rth->local.nl_family != AF_NETLINK) { + fprintf(stderr, "Wrong address family %d\n", + rth->local.nl_family); +- return -1; ++ goto err; + } + rth->seq = time(NULL); + return 0; ++err: ++ rtnl_close(rth); ++ return -1; + } + + int rtnl_open(struct rtnl_handle *rth, unsigned int subscriptions) +-- +2.23.0 + diff --git a/backport-lnstat-fix-strdup-leak-in-w-argument-parsing.patch b/backport-lnstat-fix-strdup-leak-in-w-argument-parsing.patch new file mode 100644 index 0000000000000000000000000000000000000000..e0815a35fde5da33f15872bdceadfced9c5045e9 --- /dev/null +++ b/backport-lnstat-fix-strdup-leak-in-w-argument-parsing.patch @@ -0,0 +1,32 @@ +From cc143bda6bcec20d073f42162f06dde8998551d4 Mon Sep 17 00:00:00 2001 +From: Maxim Petrov +Date: Tue, 15 Feb 2022 23:53:47 +0300 +Subject: [PATCH] lnstat: fix strdup leak in -w argument parsing + +'tmp' string is used for safe tokenizing, but it is not required after +getting all the widths in -w option. As 'tmp' string is obtained by strdup +call, the caller has to deallocate it to avoid memory leak. + +Signed-off-by: Maxim Petrov +Signed-off-by: Stephen Hemminger +Conflict: NA +Reference: https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit?id=cc143bda6bc +--- + misc/lnstat.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/misc/lnstat.c b/misc/lnstat.c +index 98904d45..c3293a8e 100644 +--- a/misc/lnstat.c ++++ b/misc/lnstat.c +@@ -331,6 +331,7 @@ int main(int argc, char **argv) + for (i = 0; i < MAX_FIELDS; i++) + fp.params[i].print.width = len; + } ++ free(tmp); + break; + default: + usage(argv[0], 1); +-- +2.23.0 + diff --git a/backport-tc_util-Fix-parsing-action-control-with-space-and-sl.patch b/backport-tc_util-Fix-parsing-action-control-with-space-and-sl.patch new file mode 100644 index 0000000000000000000000000000000000000000..1a939961b2c854920f62cfba132ba63ce5730b82 --- /dev/null +++ b/backport-tc_util-Fix-parsing-action-control-with-space-and-sl.patch @@ -0,0 +1,54 @@ +From 7f70eb2a8b2c451683c801b23b25f34071a8882f Mon Sep 17 00:00:00 2001 +From: Roi Dayan +Date: Thu, 3 Feb 2022 14:20:46 +0200 +Subject: [PATCH] tc_util: Fix parsing action control with space and slash + +For action police there is an conform-exceed action control +which can be for example "jump 2 / pipe". +The current parsing loop is doing one more iteration than necessary +and results in ok var being 3. + +Example filter: + +tc filter add dev enp8s0f0_0 ingress protocol ip prio 2 flower \ + verbose action police rate 100mbit burst 12m \ + conform-exceed jump 1 / pipe mirred egress redirect dev enp8s0f0_1 action drop + +Before this change the command will fail. +Trying to add another "pipe" before mirred as a workaround for the stopping the loop +in ok var 3 resulting in result2 not being saved and wrong filter. + +... conform-exceed jump 1 / pipe pipe mirred ... + +Example dump of the action part: +... action order 1: police 0x1 rate 100Mbit burst 12Mb mtu 2Kb action jump 1 overhead 0b ... + +Fix the behavior by removing redundant case 2 handling, either argc is over or breaking. + +Example dump of the action part with the fix: +... action order 1: police 0x1 rate 100Mbit burst 12Mb mtu 2Kb action jump 1/pipe overhead 0b ... + +Signed-off-by: Roi Dayan +Reviewed-by: Maor Dickman +Signed-off-by: Stephen Hemminger +Conflict: NA +Reference: https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit?id=7f70eb2a8b2 +--- + tc/tc_util.c | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/tc/tc_util.c b/tc/tc_util.c +index 48065897..b82dbd5d 100644 +--- a/tc/tc_util.c ++++ b/tc/tc_util.c +@@ -476,7 +476,6 @@ static int parse_action_control_slash_spaces(int *argc_p, char ***argv_p, + NEXT_ARG(); + /* fall-through */ + case 0: /* fall-through */ +- case 2: + ret = parse_action_control(&argc, &argv, + result_p, allow_num); + if (ret) +-- +2.23.0 + diff --git a/iproute.spec b/iproute.spec index d17cdc1d236db9fd3b76e3dd4332732c5a358f6e..5714d19b259f83cd33408cf018d648018ec185fe 100644 --- a/iproute.spec +++ b/iproute.spec @@ -1,7 +1,7 @@ #needsrootforbuild Name: iproute Version: 5.5.0 -Release: 15 +Release: 16 Summary: Linux network configuration utilities License: GPLv2+ and Public Domain URL: https://kernel.org/pub/linux/utils/net/iproute2/ @@ -35,8 +35,11 @@ Patch6002: backport-tc-em_u32-fix-offset-parsing.patch Patch6003: backport-bridge-Fix-memory-leak-when-doing-fdb-get.patch Patch6004: backport-ip-address-Fix-memory-leak-when-specifying-device.patch Patch6005: backport-ip-neigh-Fix-memory-leak-when-doing-get.patch +Patch6006: backport-tc_util-Fix-parsing-action-control-with-space-and-sl.patch +Patch6007: backport-lnstat-fix-strdup-leak-in-w-argument-parsing.patch +Patch6008: backport-libnetlink-fix-socket-leak-in-rtnl_open_byproto.patch -BuildRequires: gcc bison elfutils-libelf-devel flex iptables-devel libcap-devel +BuildRequires: gcc bison elfutils-libelf-devel flex iptables-devel BuildRequires: libmnl-devel libselinux-devel pkgconfig git make sudo Requires: %{name}-help @@ -110,6 +113,15 @@ install -m 0644 lib/libnetlink.a %{buildroot}%{_libdir}/libnetlink.a %{_mandir}/* %changelog +* Thu Dec 14 2023 liubo - 5.5.0-16 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:libnetlink: fix socket leak in rtnl_open_byproto() + lnstat: fix strdup leak in -w argument parsing + tc_util: Fix parsing action control with space and slash + remove libcap dependency + * Sat May 27 2023 gaoxingwang - 5.5.0-15 - Type:bugfix - ID:NA