forked from pool/iptables
Accepting request 691518 from home:kstreitova:branches:security:netfilter
- Add iptables-1.8.2-dont_read_garbage.patch that fixes a situation where 'iptables -L' reads garbage from the struct as the kernel never filled it in the bugged case. This can lead to issues like mapping a few TiB of memory [bsc#1106751]. OBS-URL: https://build.opensuse.org/request/show/691518 OBS-URL: https://build.opensuse.org/package/show/security:netfilter/iptables?expand=0&rev=126
This commit is contained in:
parent
725c31dfd6
commit
87d1cb26b1
24
iptables-1.8.2-dont_read_garbage.patch
Normal file
24
iptables-1.8.2-dont_read_garbage.patch
Normal file
@ -0,0 +1,24 @@
|
|||||||
|
From: Fabian Vogt <fvogt@suse.com>
|
||||||
|
Date: 2019-04-04 13:41:59 +0200
|
||||||
|
Subject: 'iptables -L' reads garbage
|
||||||
|
References: [bsc#1106751]
|
||||||
|
Upstream: reported (https://bugzilla.netfilter.org/show_bug.cgi?id=1331)
|
||||||
|
|
||||||
|
This patch fixes a situation where 'iptables -L' reads garbage
|
||||||
|
from the struct as the kernel never filled it in the bugged case.
|
||||||
|
This can lead to issues like mapping a few TiB of memory
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
Index: iptables-1.8.2/libiptc/libiptc.c
|
||||||
|
===================================================================
|
||||||
|
--- iptables-1.8.2.orig/libiptc/libiptc.c
|
||||||
|
+++ iptables-1.8.2/libiptc/libiptc.c
|
||||||
|
@@ -1305,6 +1305,7 @@ TC_INIT(const char *tablename)
|
||||||
|
{
|
||||||
|
struct xtc_handle *h;
|
||||||
|
STRUCT_GETINFO info;
|
||||||
|
+ memset(&info, 0, sizeof(info));
|
||||||
|
unsigned int tmp;
|
||||||
|
socklen_t s;
|
||||||
|
int sockfd;
|
@ -1,3 +1,11 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Apr 4 11:44:31 UTC 2019 - Kristýna Streitová <kstreitova@suse.com>
|
||||||
|
|
||||||
|
- Add iptables-1.8.2-dont_read_garbage.patch that fixes a situation
|
||||||
|
where 'iptables -L' reads garbage from the struct as the kernel
|
||||||
|
never filled it in the bugged case. This can lead to issues like
|
||||||
|
mapping a few TiB of memory [bsc#1106751].
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Tue Nov 13 12:09:24 UTC 2018 - Jan Engelhardt <jengelh@inai.de>
|
Tue Nov 13 12:09:24 UTC 2018 - Jan Engelhardt <jengelh@inai.de>
|
||||||
|
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
#
|
#
|
||||||
# spec file for package iptables
|
# spec file for package iptables
|
||||||
#
|
#
|
||||||
# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
|
# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
|
||||||
#
|
#
|
||||||
# All modifications and additions to the file contributed by third parties
|
# All modifications and additions to the file contributed by third parties
|
||||||
# remain the property of their copyright owners, unless otherwise agreed
|
# remain the property of their copyright owners, unless otherwise agreed
|
||||||
@ -12,7 +12,7 @@
|
|||||||
# license that conforms to the Open Source Definition (Version 1.9)
|
# license that conforms to the Open Source Definition (Version 1.9)
|
||||||
# published by the Open Source Initiative.
|
# published by the Open Source Initiative.
|
||||||
|
|
||||||
# Please submit bugfixes or comments via https://bugs.opensuse.org/
|
# Please submit bugfixes or comments via http://bugs.opensuse.org/
|
||||||
#
|
#
|
||||||
|
|
||||||
|
|
||||||
@ -30,6 +30,7 @@ Source3: %name.keyring
|
|||||||
Patch3: iptables-batch.patch
|
Patch3: iptables-batch.patch
|
||||||
Patch4: iptables-apply-mktemp-fix.patch
|
Patch4: iptables-apply-mktemp-fix.patch
|
||||||
Patch5: iptables-batch-lock.patch
|
Patch5: iptables-batch-lock.patch
|
||||||
|
Patch6: iptables-1.8.2-dont_read_garbage.patch
|
||||||
|
|
||||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||||
#git#BuildRequires: autoconf, automake >= 1.10
|
#git#BuildRequires: autoconf, automake >= 1.10
|
||||||
@ -141,7 +142,7 @@ xtables --variable=xtlibdir).
|
|||||||
|
|
||||||
%prep
|
%prep
|
||||||
%setup -q
|
%setup -q
|
||||||
%patch -P 3 -P 4 -P 5 -p1
|
%patch -P 3 -P 4 -P 5 -P 6 -p1
|
||||||
|
|
||||||
%build
|
%build
|
||||||
# We have the iptables-batch patch, so always regenerate.
|
# We have the iptables-batch patch, so always regenerate.
|
||||||
|
Loading…
Reference in New Issue
Block a user