From fc0dcd5419c12191d5a88cdb06d7cc1911a82c17 Mon Sep 17 00:00:00 2001 From: sun_hai_10 Date: Thu, 25 Apr 2024 21:26:08 +0800 Subject: [PATCH] sync some pathes from upstream --- ...nt-in-nla_nest_cancel-for-robustness.patch | 38 ++ ...ts-about-addr-class-rule-neigh-qdisc.patch | 609 ++++++++++++++++++ ...er-overflow-in-rtnl_tc_calc_cell_log.patch | 46 ++ ...TMPL-when-removing-the-last-template.patch | 35 + ...-use-static-array-indices-for-buffer.patch | 39 ++ backport-fix-crashes-in-case-of-ENOMEM.patch | 234 +++++++ ...x-error-handling-in-nl_str2ip_protos.patch | 28 + ...andling-of-rtnl_flower_append_action.patch | 45 ++ ...king-usertemplate-in-xfrmnl_sp_parse.patch | 60 ++ ...ce-counters-of-sa-selector-addresses.patch | 67 ++ ...d-overflow-warning-in-nl_object_diff.patch | 30 + ...negative-and-zero-size-in-nla_memcpy.patch | 44 ++ ...read-safe-gmtime_r-instead-of-gmtime.patch | 107 +++ ...verity-warning-about-time_t-handling.patch | 86 +++ libnl3.spec | 23 +- 15 files changed, 1490 insertions(+), 1 deletion(-) create mode 100644 backport-accept-NULL-argument-in-nla_nest_cancel-for-robustness.patch create mode 100644 backport-add-some-tests-about-addr-class-rule-neigh-qdisc.patch create mode 100644 backport-avoid-integer-overflow-in-rtnl_tc_calc_cell_log.patch create mode 100644 backport-clear-XFRM_SP_ATTR_TMPL-when-removing-the-last-template.patch create mode 100644 backport-do-not-use-static-array-indices-for-buffer.patch create mode 100644 backport-fix-crashes-in-case-of-ENOMEM.patch create mode 100644 backport-fix-error-handling-in-nl_str2ip_protos.patch create mode 100644 backport-fix-leak-in-error-handling-of-rtnl_flower_append_action.patch create mode 100644 backport-fix-leaking-usertemplate-in-xfrmnl_sp_parse.patch create mode 100644 backport-fix-reference-counters-of-sa-selector-addresses.patch create mode 100644 backport-fix-signed-overflow-warning-in-nl_object_diff.patch create mode 100644 backport-handle-negative-and-zero-size-in-nla_memcpy.patch create mode 100644 backport-use-thread-safe-gmtime_r-instead-of-gmtime.patch create mode 100644 backport-workaround-coverity-warning-about-time_t-handling.patch diff --git a/backport-accept-NULL-argument-in-nla_nest_cancel-for-robustness.patch b/backport-accept-NULL-argument-in-nla_nest_cancel-for-robustness.patch new file mode 100644 index 0000000..d6cf86f --- /dev/null +++ b/backport-accept-NULL-argument-in-nla_nest_cancel-for-robustness.patch @@ -0,0 +1,38 @@ +From 6af26981e727149e2e3fdfac85e2ef86b3828b11 Mon Sep 17 00:00:00 2001 +From: Thomas Haller +Date: Wed, 26 Jul 2023 16:17:18 +0200 +Subject: [PATCH] lib: accept NULL argument in nla_nest_cancel() for robustness + +Previously, a NULL argument would most likely also do thing, but it also +hits undefined behavior. + +Conflict:NA +Reference:https://github.com/thom311/libnl/commit/6af26981e727149e2e3fdfac85e2ef86b3828b11 + +--- + lib/attr.c | 9 +++++++++ + 1 file changed, 9 insertions(+) + +diff --git a/lib/attr.c b/lib/attr.c +index a4f5852..2b2d538 100644 +--- a/lib/attr.c ++++ b/lib/attr.c +@@ -996,6 +996,15 @@ void nla_nest_cancel(struct nl_msg *msg, const struct nlattr *attr) + { + ssize_t len; + ++ if (!attr) { ++ /* For robustness, allow a NULL attr to do nothing. NULL is also ++ * what nla_nest_start() when out of buffer space. ++ * ++ * Warning, before libnl-3.8, the function did not accept NULL! ++ * If you care, catch NULL yourself. */ ++ return; ++ } ++ + len = (char *) nlmsg_tail(msg->nm_nlh) - (char *) attr; + if (len < 0) + BUG(); +-- +2.33.0 + diff --git a/backport-add-some-tests-about-addr-class-rule-neigh-qdisc.patch b/backport-add-some-tests-about-addr-class-rule-neigh-qdisc.patch new file mode 100644 index 0000000..1f30dbc --- /dev/null +++ b/backport-add-some-tests-about-addr-class-rule-neigh-qdisc.patch @@ -0,0 +1,609 @@ +From 6b39fd0906c4f572b39c538b60790bd6ffe94341 Mon Sep 17 00:00:00 2001 +From: chengyechun +Date: Tue, 21 Nov 2023 10:11:00 +0800 +Subject: [PATCH] backport-add-some-tests-about-addr-class-rule-neigh-qdisc + +Conflict:NA +Reference:https://gitee.com/src-openeuler/libnl3/commit/cbf611d151d1ceb63331041e35a5a54184a51eaf/https://gitee.com/src-openeuler/libnl3/commit/501d5c2bec60070e78024bb98917970d207de06b + +--- + tests/params.h | 5 ++ + tests/test-add-delete-addr.c | 39 +++++++++ + tests/test-add-delete-class.c | 142 +++++++++++++++++++++++++++++++ + tests/test-add-delete-neigh.c | 41 +++++++++ + tests/test-add-delete-qdisc.c | 156 ++++++++++++++++++++++++++++++++++ + tests/test-add-delete-route.c | 43 ++++++++++ + tests/test-genl-connect.c | 37 ++++++++ + tests/test-link.c | 68 +++++++++++++++ + 8 files changed, 531 insertions(+) + create mode 100644 tests/params.h + create mode 100644 tests/test-add-delete-addr.c + create mode 100644 tests/test-add-delete-class.c + create mode 100644 tests/test-add-delete-neigh.c + create mode 100644 tests/test-add-delete-qdisc.c + create mode 100644 tests/test-add-delete-route.c + create mode 100644 tests/test-genl-connect.c + create mode 100644 tests/test-link.c + +diff --git a/tests/params.h b/tests/params.h +new file mode 100644 +index 0000000..e3cab17 +--- /dev/null ++++ b/tests/params.h +@@ -0,0 +1,5 @@ ++#define DST_ADDR "addr" ++#define IP "ip" ++#define NEXTHOP "dev=1,via=2" ++#define DEV_NAME "dev_name" ++ +diff --git a/tests/test-add-delete-addr.c b/tests/test-add-delete-addr.c +new file mode 100644 +index 0000000..3fc4c5c +--- /dev/null ++++ b/tests/test-add-delete-addr.c +@@ -0,0 +1,39 @@ ++#include ++#include ++#include ++#include ++#include ++#include ++ ++ ++int main(int argc, char *argv[]) ++{ ++ struct nl_sock *sock; ++ struct rtnl_addr *addr; ++ struct nl_cache *link_cache; ++ int err = 0, nlflags = NLM_F_CREATE; ++ ++ sock = nl_cli_alloc_socket(); ++ nl_cli_connect(sock, NETLINK_ROUTE); ++ link_cache = nl_cli_link_alloc_cache(sock); ++ addr = nl_cli_addr_alloc(); ++ ++ nl_cli_addr_parse_local(addr, IP); ++ nl_cli_addr_parse_dev(addr, link_cache, DEV_NAME); ++ ++ if ((err = rtnl_addr_add(sock, addr, nlflags)) < 0) { ++ printf("Unable to add route: %s", nl_geterror(err)); ++ goto END; ++ } ++ ++ if ((err = rtnl_addr_delete(sock, addr, nlflags)) < 0) { ++ printf("Unable to add route: %s", nl_geterror(err)); ++ goto END; ++ } ++ ++END: ++ rtnl_addr_put(addr); ++ nl_cache_put(link_cache); ++ nl_socket_free(sock); ++ return err; ++} +diff --git a/tests/test-add-delete-class.c b/tests/test-add-delete-class.c +new file mode 100644 +index 0000000..6ee0e16 +--- /dev/null ++++ b/tests/test-add-delete-class.c +@@ -0,0 +1,142 @@ ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++ ++static int default_yes = 0, deleted = 0, interactive = 0; ++static struct nl_sock *sk; ++ ++static int test_add_class() ++{ ++ struct rtnl_class *class; ++ struct rtnl_tc *tc; ++ struct nl_cache *link_cache; ++ struct nl_cli_tc_module *tm; ++ struct rtnl_tc_ops *ops; ++ int err = 0, flags = NLM_F_CREATE | NLM_F_EXCL; ++ char kind[] = "htb"; ++ char *rate[] = {DEV_NAME, "root", "htb", "--rate=100mbit"}; ++ ++ sk = nl_cli_alloc_socket(); ++ nl_cli_connect(sk, NETLINK_ROUTE); ++ link_cache = nl_cli_link_alloc_cache(sk); ++ class = nl_cli_class_alloc(); ++ tc = (struct rtnl_tc *) class; ++ ++ nl_cli_tc_parse_dev(tc, link_cache, DEV_NAME); ++ nl_cli_tc_parse_parent(tc, "root"); ++ if (!rtnl_tc_get_ifindex(tc)) { ++ printf("You must specify a network device (--dev=XXX)\n"); ++ err = -1; ++ goto END; ++ } ++ if (!rtnl_tc_get_parent(tc)) { ++ printf("You must specify a parent (--parent=XXX)\n"); ++ err = -1; ++ goto END; ++ } ++ ++ rtnl_tc_set_kind(tc, kind); ++ if (!(ops = rtnl_tc_get_ops(tc))) { ++ printf("Unknown class \"%s\"\n", kind); ++ err = -1; ++ goto END; ++ } ++ if (!(tm = nl_cli_tc_lookup(ops))) { ++ printf("class type \"%s\" not supported.\n", kind); ++ err = -1; ++ goto END; ++ } ++ tm->tm_parse_argv(tc, 4, rate); ++ ++ if ((err = rtnl_class_add(sk, class, flags)) < 0) { ++ printf("Unable to add class: %s\n", nl_geterror(err)); ++ goto END; ++ } ++ ++END: ++ nl_cache_mngt_unprovide(link_cache); ++ nl_cache_put(link_cache); ++ rtnl_class_put(class); ++ nl_socket_free(sk); ++ return err; ++} ++ ++ ++static void delete_cb(struct nl_object *obj, void *arg) ++{ ++ struct rtnl_class *class = nl_object_priv(obj); ++ struct nl_dump_params params = { ++ .dp_type = NL_DUMP_LINE, ++ .dp_fd = stdout, ++ }; ++ int err; ++ ++ if (interactive && !nl_cli_confirm(obj, ¶ms, default_yes)) ++ return; ++ ++ if ((err = rtnl_class_delete(sk, class)) < 0) ++ nl_cli_fatal(err, "Unable to delete class: %s\n", nl_geterror(err)); ++ ++ deleted++; ++} ++ ++static int test_delete_class() ++{ ++ struct rtnl_class *class; ++ struct rtnl_tc *tc; ++ struct nl_cache *link_cache, *class_cache; ++ struct nl_cli_tc_module *tm; ++ struct rtnl_tc_ops *ops; ++ char kind[] = "htb"; ++ int err = 0; ++ ++ sk = nl_cli_alloc_socket(); ++ nl_cli_connect(sk, NETLINK_ROUTE); ++ link_cache = nl_cli_link_alloc_cache(sk); ++ class = nl_cli_class_alloc(); ++ tc = (struct rtnl_tc *) class; ++ ++ nl_cli_tc_parse_dev(tc, link_cache, DEV_NAME); ++ nl_cli_tc_parse_parent(tc, "root"); ++ if (!rtnl_tc_get_ifindex(tc)) { ++ printf("You must specify a network device (--dev=XXX)\n"); ++ err = -1; ++ goto END; ++ } ++ if (!rtnl_tc_get_parent(tc)) { ++ printf("You must specify a parent (--parent=XXX)\n"); ++ err = -1; ++ goto END; ++ } ++ rtnl_tc_set_kind(tc, kind); ++ if (!(ops = rtnl_tc_get_ops(tc))) { ++ printf("Unknown class \"%s\"\n", kind); ++ err = -1; ++ goto END; ++ } ++ class_cache = nl_cli_class_alloc_cache(sk, rtnl_tc_get_ifindex(tc)); ++ nl_cache_foreach_filter(class_cache, OBJ_CAST(class), delete_cb, NULL); ++ ++END: ++ nl_cache_put(link_cache); ++ nl_socket_free(sk); ++ rtnl_class_put(class); ++ return err; ++} ++ ++int main(int argc, char *argv[]) ++{ ++ int err = 0; ++ if ((err = test_add_class()) < 0) { ++ printf("Unable to add class\n"); ++ } ++ if ((err = test_delete_class()) < 0) { ++ printf("Unable to delete class"); ++ } ++ return err; ++} +diff --git a/tests/test-add-delete-neigh.c b/tests/test-add-delete-neigh.c +new file mode 100644 +index 0000000..e4bc63a +--- /dev/null ++++ b/tests/test-add-delete-neigh.c +@@ -0,0 +1,41 @@ ++#include ++#include ++#include ++#include ++#include ++#include ++ ++ ++int main(int argc, char *argv[]) ++{ ++ struct nl_sock *sk; ++ struct rtnl_neigh *neigh; ++ struct nl_cache *link_cache; ++ int err = 0, ok = 0, nlflags = NLM_F_REPLACE | NLM_F_CREATE; ++ char lladdr[] = "AA:BB:CC:DD:EE:FF"; ++ ++ sk = nl_cli_alloc_socket(); ++ nl_cli_connect(sk, NETLINK_ROUTE); ++ link_cache = nl_cli_link_alloc_cache(sk); ++ neigh = nl_cli_neigh_alloc(); ++ ++ nl_cli_neigh_parse_dst(neigh, DST_ADDR); ++ nl_cli_neigh_parse_lladdr(neigh, lladdr); ++ nl_cli_neigh_parse_dev(neigh, link_cache, DEV_NAME); ++ ++ if ((err = rtnl_neigh_add(sk, neigh, nlflags)) < 0){ ++ printf("Unable to add neighbour: %s\n",nl_geterror(err)); ++ goto END; ++ } ++ ++ if ((err = rtnl_neigh_delete(sk, neigh, nlflags)) < 0){ ++ printf("Unable to add neighbour: %s\n",nl_geterror(err)); ++ goto END; ++ } ++ ++END: ++ nl_socket_free(sk); ++ nl_cache_put(link_cache); ++ rtnl_neigh_put(neigh); ++ return err; ++} +diff --git a/tests/test-add-delete-qdisc.c b/tests/test-add-delete-qdisc.c +new file mode 100644 +index 0000000..29502db +--- /dev/null ++++ b/tests/test-add-delete-qdisc.c +@@ -0,0 +1,156 @@ ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++ ++ ++static int default_yes = 0, deleted = 0, interactive = 0; ++static struct nl_sock *sk; ++ ++static void delete_cb(struct nl_object *obj, void *arg) ++{ ++ struct rtnl_qdisc *qdisc = nl_object_priv(obj); ++ struct nl_dump_params params = { ++ .dp_type = NL_DUMP_LINE, ++ .dp_fd = stdout, ++ }; ++ int err; ++ ++ /* Ignore default qdiscs, unable to delete */ ++ if (rtnl_tc_get_handle((struct rtnl_tc *) qdisc) == 0) ++ return; ++ ++ if (interactive && !nl_cli_confirm(obj, ¶ms, default_yes)) ++ return; ++ ++ if ((err = rtnl_qdisc_delete(sk, qdisc)) < 0) { ++ nl_cli_fatal(err, "Unable to delete qdisc: %s\n", nl_geterror(err)); ++ } ++ deleted++; ++} ++ ++static int test_delete_qdisc() ++{ ++ struct rtnl_qdisc *qdisc; ++ struct rtnl_tc *tc; ++ struct nl_cache *link_cache, *qdisc_cache; ++ struct nl_cli_tc_module *tm; ++ struct rtnl_tc_ops *ops; ++ char kind[] = "htb"; ++ int err = 0; ++ ++ sk = nl_cli_alloc_socket(); ++ nl_cli_connect(sk, NETLINK_ROUTE); ++ link_cache = nl_cli_link_alloc_cache(sk); ++ qdisc_cache = nl_cli_qdisc_alloc_cache(sk); ++ qdisc = nl_cli_qdisc_alloc(); ++ tc = (struct rtnl_tc *) qdisc; ++ nl_cli_tc_parse_dev(tc, link_cache, DEV_NAME); ++ nl_cli_tc_parse_parent(tc, "root"); ++ ++ if (!rtnl_tc_get_ifindex(tc)) { ++ printf("You must specify a network device (--dev=XXX)"); ++ goto END; ++ } ++ ++ if (!rtnl_tc_get_parent(tc)) { ++ printf("You must specify a parent"); ++ goto END; ++ } ++ ++ rtnl_tc_set_kind(tc, kind); ++ if (!(ops = rtnl_tc_get_ops(tc))) { ++ printf("Unknown qdisc \"%s\"", kind); ++ goto END; ++ } ++ ++ if (!(tm = nl_cli_tc_lookup(ops))) { ++ nl_cli_fatal(ENOTSUP, "Qdisc type \"%s\" not supported.", kind); ++ goto END; ++ } ++ ++ ++ nl_cache_foreach_filter(qdisc_cache, OBJ_CAST(qdisc), delete_cb, NULL); ++ ++END: ++ nl_cache_put(link_cache); ++ nl_cache_put(qdisc_cache); ++ rtnl_qdisc_put(qdisc); ++ nl_socket_free(sk); ++ return err; ++} ++ ++static int test_add_qdisc() ++{ ++ struct rtnl_qdisc *qdisc; ++ struct rtnl_tc *tc; ++ struct nl_cache *link_cache; ++ struct nl_cli_tc_module *tm; ++ struct rtnl_tc_ops *ops; ++ char kind[] = "htb"; ++ int err = 0, flags = NLM_F_CREATE | NLM_F_EXCL; ++ ++ if (!(sk = nl_socket_alloc())){ ++ printf("Unable to allocate netlink socket\n"); ++ return -1; ++ } ++ if ((err = nl_connect(sk, NETLINK_ROUTE)) < 0) { ++ printf("Unable to connect netlink socket: %s\n", nl_geterror(err)); ++ nl_socket_free(sk); ++ return -1; ++ } ++ link_cache = nl_cli_link_alloc_cache(sk); ++ qdisc = nl_cli_qdisc_alloc(); ++ tc = (struct rtnl_tc *) qdisc; ++ ++ nl_cli_tc_parse_dev(tc, link_cache, DEV_NAME); ++ nl_cli_tc_parse_parent(tc, "root"); ++ ++ if (!rtnl_tc_get_ifindex(tc)){ ++ printf("You must specify a network device (--dev=XXX)\n"); ++ goto END; ++ } ++ ++ if (!rtnl_tc_get_parent(tc)){ ++ printf("You must specify a parent\n"); ++ goto END; ++ } ++ ++ rtnl_tc_set_kind(tc, kind); ++ if (!(ops = rtnl_tc_get_ops(tc))){ ++ printf("Unknown qdisc \"%s\"\n", kind); ++ goto END; ++ } ++ if (!(tm = nl_cli_tc_lookup(ops))){ ++ nl_cli_fatal(ENOTSUP, "Qdisc type \"%s\" not supported.\n", kind); ++ goto END; ++ } ++ ++ if ((err = rtnl_qdisc_add(sk, qdisc, flags)) < 0){ ++ printf("Unable to add qdisc: %s\n", nl_geterror(err)); ++ goto END; ++ } ++ ++END: ++ nl_cache_mngt_unprovide(link_cache); ++ nl_cache_put(link_cache); ++ rtnl_qdisc_put(qdisc); ++ nl_socket_free(sk); ++ return err; ++} ++ ++int main(int args, char *argv[]) ++{ ++ int err = 0; ++ if ((err = test_add_qdisc()) < 0) { ++ printf("Unable to add qdisc:%s", nl_geterror(err)); ++ } ++ if ((err = test_delete_qdisc()) < 0) { ++ printf("Unable to delete qdisc:%s", nl_geterror(err)); ++ } ++ return err; ++} +diff --git a/tests/test-add-delete-route.c b/tests/test-add-delete-route.c +new file mode 100644 +index 0000000..756fb46 +--- /dev/null ++++ b/tests/test-add-delete-route.c +@@ -0,0 +1,43 @@ ++#include ++#include ++#include ++#include ++#include ++#include ++ ++ ++int main(int argc, char argv[]) ++{ ++ struct nl_sock *sk; ++ struct rtnl_route *route; ++ struct nl_cache *link_cache, *route_cache; ++ char dst_addr[] = DST_ADDR; ++ char nexthop[] = NEXTHOP; ++ int err = 0; ++ ++ sk = nl_cli_alloc_socket(); ++ nl_cli_connect(sk, NETLINK_ROUTE); ++ link_cache = nl_cli_link_alloc_cache(sk); ++ route_cache = nl_cli_route_alloc_cache(sk, 0); ++ route = nl_cli_route_alloc(); ++ ++ nl_cli_route_parse_dst(route, dst_addr); ++ nl_cli_route_parse_nexthop(route, nexthop, link_cache); ++ ++ if ((err = rtnl_route_add(sk, route, NLM_F_EXCL)) < 0) { ++ printf("Unable to add route: %s", nl_geterror(err)); ++ goto END; ++ } ++ ++ if ((err = rtnl_route_delete(sk, route, NLM_F_EXCL)) < 0) { ++ printf("Unable to delete route: %s", nl_geterror(err)); ++ goto END; ++ } ++ ++END: ++ rtnl_route_put(route); ++ nl_cache_put(link_cache); ++ nl_cache_put(route_cache); ++ nl_socket_free(sk); ++ return err; ++} +diff --git a/tests/test-genl-connect.c b/tests/test-genl-connect.c +new file mode 100644 +index 0000000..9522e1f +--- /dev/null ++++ b/tests/test-genl-connect.c +@@ -0,0 +1,37 @@ ++#include ++#include ++#include ++#include ++ ++ ++int main(int argc, char *argv[]) ++{ ++ struct nl_sock *sk; ++ struct nl_cache *family_cache; ++ struct nl_dump_params params = { ++ .dp_type = NL_DUMP_LINE, ++ .dp_fd = stdout, ++ }; ++ int err = 0; ++ ++ sk = nl_socket_alloc(); ++ if ((err = genl_connect(sk)) < 0) { ++ printf("Unable create socket: %s\n", nl_geterror(err)); ++ goto END; ++ } ++ nl_socket_enable_auto_ack(sk); ++ ++ if (nl_socket_get_fd(sk) < 0) { ++ printf("vaild socket\n"); ++ err = -1; ++ goto END; ++ } ++ nl_socket_set_buffer_size(sk, 32655, 32655); ++ family_cache = nl_cli_alloc_cache(sk, "generic netlink family", genl_ctrl_alloc_cache); ++ nl_cache_dump(family_cache, ¶ms); ++ ++END: ++ nl_socket_free(sk); ++ nl_cache_put(family_cache); ++ return err; ++} +diff --git a/tests/test-link.c b/tests/test-link.c +new file mode 100644 +index 0000000..e5c415e +--- /dev/null ++++ b/tests/test-link.c +@@ -0,0 +1,68 @@ ++#include ++#include ++#include ++#include ++#include ++#include ++ ++ ++static int self_def_cb = NL_CB_DEBUG; ++ ++ ++int main(int argc, char *argv[]) ++{ ++ struct nl_sock *sk; ++ struct nl_cache *link_cache; ++ struct rtnl_link *link; ++ struct nl_addr *addr; ++ struct nl_cb *cb; ++ int err = 0, ifindex, pid; ++ char *buf; ++ ++ cb = nl_cb_alloc(self_def_cb); ++ pid = getpid(); ++ ++ if (!(sk = nl_socket_alloc_cb(cb))) { ++ nl_cli_fatal(ENOBUFS, "Unable to allocate netlink socket\n"); ++ } ++ nl_cli_connect(sk, NETLINK_ROUTE); ++ nl_socket_disable_seq_check(sk); ++ nl_socket_disable_auto_ack(sk); ++ nl_socket_set_local_port(sk, pid); ++ nl_join_groups(sk, pid); ++ nl_socket_drop_membership(sk, pid); ++ nl_socket_set_peer_port(sk, 0); ++ ++ link_cache = nl_cli_link_alloc_cache(sk); ++ link = nl_cli_link_alloc(); ++ ++ if (err = nl_socket_get_peer_port(sk)){ ++ printf("peer_port %d\n", err); ++ goto END; ++ } ++ if (err = nl_socket_use_seq(sk)) ++ printf("sk->s_seq_next %d\n", err); ++ ++ if ((ifindex = rtnl_link_get_ifindex(link)) == 0){ ++ printf("ifindex is not set, %d\n", ifindex); ++ rtnl_link_set_ifindex(link, 1); ++ }; ++ ++ if (rtnl_link_get(link_cache, 1)){ ++ printf("now link is cached\n"); ++ }else{ ++ nl_cache_add(link_cache, (struct nl_object *)link); ++ }; ++ ++ if ((err = rtnl_link_add(sk, link, AF_INET)) < 0){ ++ printf("Unable to add link %s\n", nl_geterror(err)); ++ goto END; ++ } ++ ++END: ++ nl_cb_put(cb); ++ nl_socket_free(sk); ++ nl_cache_put(link_cache); ++ rtnl_link_put(link); ++ return err; ++} +-- +2.33.0 + diff --git a/backport-avoid-integer-overflow-in-rtnl_tc_calc_cell_log.patch b/backport-avoid-integer-overflow-in-rtnl_tc_calc_cell_log.patch new file mode 100644 index 0000000..47b62cc --- /dev/null +++ b/backport-avoid-integer-overflow-in-rtnl_tc_calc_cell_log.patch @@ -0,0 +1,46 @@ +From acd05d6e8066f775474cbcf00b85b4743efe896e Mon Sep 17 00:00:00 2001 +From: Thomas Haller +Date: Mon, 4 Dec 2023 12:13:40 +0100 +Subject: [PATCH] route/tc: avoid integer overflow in rtnl_tc_calc_cell_log() + +Coverity doesn't like this. Workaround. + + Error: CPPCHECK_WARNING (CWE-190): [#def97] + libnl-3.8.0/lib/route/tc.c:681: error[integerOverflow]: Signed integer overflow for expression '1< if ((1 << i) == cell_size) + # 682| return i; + # 683| + +Conflict:NA +Reference:https://github.com/thom311/libnl/commit/acd05d6e8066f775474cbcf00b85b4743efe896e + +--- + lib/route/tc.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/lib/route/tc.c b/lib/route/tc.c +index a06a478..764b7f7 100644 +--- a/lib/route/tc.c ++++ b/lib/route/tc.c +@@ -666,14 +666,14 @@ int rtnl_tc_calc_bufsize(int txtime, int rate) + /** + * Calculate the binary logarithm for a specific cell size + * @arg cell_size Size of cell, must be a power of two. +- * @return Binary logirhtm of cell size or a negative error code. ++ * @return Binary logarithm of cell size or a negative error code. + */ + int rtnl_tc_calc_cell_log(int cell_size) + { + int i; + + for (i = 0; i < 32; i++) +- if ((1 << i) == cell_size) ++ if ((((uint32_t)1u) << i) == cell_size) + return i; + + return -NLE_INVAL; +-- +2.33.0 + diff --git a/backport-clear-XFRM_SP_ATTR_TMPL-when-removing-the-last-template.patch b/backport-clear-XFRM_SP_ATTR_TMPL-when-removing-the-last-template.patch new file mode 100644 index 0000000..47c9e0f --- /dev/null +++ b/backport-clear-XFRM_SP_ATTR_TMPL-when-removing-the-last-template.patch @@ -0,0 +1,35 @@ +From 664f8f1bea7f3c46bdfcd637e694e2c3c627fa7b Mon Sep 17 00:00:00 2001 +From: Thomas Egerer +Date: Tue, 17 Oct 2023 11:10:26 +0000 +Subject: [PATCH] xfrm: clear XFRM_SP_ATTR_TMPL when removing the last template + from a policy + +Leaving XFRM_SP_ATTR_TMPL active in the mask may not impose a problem +but, when removing the last template from a policy, the value signifying +attached templates should be cleared. + +Signed-off-by: Thomas Egerer + +Conflict:NA +Reference:https://github.com/thom311/libnl/commit/664f8f1bea7f3c46bdfcd637e694e2c3c627fa7b + +--- + lib/xfrm/sp.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/lib/xfrm/sp.c b/lib/xfrm/sp.c +index 30f9182..ab7cf89 100644 +--- a/lib/xfrm/sp.c ++++ b/lib/xfrm/sp.c +@@ -1317,6 +1317,8 @@ void xfrmnl_sp_remove_usertemplate(struct xfrmnl_sp *sp, struct xfrmnl_user_tmpl + if (sp->ce_mask & XFRM_SP_ATTR_TMPL) { + sp->nr_user_tmpl--; + nl_list_del(&utmpl->utmpl_list); ++ if (sp->nr_user_tmpl == 0) ++ sp->ce_mask &= ~XFRM_SP_ATTR_TMPL; + } + } + +-- +2.33.0 + diff --git a/backport-do-not-use-static-array-indices-for-buffer.patch b/backport-do-not-use-static-array-indices-for-buffer.patch new file mode 100644 index 0000000..28d2b13 --- /dev/null +++ b/backport-do-not-use-static-array-indices-for-buffer.patch @@ -0,0 +1,39 @@ +From 65ab16f23b553ba09b168a961a0b77de341f470d Mon Sep 17 00:00:00 2001 +From: Thomas Haller +Date: Fri, 1 Dec 2023 17:11:07 +0100 +Subject: [PATCH] base: don't use static array indices for buffer argument of _nl_inet_ntop() + +Seems the static array indices can confuse coverity. I think coverity is wrong +here, regardless, change it. + + libnl-3.8.0/include/base/nl-base-utils.h:683: overrun-buffer-arg: Overrunning buffer pointed to by "buf" of 16 bytes by passing it to a function which accesses it at byte offset 45 using argument "(addr_family == 2) ? 16 : 46" (which evaluates to 46). + # 681| * and a suitably large buffer, it cannot. Assert for that. */ + # 682| + # 683|-> r = (char *)inet_ntop(addr_family, addr, buf, + # 684| (addr_family == AF_INET) ? INET_ADDRSTRLEN : + # 685| INET6_ADDRSTRLEN); +--- + +Conflict:Before libnl3.8 is reconstructed, the _nl_inet_ntop function is in utils.h. Therefore, the incorporated patch is different from the 65ab16f modification file. +Reference:https://github.com/thom311/libnl/commit/65ab16f23b553ba09b168a961a0b77de341f470d + + include/netlink-private/utils.h | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/include/netlink-private/utils.h b/include/netlink-private/utils.h +index 93a04c9..5540144 100644 +--- a/include/netlink-private/utils.h ++++ b/include/netlink-private/utils.h +@@ -361,8 +361,7 @@ typedef union { + struct in6_addr a6; + } _NLIPAddr; + +-static inline char *_nl_inet_ntop(int addr_family, const void *addr, +- char buf[static INET_ADDRSTRLEN]) ++static inline char *_nl_inet_ntop(int addr_family, const void *addr, char *buf) + { + char *r; + +-- +2.33.0 + diff --git a/backport-fix-crashes-in-case-of-ENOMEM.patch b/backport-fix-crashes-in-case-of-ENOMEM.patch new file mode 100644 index 0000000..096e407 --- /dev/null +++ b/backport-fix-crashes-in-case-of-ENOMEM.patch @@ -0,0 +1,234 @@ +From 49c20efaa783449dca424cc50e4ee4b2fc5351cc Mon Sep 17 00:00:00 2001 +From: Thomas Haller +Date: Mon, 27 Nov 2023 21:15:06 +0100 +Subject: [PATCH] xfrm: fix crashes in case of ENOMEM + +Conflict:The pre-optimization patch 9e7b5c8 is not integrated. As a result, context adaptation occurs. +Reference:https://github.com/thom311/libnl/commit/49c20efaa783449dca424cc50e4ee4b2fc5351cc + +--- + lib/xfrm/ae.c | 11 +++++++-- + lib/xfrm/sa.c | 64 ++++++++++++++++++++++++++++++++++++++++----------- + lib/xfrm/sp.c | 40 +++++++++++++++++++++++++------- + 3 files changed, 91 insertions(+), 24 deletions(-) + +diff --git a/lib/xfrm/ae.c b/lib/xfrm/ae.c +index 69c8e7e..44c43ed 100644 +--- a/lib/xfrm/ae.c ++++ b/lib/xfrm/ae.c +@@ -506,11 +506,18 @@ int xfrmnl_ae_parse(struct nlmsghdr *n, struct xfrmnl_ae **result) + if (err < 0) + goto errout; + +- ae->sa_id.daddr = nl_addr_build(ae_id->sa_id.family, &ae_id->sa_id.daddr, sizeof (ae_id->sa_id.daddr)); ++ if (!(ae->sa_id.daddr = nl_addr_build(ae_id->sa_id.family, &ae_id->sa_id.daddr, ++ sizeof (ae_id->sa_id.daddr)))) { ++ err = -NLE_NOMEM; ++ goto errout; ++ } + ae->sa_id.family= ae_id->sa_id.family; + ae->sa_id.spi = ntohl(ae_id->sa_id.spi); + ae->sa_id.proto = ae_id->sa_id.proto; +- ae->saddr = nl_addr_build(ae_id->sa_id.family, &ae_id->saddr, sizeof (ae_id->saddr)); ++ if (!(ae->saddr = nl_addr_build(ae_id->sa_id.family, &ae_id->saddr, sizeof (ae_id->saddr)))) { ++ err = -NLE_NOMEM; ++ goto errout; ++ } + ae->reqid = ae_id->reqid; + ae->flags = ae_id->flags; + ae->ce_mask |= (XFRM_AE_ATTR_DADDR | XFRM_AE_ATTR_FAMILY | XFRM_AE_ATTR_SPI | +diff --git a/lib/xfrm/sa.c b/lib/xfrm/sa.c +index 90b6335..ea0d333 100644 +--- a/lib/xfrm/sa.c ++++ b/lib/xfrm/sa.c +@@ -718,9 +718,15 @@ int xfrmnl_sa_parse(struct nlmsghdr *n, struct xfrmnl_sa **result) + goto errout; + + if (sa_info->sel.family == AF_INET) +- addr = nl_addr_build (sa_info->sel.family, &sa_info->sel.daddr.a4, sizeof (sa_info->sel.daddr.a4)); ++ if (!(addr = nl_addr_build (sa_info->sel.family, &sa_info->sel.daddr.a4, sizeof (sa_info->sel.daddr.a4)))) { ++ err = -NLE_NOMEM; ++ goto errout; ++ } + else +- addr = nl_addr_build (sa_info->sel.family, &sa_info->sel.daddr.a6, sizeof (sa_info->sel.daddr.a6)); ++ if (!(addr = nl_addr_build (sa_info->sel.family, &sa_info->sel.daddr.a6, sizeof (sa_info->sel.daddr.a6)))) { ++ err = -NLE_NOMEM; ++ goto errout; ++ } + nl_addr_set_prefixlen (addr, sa_info->sel.prefixlen_d); + xfrmnl_sel_set_daddr (sa->sel, addr); + /* Drop the reference count from the above set operation */ +@@ -728,9 +734,15 @@ int xfrmnl_sa_parse(struct nlmsghdr *n, struct xfrmnl_sa **result) + xfrmnl_sel_set_prefixlen_d (sa->sel, sa_info->sel.prefixlen_d); + + if (sa_info->sel.family == AF_INET) +- addr = nl_addr_build (sa_info->sel.family, &sa_info->sel.saddr.a4, sizeof (sa_info->sel.saddr.a4)); ++ if (!(addr = nl_addr_build (sa_info->sel.family, &sa_info->sel.saddr.a4, sizeof (sa_info->sel.saddr.a4)))) { ++ err = -NLE_NOMEM; ++ goto errout; ++ } + else +- addr = nl_addr_build (sa_info->sel.family, &sa_info->sel.saddr.a6, sizeof (sa_info->sel.saddr.a6)); ++ if (!(addr = nl_addr_build (sa_info->sel.family, &sa_info->sel.saddr.a6, sizeof (sa_info->sel.saddr.a6)))) { ++ err = -NLE_NOMEM; ++ goto errout; ++ } + nl_addr_set_prefixlen (addr, sa_info->sel.prefixlen_s); + xfrmnl_sel_set_saddr (sa->sel, addr); + /* Drop the reference count from the above set operation */ +@@ -748,17 +760,29 @@ int xfrmnl_sa_parse(struct nlmsghdr *n, struct xfrmnl_sa **result) + sa->ce_mask |= XFRM_SA_ATTR_SEL; + + if (sa_info->family == AF_INET) +- sa->id.daddr = nl_addr_build (sa_info->family, &sa_info->id.daddr.a4, sizeof (sa_info->id.daddr.a4)); ++ if (!(sa->id.daddr = nl_addr_build (sa_info->family, &sa_info->id.daddr.a4, sizeof (sa_info->id.daddr.a4)))) { ++ err = -NLE_NOMEM; ++ goto errout; ++ } + else +- sa->id.daddr = nl_addr_build (sa_info->family, &sa_info->id.daddr.a6, sizeof (sa_info->id.daddr.a6)); ++ if (!(sa->id.daddr = nl_addr_build (sa_info->family, &sa_info->id.daddr.a6, sizeof (sa_info->id.daddr.a6)))) { ++ err = -NLE_NOMEM; ++ goto errout; ++ } + sa->id.spi = ntohl(sa_info->id.spi); + sa->id.proto = sa_info->id.proto; + sa->ce_mask |= (XFRM_SA_ATTR_DADDR | XFRM_SA_ATTR_SPI | XFRM_SA_ATTR_PROTO); + + if (sa_info->family == AF_INET) +- sa->saddr = nl_addr_build (sa_info->family, &sa_info->saddr.a4, sizeof (sa_info->saddr.a4)); ++ if (!(sa->saddr = nl_addr_build (sa_info->family, &sa_info->saddr.a4, sizeof (sa_info->saddr.a4)))) { ++ err = -NLE_NOMEM; ++ goto errout; ++ } + else +- sa->saddr = nl_addr_build (sa_info->family, &sa_info->saddr.a6, sizeof (sa_info->saddr.a6)); ++ if (!(sa->saddr = nl_addr_build (sa_info->family, &sa_info->saddr.a6, sizeof (sa_info->saddr.a6)))) { ++ err = -NLE_NOMEM; ++ goto errout; ++ } + sa->ce_mask |= XFRM_SA_ATTR_SADDR; + + sa->lft->soft_byte_limit = sa_info->lft.soft_byte_limit; +@@ -866,9 +890,15 @@ int xfrmnl_sa_parse(struct nlmsghdr *n, struct xfrmnl_sa **result) + sa->encap->encap_sport = ntohs(encap->encap_sport); + sa->encap->encap_dport = ntohs(encap->encap_dport); + if (sa_info->family == AF_INET) +- sa->encap->encap_oa = nl_addr_build (sa_info->family, &encap->encap_oa.a4, sizeof (encap->encap_oa.a4)); ++ if (!(sa->encap->encap_oa = nl_addr_build (sa_info->family, &encap->encap_oa.a4, sizeof (encap->encap_oa.a4)))) { ++ err = -NLE_NOMEM; ++ goto errout; ++ } + else +- sa->encap->encap_oa = nl_addr_build (sa_info->family, &encap->encap_oa.a6, sizeof (encap->encap_oa.a6)); ++ if (!(sa->encap->encap_oa = nl_addr_build (sa_info->family, &encap->encap_oa.a6, sizeof (encap->encap_oa.a6)))) { ++ err = -NLE_NOMEM; ++ goto errout; ++ } + sa->ce_mask |= XFRM_SA_ATTR_ENCAP; + } + +@@ -880,13 +910,19 @@ int xfrmnl_sa_parse(struct nlmsghdr *n, struct xfrmnl_sa **result) + if (tb[XFRMA_COADDR]) { + if (sa_info->family == AF_INET) + { +- sa->coaddr = nl_addr_build(sa_info->family, nla_data(tb[XFRMA_COADDR]), +- sizeof (uint32_t)); ++ if (!(sa->coaddr = nl_addr_build( ++ sa_info->family, nla_data(tb[XFRMA_COADDR]), sizeof (uint32_t)))) { ++ err = -NLE_NOMEM; ++ goto errout; ++ } + } + else + { +- sa->coaddr = nl_addr_build(sa_info->family, nla_data(tb[XFRMA_COADDR]), +- sizeof (uint32_t) * 4); ++ if (!(sa->coaddr = nl_addr_build( ++ sa_info->family, nla_data(tb[XFRMA_COADDR]), sizeof (uint32_t) * 4))) { ++ err = -NLE_NOMEM; ++ goto errout; ++ } + } + sa->ce_mask |= XFRM_SA_ATTR_COADDR; + } +diff --git a/lib/xfrm/sp.c b/lib/xfrm/sp.c +index d3d9778..38002da 100644 +--- a/lib/xfrm/sp.c ++++ b/lib/xfrm/sp.c +@@ -558,9 +558,15 @@ int xfrmnl_sp_parse(struct nlmsghdr *n, struct xfrmnl_sp **result) + } + + if (sp_info->sel.family == AF_INET) +- addr = nl_addr_build (sp_info->sel.family, &sp_info->sel.daddr.a4, sizeof (sp_info->sel.daddr.a4)); ++ if (!(addr = nl_addr_build (sp_info->sel.family, &sp_info->sel.daddr.a4, sizeof (sp_info->sel.daddr.a4)))) { ++ err = -NLE_NOMEM; ++ goto errout; ++ } + else +- addr = nl_addr_build (sp_info->sel.family, &sp_info->sel.daddr.a6, sizeof (sp_info->sel.daddr.a6)); ++ if (!(addr = nl_addr_build (sp_info->sel.family, &sp_info->sel.daddr.a6, sizeof (sp_info->sel.daddr.a6)))) { ++ err = -NLE_NOMEM; ++ goto errout; ++ } + nl_addr_set_prefixlen (addr, sp_info->sel.prefixlen_d); + xfrmnl_sel_set_daddr (sp->sel, addr); + /* Drop the reference count from the above set operation */ +@@ -568,9 +574,15 @@ int xfrmnl_sp_parse(struct nlmsghdr *n, struct xfrmnl_sp **result) + xfrmnl_sel_set_prefixlen_d (sp->sel, sp_info->sel.prefixlen_d); + + if (sp_info->sel.family == AF_INET) +- addr = nl_addr_build (sp_info->sel.family, &sp_info->sel.saddr.a4, sizeof (sp_info->sel.saddr.a4)); ++ if (!(addr = nl_addr_build (sp_info->sel.family, &sp_info->sel.saddr.a4, sizeof (sp_info->sel.saddr.a4)))) { ++ err = -NLE_NOMEM; ++ goto errout; ++ } + else +- addr = nl_addr_build (sp_info->sel.family, &sp_info->sel.saddr.a6, sizeof (sp_info->sel.saddr.a6)); ++ if (!(addr = nl_addr_build (sp_info->sel.family, &sp_info->sel.saddr.a6, sizeof (sp_info->sel.saddr.a6)))) { ++ err = -NLE_NOMEM; ++ goto errout; ++ } + nl_addr_set_prefixlen (addr, sp_info->sel.prefixlen_s); + xfrmnl_sel_set_saddr (sp->sel, addr); + /* Drop the reference count from the above set operation */ +@@ -647,9 +659,15 @@ int xfrmnl_sp_parse(struct nlmsghdr *n, struct xfrmnl_sp **result) + } + + if (tmpl->family == AF_INET) +- addr = nl_addr_build(tmpl->family, &tmpl->id.daddr.a4, sizeof (tmpl->id.daddr.a4)); ++ if (!(addr = nl_addr_build(tmpl->family, &tmpl->id.daddr.a4, sizeof (tmpl->id.daddr.a4)))) { ++ err = -NLE_NOMEM; ++ goto errout; ++ } + else +- addr = nl_addr_build(tmpl->family, &tmpl->id.daddr.a6, sizeof (tmpl->id.daddr.a6)); ++ if (!(addr = nl_addr_build(tmpl->family, &tmpl->id.daddr.a6, sizeof (tmpl->id.daddr.a6)))) { ++ err = -NLE_NOMEM; ++ goto errout; ++ } + xfrmnl_user_tmpl_set_daddr (sputmpl, addr); + /* Drop the reference count from the above set operation */ + nl_addr_put(addr); +@@ -658,9 +676,15 @@ int xfrmnl_sp_parse(struct nlmsghdr *n, struct xfrmnl_sp **result) + xfrmnl_user_tmpl_set_family (sputmpl, tmpl->family); + + if (tmpl->family == AF_INET) +- addr = nl_addr_build(tmpl->family, &tmpl->saddr.a4, sizeof (tmpl->saddr.a4)); ++ if (!(addr = nl_addr_build(tmpl->family, &tmpl->saddr.a4, sizeof (tmpl->saddr.a4)))) { ++ err = -NLE_NOMEM; ++ goto errout; ++ } + else +- addr = nl_addr_build(tmpl->family, &tmpl->saddr.a6, sizeof (tmpl->saddr.a6)); ++ if (!(addr = nl_addr_build(tmpl->family, &tmpl->saddr.a6, sizeof (tmpl->saddr.a6)))) { ++ err = -NLE_NOMEM; ++ goto errout; ++ } + xfrmnl_user_tmpl_set_saddr (sputmpl, addr); + /* Drop the reference count from the above set operation */ + nl_addr_put(addr); +-- +2.33.0 + diff --git a/backport-fix-error-handling-in-nl_str2ip_protos.patch b/backport-fix-error-handling-in-nl_str2ip_protos.patch new file mode 100644 index 0000000..14712c8 --- /dev/null +++ b/backport-fix-error-handling-in-nl_str2ip_protos.patch @@ -0,0 +1,28 @@ +From 8ee8b05ff59999fd88b8a6faae40e7777ccf8c98 Mon Sep 17 00:00:00 2001 +From: Thomas Haller +Date: Fri, 18 Aug 2023 11:56:58 +0200 +Subject: [PATCH] lib: fix error handling in nl_str2ip_proto() + +Conflict:Deleted the test case because the check-direct test case does not exist in the current version because it is not integrated into the pre-installation patch bae11ec. +Reference:https://github.com/thom311/libnl/commit/8ee8b05ff59999fd88b8a6faae40e7777ccf8c98 + +--- + lib/utils.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/utils.c b/lib/utils.c +index 496bf3b..9795b42 100644 +--- a/lib/utils.c ++++ b/lib/utils.c +@@ -887,7 +887,7 @@ int nl_str2ip_proto(const char *name) + return p->p_proto; + + l = strtoul(name, &end, 0); +- if (l == ULONG_MAX || *end != '\0') ++ if (name == end || *end != '\0' || l > (unsigned long)INT_MAX) + return -NLE_OBJ_NOTFOUND; + + return (int) l; +-- +2.33.0 + diff --git a/backport-fix-leak-in-error-handling-of-rtnl_flower_append_action.patch b/backport-fix-leak-in-error-handling-of-rtnl_flower_append_action.patch new file mode 100644 index 0000000..ce48b08 --- /dev/null +++ b/backport-fix-leak-in-error-handling-of-rtnl_flower_append_action.patch @@ -0,0 +1,45 @@ +From 7912b4f90668afab9b7cb7054434d341826b8c54 Mon Sep 17 00:00:00 2001 +From: Thomas Haller +Date: Fri, 1 Dec 2023 19:51:41 +0100 +Subject: [PATCH] route/cls: fix leak in error handling of + rtnl_flower_append_action() + +Using rtnl_act_append() correctly is hard. + +Fixes: ef46de143206 ('route/cls: add flower classifier') + +Conflict:NA +Reference:https://github.com/thom311/libnl/commit/7912b4f90668afab9b7cb7054434d341826b8c54 + +--- + lib/route/cls/flower.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/lib/route/cls/flower.c b/lib/route/cls/flower.c +index 11bd709..65f0ccf 100644 +--- a/lib/route/cls/flower.c ++++ b/lib/route/cls/flower.c +@@ -787,6 +787,7 @@ int rtnl_flower_get_ipv4_dst(struct rtnl_cls *cls, in_addr_t *out_addr, + int rtnl_flower_append_action(struct rtnl_cls *cls, struct rtnl_act *act) + { + struct rtnl_flower *f; ++ int err; + + if (!act) + return 0; +@@ -796,8 +797,11 @@ int rtnl_flower_append_action(struct rtnl_cls *cls, struct rtnl_act *act) + + f->cf_mask |= FLOWER_ATTR_ACTION; + ++ if ((err = rtnl_act_append(&f->cf_act, act)) < 0) ++ return err; ++ + rtnl_act_get(act); +- return rtnl_act_append(&f->cf_act, act); ++ return 0; + } + + /** +-- +2.33.0 + diff --git a/backport-fix-leaking-usertemplate-in-xfrmnl_sp_parse.patch b/backport-fix-leaking-usertemplate-in-xfrmnl_sp_parse.patch new file mode 100644 index 0000000..23a09ad --- /dev/null +++ b/backport-fix-leaking-usertemplate-in-xfrmnl_sp_parse.patch @@ -0,0 +1,60 @@ +From d8a1ff30c4864bd57c2d895ef88df8a2d138a17d Mon Sep 17 00:00:00 2001 +From: Thomas Haller +Date: Mon, 4 Dec 2023 11:36:16 +0100 +Subject: [PATCH] xfrm: fix leaking usertemplate in xfrmnl_sp_parse() + +Conflict:The libnl-3.8 version is reconstructed. The nl-xfrm.h file is modified based on the _nl-auto.h file. Therefore, the modified files are inconsistent, and context adaptation is required. +Reference:https://github.com/thom311/libnl/commit/d8a1ff30c4864bd57c2d895ef88df8a2d138a17d + +--- + include/netlink-private/nl-auto.h | 7 +++++++ + lib/xfrm/sp.c | 4 ++-- + 2 files changed, 9 insertions(+), 2 deletions(-) + +diff --git a/include/netlink-private/nl-auto.h b/include/netlink-private/nl-auto.h +index 4092782..0ff3791 100644 +--- a/include/netlink-private/nl-auto.h ++++ b/include/netlink-private/nl-auto.h +@@ -99,4 +99,11 @@ void nl_socket_free(struct nl_sock *); + #define _nl_auto_nl_socket _nl_auto(_nl_auto_nl_socket_fcn) + _NL_AUTO_DEFINE_FCN_TYPED0(struct nl_sock *, _nl_auto_nl_socket_fcn, nl_socket_free); + ++struct xfrmnl_user_tmpl; ++void xfrmnl_user_tmpl_free(struct xfrmnl_user_tmpl *utmpl); ++#define _nl_auto_xfrmnl_user_tmpl _nl_auto(_nl_auto_xfrmnl_user_tmpl_fcn) ++_NL_AUTO_DEFINE_FCN_TYPED0(struct xfrmnl_user_tmpl *, ++ _nl_auto_xfrmnl_user_tmpl_fcn, ++ xfrmnl_user_tmpl_free); ++ + #endif /* NETLINK_NL_AUTO_H_ */ +diff --git a/lib/xfrm/sp.c b/lib/xfrm/sp.c +index d38daef..d3d9778 100644 +--- a/lib/xfrm/sp.c ++++ b/lib/xfrm/sp.c +@@ -633,13 +633,13 @@ int xfrmnl_sp_parse(struct nlmsghdr *n, struct xfrmnl_sp **result) + + if (tb[XFRMA_TMPL]) { + struct xfrm_user_tmpl* tmpl = nla_data(tb[XFRMA_TMPL]); +- struct xfrmnl_user_tmpl* sputmpl; + uint32_t i; + uint32_t num_tmpls = nla_len(tb[XFRMA_TMPL]) / sizeof (*tmpl); + struct nl_addr* addr; + + for (i = 0; (i < num_tmpls) && (tmpl); i ++, tmpl++) + { ++ _nl_auto_xfrmnl_user_tmpl struct xfrmnl_user_tmpl *sputmpl = NULL; + if ((sputmpl = xfrmnl_user_tmpl_alloc ()) == NULL) + { + err = -NLE_NOMEM; +@@ -672,7 +672,7 @@ int xfrmnl_sp_parse(struct nlmsghdr *n, struct xfrmnl_sp **result) + xfrmnl_user_tmpl_set_aalgos (sputmpl, tmpl->aalgos); + xfrmnl_user_tmpl_set_ealgos (sputmpl, tmpl->ealgos); + xfrmnl_user_tmpl_set_calgos (sputmpl, tmpl->calgos); +- xfrmnl_sp_add_usertemplate (sp, sputmpl); ++ xfrmnl_sp_add_usertemplate (sp, _nl_steal_pointer(&sputmpl)); + + sp->ce_mask |= XFRM_SP_ATTR_TMPL; + } +-- +2.33.0 + diff --git a/backport-fix-reference-counters-of-sa-selector-addresses.patch b/backport-fix-reference-counters-of-sa-selector-addresses.patch new file mode 100644 index 0000000..669141a --- /dev/null +++ b/backport-fix-reference-counters-of-sa-selector-addresses.patch @@ -0,0 +1,67 @@ +From c4c22d267117900b9582d5c2e934c107419c9603 Mon Sep 17 00:00:00 2001 +From: Thomas Egerer +Date: Mon, 27 Nov 2023 15:58:19 +0100 +Subject: [PATCH] xfrm/sp: fix reference counters of sa selector/tmpl addresses + +It's a similar issue as in commit 3f4f1dda, when calling +xfrmnl_sp_parse, the refcount of the addresses for selectors and +templates increases to two, as xfrmnl_sel_set_[s|d]addr and +xfrmnl_user_tmpl_set_[s|d]addr add another reference to the address +object. As only one of those refs is dropped in sel_destroy or +xfrmnl_user_tmpl_free respectively the address objects' refcount +will never drop to zero, causing a leak. + +Signed-off-by: Thomas Egerer + +Fixes: 917154470895 ('xfrm: add xfrm support') + +Conflict:NA +Reference:https://github.com/thom311/libnl/commit/c4c22d267117900b9582d5c2e934c107419c9603 + +--- + lib/xfrm/sp.c | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/lib/xfrm/sp.c b/lib/xfrm/sp.c +index ab7cf89..d38daef 100644 +--- a/lib/xfrm/sp.c ++++ b/lib/xfrm/sp.c +@@ -563,6 +563,8 @@ int xfrmnl_sp_parse(struct nlmsghdr *n, struct xfrmnl_sp **result) + addr = nl_addr_build (sp_info->sel.family, &sp_info->sel.daddr.a6, sizeof (sp_info->sel.daddr.a6)); + nl_addr_set_prefixlen (addr, sp_info->sel.prefixlen_d); + xfrmnl_sel_set_daddr (sp->sel, addr); ++ /* Drop the reference count from the above set operation */ ++ nl_addr_put(addr); + xfrmnl_sel_set_prefixlen_d (sp->sel, sp_info->sel.prefixlen_d); + + if (sp_info->sel.family == AF_INET) +@@ -571,6 +573,8 @@ int xfrmnl_sp_parse(struct nlmsghdr *n, struct xfrmnl_sp **result) + addr = nl_addr_build (sp_info->sel.family, &sp_info->sel.saddr.a6, sizeof (sp_info->sel.saddr.a6)); + nl_addr_set_prefixlen (addr, sp_info->sel.prefixlen_s); + xfrmnl_sel_set_saddr (sp->sel, addr); ++ /* Drop the reference count from the above set operation */ ++ nl_addr_put(addr); + xfrmnl_sel_set_prefixlen_s (sp->sel, sp_info->sel.prefixlen_s); + + xfrmnl_sel_set_dport (sp->sel, ntohs (sp_info->sel.dport)); +@@ -647,6 +651,8 @@ int xfrmnl_sp_parse(struct nlmsghdr *n, struct xfrmnl_sp **result) + else + addr = nl_addr_build(tmpl->family, &tmpl->id.daddr.a6, sizeof (tmpl->id.daddr.a6)); + xfrmnl_user_tmpl_set_daddr (sputmpl, addr); ++ /* Drop the reference count from the above set operation */ ++ nl_addr_put(addr); + xfrmnl_user_tmpl_set_spi (sputmpl, ntohl(tmpl->id.spi)); + xfrmnl_user_tmpl_set_proto (sputmpl, tmpl->id.proto); + xfrmnl_user_tmpl_set_family (sputmpl, tmpl->family); +@@ -656,6 +662,8 @@ int xfrmnl_sp_parse(struct nlmsghdr *n, struct xfrmnl_sp **result) + else + addr = nl_addr_build(tmpl->family, &tmpl->saddr.a6, sizeof (tmpl->saddr.a6)); + xfrmnl_user_tmpl_set_saddr (sputmpl, addr); ++ /* Drop the reference count from the above set operation */ ++ nl_addr_put(addr); + + xfrmnl_user_tmpl_set_reqid (sputmpl, tmpl->reqid); + xfrmnl_user_tmpl_set_mode (sputmpl, tmpl->mode); +-- +2.33.0 + diff --git a/backport-fix-signed-overflow-warning-in-nl_object_diff.patch b/backport-fix-signed-overflow-warning-in-nl_object_diff.patch new file mode 100644 index 0000000..98931cd --- /dev/null +++ b/backport-fix-signed-overflow-warning-in-nl_object_diff.patch @@ -0,0 +1,30 @@ +From aea3f9f2d8b6ecf6b69df12ba4e99ca44d6813fb Mon Sep 17 00:00:00 2001 +From: Thomas Haller +Date: Fri, 1 Dec 2023 20:06:36 +0100 +Subject: [PATCH] lib: fix signed overflow warning in nl_object_diff() + +Coverity warns "Signed integer overflow for expression '1<<31'". + +Conflict:NA +Reference:https://github.com/thom311/libnl/commit/aea3f9f2d8b6ecf6b69df12ba4e99ca44d6813fb + +--- + lib/object.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/object.c b/lib/object.c +index bef0b6f..cca4c48 100644 +--- a/lib/object.c ++++ b/lib/object.c +@@ -392,7 +392,7 @@ uint32_t nl_object_diff(struct nl_object *a, struct nl_object *b) + diff = nl_object_diff64(a, b); + + return (diff & ~((uint64_t) 0xFFFFFFFF)) +- ? (uint32_t) diff | (1 << 31) ++ ? (uint32_t) diff | (((uint32_t ) 1u) << 31) + : (uint32_t) diff; + } + +-- +2.33.0 + diff --git a/backport-handle-negative-and-zero-size-in-nla_memcpy.patch b/backport-handle-negative-and-zero-size-in-nla_memcpy.patch new file mode 100644 index 0000000..292baaa --- /dev/null +++ b/backport-handle-negative-and-zero-size-in-nla_memcpy.patch @@ -0,0 +1,44 @@ +From ca34ad524ec7a9f0e24bb5975b178a3e70268f0f Mon Sep 17 00:00:00 2001 +From: Thomas Haller +Date: Fri, 28 Jul 2023 11:24:26 +0200 +Subject: [PATCH] lib: handle negative and zero size in nla_memcpy() + +a negative count is a bug in the caller. Still, handle it better than +just crashing. Maybe we should assert, but it doesn't seem best to +assert against user input. + +Also, if count is zero, don't call memcpy(). Calling memcpy() requires +that the source and destination pointers are valid, otherwise it's +undefined behavior. I think if the caller tells us to copy zero bytes, +we should never look at the destination pointer. + +Conflict:NA +Reference:https://github.com/thom311/libnl/commit/ca34ad524ec7a9f0e24bb5975b178a3e70268f0f + +--- + lib/attr.c | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +diff --git a/lib/attr.c b/lib/attr.c +index 2b2d538..23619c7 100644 +--- a/lib/attr.c ++++ b/lib/attr.c +@@ -357,10 +357,13 @@ int nla_memcpy(void *dest, const struct nlattr *src, int count) + + if (!src) + return 0; +- ++ + minlen = min_t(int, count, nla_len(src)); +- memcpy(dest, nla_data(src), minlen); + ++ if (minlen <= 0) ++ return 0; ++ ++ memcpy(dest, nla_data(src), minlen); + return minlen; + } + +-- +2.33.0 + diff --git a/backport-use-thread-safe-gmtime_r-instead-of-gmtime.patch b/backport-use-thread-safe-gmtime_r-instead-of-gmtime.patch new file mode 100644 index 0000000..8317e6e --- /dev/null +++ b/backport-use-thread-safe-gmtime_r-instead-of-gmtime.patch @@ -0,0 +1,107 @@ +From f520471cb6e2340309028e0400b8186db3635e0f Mon Sep 17 00:00:00 2001 +From: Thomas Haller +Date: Fri, 18 Aug 2023 14:04:21 +0200 +Subject: [PATCH] lib/xfrm: use thread-safe gmtime_r() instead of gmtime() + +Conflict:NA +Reference:https://github.com/thom311/libnl/commit/f520471cb6e2340309028e0400b8186db3635e0f + +--- + lib/xfrm/ae.c | 5 +++-- + lib/xfrm/sa.c | 5 +++-- + lib/xfrm/sp.c | 5 +++-- + 3 files changed, 9 insertions(+), 6 deletions(-) + +diff --git a/lib/xfrm/ae.c b/lib/xfrm/ae.c +index a56cd87..522cef0 100644 +--- a/lib/xfrm/ae.c ++++ b/lib/xfrm/ae.c +@@ -299,6 +299,7 @@ static void xfrm_ae_dump_line(struct nl_object *a, struct nl_dump_params *p) + char flags[128], buf[128]; + time_t add_time, use_time; + struct tm *add_time_tm, *use_time_tm; ++ struct tm tm_buf; + + nl_dump_line(p, "src %s dst %s \n", nl_addr2str(ae->saddr, src, sizeof(src)), + nl_addr2str(ae->sa_id.daddr, dst, sizeof(dst))); +@@ -317,7 +318,7 @@ static void xfrm_ae_dump_line(struct nl_object *a, struct nl_dump_params *p) + if (ae->lifetime_cur.add_time != 0) + { + add_time = ae->lifetime_cur.add_time; +- add_time_tm = gmtime (&add_time); ++ add_time_tm = gmtime_r (&add_time, &tm_buf); + strftime (flags, 128, "%Y-%m-%d %H-%M-%S", add_time_tm); + } + else +@@ -328,7 +329,7 @@ static void xfrm_ae_dump_line(struct nl_object *a, struct nl_dump_params *p) + if (ae->lifetime_cur.use_time != 0) + { + use_time = ae->lifetime_cur.use_time; +- use_time_tm = gmtime (&use_time); ++ use_time_tm = gmtime_r (&use_time, &tm_buf); + strftime (buf, 128, "%Y-%m-%d %H-%M-%S", use_time_tm); + } + else +diff --git a/lib/xfrm/sa.c b/lib/xfrm/sa.c +index 6b3daf4..63a13ba 100644 +--- a/lib/xfrm/sa.c ++++ b/lib/xfrm/sa.c +@@ -411,6 +411,7 @@ static void xfrm_sa_dump_line(struct nl_object *a, struct nl_dump_params *p) + char flags[128], mode[128]; + time_t add_time, use_time; + struct tm *add_time_tm, *use_time_tm; ++ struct tm tm_buf; + + nl_dump_line(p, "src %s dst %s family: %s\n", nl_addr2str(sa->saddr, src, sizeof(src)), + nl_addr2str(sa->id.daddr, dst, sizeof(dst)), +@@ -454,7 +455,7 @@ static void xfrm_sa_dump_line(struct nl_object *a, struct nl_dump_params *p) + if (sa->curlft.add_time != 0) + { + add_time = sa->curlft.add_time; +- add_time_tm = gmtime (&add_time); ++ add_time_tm = gmtime_r (&add_time, &tm_buf); + strftime (flags, 128, "%Y-%m-%d %H-%M-%S", add_time_tm); + } + else +@@ -465,7 +466,7 @@ static void xfrm_sa_dump_line(struct nl_object *a, struct nl_dump_params *p) + if (sa->curlft.use_time != 0) + { + use_time = sa->curlft.use_time; +- use_time_tm = gmtime (&use_time); ++ use_time_tm = gmtime_r (&use_time, &tm_buf); + strftime (mode, 128, "%Y-%m-%d %H-%M-%S", use_time_tm); + } + else +diff --git a/lib/xfrm/sp.c b/lib/xfrm/sp.c +index 3943469..1984099 100644 +--- a/lib/xfrm/sp.c ++++ b/lib/xfrm/sp.c +@@ -325,6 +325,7 @@ static void xfrm_sp_dump_line(struct nl_object *a, struct nl_dump_params *p) + char dst[INET6_ADDRSTRLEN+5], src[INET6_ADDRSTRLEN+5]; + time_t add_time, use_time; + struct tm *add_time_tm, *use_time_tm; ++ struct tm tm_buf; + + nl_addr2str(xfrmnl_sel_get_saddr (sp->sel), src, sizeof(src)); + nl_addr2str (xfrmnl_sel_get_daddr (sp->sel), dst, sizeof (dst)); +@@ -375,7 +376,7 @@ static void xfrm_sp_dump_line(struct nl_object *a, struct nl_dump_params *p) + if (sp->curlft.add_time != 0) + { + add_time = sp->curlft.add_time; +- add_time_tm = gmtime (&add_time); ++ add_time_tm = gmtime_r (&add_time, &tm_buf); + strftime (dst, INET6_ADDRSTRLEN+5, "%Y-%m-%d %H-%M-%S", add_time_tm); + } + else +@@ -386,7 +387,7 @@ static void xfrm_sp_dump_line(struct nl_object *a, struct nl_dump_params *p) + if (sp->curlft.use_time != 0) + { + use_time = sp->curlft.use_time; +- use_time_tm = gmtime (&use_time); ++ use_time_tm = gmtime_r (&use_time, &tm_buf); + strftime (src, INET6_ADDRSTRLEN+5, "%Y-%m-%d %H-%M-%S", use_time_tm); + } + else +-- +2.33.0 + diff --git a/backport-workaround-coverity-warning-about-time_t-handling.patch b/backport-workaround-coverity-warning-about-time_t-handling.patch new file mode 100644 index 0000000..4aae88c --- /dev/null +++ b/backport-workaround-coverity-warning-about-time_t-handling.patch @@ -0,0 +1,86 @@ +From 4fcb075720ed3beea4ceee3f679305caacd0f51b Mon Sep 17 00:00:00 2001 +From: Thomas Haller +Date: Mon, 4 Dec 2023 11:22:38 +0100 +Subject: [PATCH] socket: workaround coverity warning about time_t handling + +Coverity really wants to warn if a time_t is cast to 32 bits. +We use time() here to get (some very bad) randomness. The loss +of the upper bits is the least of the problems. + +Work around the coverity warning by also the higher bits. + + Error: Y2K38_SAFETY (CWE-197): [#def12] + libnl-3.8.0/lib/socket.c:76: store_truncates_time_t: A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "time(NULL)" is cast to "uint32_t". + # 74| + # 75| if (idx_state == 0) { + # 76|-> uint32_t t = (uint32_t) time(NULL); + # 77| + # 78| /* from time to time (on average each 2^15 calls), the idx_state will + + Error: Y2K38_SAFETY (CWE-197): [#def13] + libnl-3.8.0/lib/socket.c:193: store_truncates_time_t: A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "time(NULL)" is cast to "unsigned int". + # 191| sk->s_local.nl_family = AF_NETLINK; + # 192| sk->s_peer.nl_family = AF_NETLINK; + # 193|-> sk->s_seq_next = (unsigned int) time(NULL); + # 194| sk->s_seq_expect = sk->s_seq_next; + # 195| + +Conflict:patch for explicitly cast time() to uint32_t at 57e0170 is not incorporated +Reference:https://github.com/thom311/libnl/commit/4fcb075720ed3beea4ceee3f679305caacd0f51b + + +--- + lib/socket.c | 23 +++++++++++++++++++++-- + 1 file changed, 21 insertions(+), 2 deletions(-) + +diff --git a/lib/socket.c b/lib/socket.c +index 99cd36d..778230b 100644 +--- a/lib/socket.c ++++ b/lib/socket.c +@@ -54,6 +54,24 @@ static void __init init_default_cb(void) + } + } + ++static uint32_t _badrandom_from_time(void) ++{ ++ uint32_t result; ++ uint64_t v64; ++ time_t t; ++ ++ t = time(NULL); ++ v64 = (uint64_t)t; ++ result = (uint32_t)v64; ++ ++ /* XOR with the upper bits. Otherwise, coverity warns about only ++ * considering 32 bit from time_t. Use the inverse, so that for the ++ * most part the bits don't change. */ ++ result ^= (~(v64 >> 32)); ++ ++ return result; ++} ++ + static uint32_t used_ports_map[32]; + static NL_RW_LOCK(port_map_lock); + +@@ -67,7 +85,7 @@ static uint32_t generate_local_port(void) + nl_write_lock(&port_map_lock); + + if (idx_state == 0) { +- uint32_t t = time(NULL); ++ uint32_t t = _badrandom_from_time(); + + /* from time to time (on average each 2^15 calls), the idx_state will + * be zero again. No problem, just "seed" anew with time(). */ +@@ -184,7 +202,8 @@ static struct nl_sock *__alloc_socket(struct nl_cb *cb) + sk->s_cb = nl_cb_get(cb); + sk->s_local.nl_family = AF_NETLINK; + sk->s_peer.nl_family = AF_NETLINK; +- sk->s_seq_expect = sk->s_seq_next = time(NULL); ++ sk->s_seq_next = _badrandom_from_time(); ++ sk->s_seq_expect = sk->s_seq_next; + + /* the port is 0 (unspecified), meaning NL_OWN_PORT */ + sk->s_flags = NL_OWN_PORT; +-- +2.33.0 + diff --git a/libnl3.spec b/libnl3.spec index ad9bc45..077c9d0 100644 --- a/libnl3.spec +++ b/libnl3.spec @@ -1,6 +1,6 @@ Name: libnl3 Version: 3.7.0 -Release: 3 +Release: 4 Summary: Providing APIs to netlink protocol based Linux kernel interfaces License: LGPLv2 URL: http://www.infradead.org/~tgr/libnl/ @@ -11,6 +11,21 @@ Patch6001: backport-fix-bridge-info-parsing.patch Patch9000: solve-redefinition-of-struct-ipv6_mreq.patch +patch6002: backport-add-some-tests-about-addr-class-rule-neigh-qdisc.patch +patch6003: backport-clear-XFRM_SP_ATTR_TMPL-when-removing-the-last-template.patch +patch6004: backport-fix-reference-counters-of-sa-selector-addresses.patch +patch6005: backport-do-not-use-static-array-indices-for-buffer.patch +patch6006: backport-fix-leak-in-error-handling-of-rtnl_flower_append_action.patch +patch6007: backport-fix-signed-overflow-warning-in-nl_object_diff.patch +patch6008: backport-workaround-coverity-warning-about-time_t-handling.patch +patch6009: backport-fix-leaking-usertemplate-in-xfrmnl_sp_parse.patch +patch6010: backport-avoid-integer-overflow-in-rtnl_tc_calc_cell_log.patch +patch6011: backport-fix-crashes-in-case-of-ENOMEM.patch +patch6012: backport-accept-NULL-argument-in-nla_nest_cancel-for-robustness.patch +patch6013: backport-fix-error-handling-in-nl_str2ip_protos.patch +patch6014: backport-handle-negative-and-zero-size-in-nla_memcpy.patch +patch6015: backport-use-thread-safe-gmtime_r-instead-of-gmtime.patch + BuildRequires: flex bison libtool autoconf automake swig Requires: %{name} = %{version}-%{release} @@ -94,6 +109,12 @@ cd python %{python3_sitearch}/netlink-*.egg-info %changelog +* Thu Apr 25 2024 sunhai - 3.7.0-4 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:sync some pathes from upstream + * Fri Jan 12 2024 chengyechun - 3.7.0-3 - Type:bugfix - ID:NA -- Gitee