diff --git a/huawei-lnstat-fix-buffer-overflow-in-lnstat-command.patch b/huawei-lnstat-fix-buffer-overflow-in-lnstat-command.patch new file mode 100644 index 0000000000000000000000000000000000000000..b0f94a18eccb7a6aaeecd645c5b0efa774271a75 --- /dev/null +++ b/huawei-lnstat-fix-buffer-overflow-in-lnstat-command.patch @@ -0,0 +1,32 @@ +From d95b3d070009dc557d60ead60ab6d820fe8e7e7f Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Tue, 16 Nov 2021 14:32:46 +0800 +Subject: [PATCH] lnstat: fix buffer overflow in lnstat command + +segfults when called the following command: +[root@localhost ~]lnstat -w 1 +Segmentation fault (core dumped) + +The maximum value of th.num_lines is HDR_LINES(10), +h should not be equal to th.num_lines, array th.hdr may +be out of bounds. +--- + misc/lnstat.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/misc/lnstat.c b/misc/lnstat.c +index e3c8421..7bfb8e6 100644 +--- a/misc/lnstat.c ++++ b/misc/lnstat.c +@@ -210,7 +210,7 @@ static struct table_hdr *build_hdr_string(struct lnstat_file *lnstat_files, + ofs += width+1; + } + /* fill in spaces */ +- for (h = 1; h <= th.num_lines; h++) { ++ for (h = 1; h < th.num_lines; h++) { + for (i = 0; i < ofs; i++) { + if (th.hdr[h][i] == '\0') + th.hdr[h][i] = ' '; +-- +1.8.3.1 + diff --git a/iproute.spec b/iproute.spec index 4e9d1f61f8d63801999b7182cb09b08dc7f6af61..77d9f8d42072c253815e942cc99395c68a4473b6 100644 --- a/iproute.spec +++ b/iproute.spec @@ -1,7 +1,7 @@ #needsrootforbuild Name: iproute Version: 5.5.0 -Release: 8 +Release: 9 Summary: Linux network configuration utilities License: GPLv2+ and Public Domain URL: https://kernel.org/pub/linux/utils/net/iproute2/ @@ -17,14 +17,15 @@ Patch7: backport-ip-drop-2-char-command-assumption.patch Patch8: backport-ip-netns-fix-missing-netns-close-on-some-error-paths.patch Patch9: backport-lib-bpf_legacy-fix-missing-socket-close-when-connect.patch Patch10: backport-tc-e_bpf-fix-memory-leak-in-parse_bpf.patch +Patch11: backport-bugfix-iproute2-lib-bpf-fix-bpffs-mount-when-sys-fs-bpf-exist.patch +Patch12: backport-bugfix-iproute2-tc-f_flower-fix-port-range-parsing.patch Patch9002: feature-iproute-limit-operation-ip-netns-del.patch Patch9003: feature-iproute-add-support-for-ipvlan-l2e-mode.patch Patch9004: feature-peer_notify_delay-renamed-to-peer_notif_delay.patch Patch9005: bugfix-iproute-support-assume-default-route.patch Patch9006: bugfix-iproute2-cancel-some-test-cases.patch -Patch11: backport-bugfix-iproute2-lib-bpf-fix-bpffs-mount-when-sys-fs-bpf-exist.patch -Patch12: backport-bugfix-iproute2-tc-f_flower-fix-port-range-parsing.patch +Patch9007: huawei-lnstat-fix-buffer-overflow-in-lnstat-command.patch BuildRequires: gcc bison elfutils-libelf-devel flex iptables-devel libcap-devel BuildRequires: libdb-devel libmnl-devel libselinux-devel pkgconfig git sudo @@ -100,6 +101,12 @@ install -m 0644 lib/libnetlink.a %{buildroot}%{_libdir}/libnetlink.a %{_mandir}/* %changelog +* Thu Nov 25 2021 jiangheng - 5.5.0-9 +- Type:bugfix +- Id:NA +- SUG:NA +- DESC:fix buffer overflow in lnstat command + * Tue Nov 02 2021 jiangheng - 5.5.0-8 - Type:bugfix - Id:NA