pool/iproute2
SHA256
2
0
Fork 2
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 65040 from home:philipsb:branches:security:netfilter

Browse Source 
OBS-URL: https://build.opensuse.org/request/show/65040
OBS-URL: https://build.opensuse.org/package/show/security:netfilter/iproute2?expand=0&rev=23
This commit is contained in:
Jan Engelhardt 2011-03-23 19:38:37 +00:00 committed by Git OBS Bridge
parent 8560649fed
commit 1e477c0b84
7 changed files with 16 additions and 497 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
iproute2-flushcheckuid.diff
View File

@ -1,30 +0,0 @@
--- ip/ipaddress.c 2009-03-24 22:40:54.000000000 +0000
+++ ip/ipaddress.c 2009-11-11 09:30:07.000000000 +0000
@@ -692,6 +692,12 @@
if (flush) {
int round = 0;
char flushb[4096-512];
+ uid_t uid = geteuid();
+
+ if(uid) {
+ fprintf(stderr, "Not sufficient rights to flush\n");
+ exit(EXIT_FAILURE);
+ }
filter.flushb = flushb;
filter.flushp = 0;
--- ip/iproute.c 2009-11-11 09:30:07.000000000 +0000
+++ ip/iproute.c 2009-11-11 09:35:23.000000000 +0000
@@ -1212,6 +1212,12 @@
int round = 0;
char flushb[4096-512];
time_t start = time(0);
+ uid_t uid = geteuid();
+
+ if(uid) {
+ fprintf(stderr, "Not sufficient rights to flush\n");
+ exit(EXIT_FAILURE);
+ }
if (filter.cloned) {
if (do_ipv6 != AF_INET6) {

18
iproute2-iptunnel-fclose.diff
View File

@ -1,18 +0,0 @@
--- ip/iptunnel.c 2009-07-28 13:28:59.000000000 +0200
+++ ip/iptunnel.c 2009-07-28 13:29:29.000000000 +0200
@@ -400,6 +400,7 @@
if ((ptr = strchr(buf, ':')) == NULL ||
(*ptr++ = 0, sscanf(buf, "%s", name) != 1)) {
fprintf(stderr, "Wrong format of /proc/net/dev. Sorry.\n");
+ fclose (fp);
return -1;
}
if (sscanf(ptr, "%ld%ld%ld%ld%ld%ld%ld%*d%ld%ld%ld%ld%ld%ld%ld",
@@ -438,6 +439,7 @@
}
printf("\n");
}
+ fclose (fp);
return 0;
}

17
iproute2-skbedit-memset.diff
View File

@ -1,17 +0,0 @@
---
tc/m_skbedit.c | 2 ++
1 file changed, 2 insertions(+)
Index: tc/m_skbedit.c
===================================================================
--- tc/m_skbedit.c.orig
+++ tc/m_skbedit.c
@@ -60,6 +60,8 @@ parse_skbedit(struct action_util *a, int
__u32 flags = 0, priority, mark;
struct tc_skbedit sel = { 0 };
+ memset(&sel, 0, sizeof(struct tc_skbedit));
+
if (matches(*argv, "skbedit") != 0)
return -1;

66
iproute2-ss-pclose.diff
View File

@ -1,66 +0,0 @@
--- misc/ss.c 2009-10-09 14:26:41.000000000 +0200
+++ misc/ss.c 2009-10-09 14:30:00.000000000 +0200
@@ -464,6 +464,7 @@
}
}
}
+ pclose (fp);
}
}
--- misc/ss.c 2009-10-09 14:39:14.000000000 +0200
+++ misc/ss.c 2009-10-09 14:40:25.000000000 +0200
@@ -1571,10 +1571,12 @@
status = fread(buf, 1, sizeof(*h), fp);
if (status < 0) {
perror("Reading header from $TCPDIAG_FILE");
+ fclose (fp);
return -1;
}
if (status != sizeof(*h)) {
perror("Unexpected EOF reading $TCPDIAG_FILE");
+ fclose (fp);
return -1;
}
@@ -1582,16 +1584,20 @@
if (status < 0) {
perror("Reading $TCPDIAG_FILE");
+ fclose (fp);
return -1;
}
if (status + sizeof(*h) < h->nlmsg_len) {
perror("Unexpected EOF reading $TCPDIAG_FILE");
+ fclose (fp);
return -1;
}
/* The only legal exit point */
- if (h->nlmsg_type == NLMSG_DONE)
+ if (h->nlmsg_type == NLMSG_DONE) {
+ fclose (fp);
return 0;
+ }
if (h->nlmsg_type == NLMSG_ERROR) {
struct nlmsgerr *err = (struct nlmsgerr*)NLMSG_DATA(h);
@@ -1601,13 +1607,17 @@
errno = -err->error;
perror("TCPDIAG answered");
}
+ fclose (fp);
return -1;
}
err = tcp_show_sock(h, f);
- if (err < 0)
+ if (err < 0) {
+ fclose (fp);
return err;
+ }
}
+ fclose (fp);
}
static int tcp_show(struct filter *f, int socktype)

355
iproute2-warnings.diff
View File

@ -1,355 +0,0 @@
---
ip/ip6tunnel.c | 5 +++--
ip/ipmaddr.c | 3 ++-
ip/ipmroute.c | 6 ++++--
ip/iptunnel.c | 5 +++--
ip/rtmon.c | 6 ++++--
misc/ifstat.c | 6 ++++--
misc/lnstat_util.c | 11 +++++++----
misc/nstat.c | 6 ++++--
misc/rtacct.c | 6 ++++--
misc/ss.c | 39 ++++++++++++++++++++++++++-------------
netem/maketable.c | 3 ++-
11 files changed, 63 insertions(+), 33 deletions(-)
Index: ip/ip6tunnel.c
===================================================================
--- ip/ip6tunnel.c.orig
+++ ip/ip6tunnel.c
@@ -262,8 +262,9 @@ static int do_tunnels_list(struct ip6_tn
}
/* skip two lines at the begenning of the file */
- fgets(buf, sizeof(buf), fp);
- fgets(buf, sizeof(buf), fp);
+ char* res = 0;
+ res = fgets(buf, sizeof(buf), fp);
+ res = fgets(buf, sizeof(buf), fp);
while (fgets(buf, sizeof(buf), fp) != NULL) {
char name[IFNAMSIZ];
Index: ip/ipmaddr.c
===================================================================
--- ip/ipmaddr.c.orig
+++ ip/ipmaddr.c
@@ -128,7 +128,8 @@ void read_igmp(struct ma_info **result_p
if (!fp)
return;
memset(&m, 0, sizeof(m));
- fgets(buf, sizeof(buf), fp);
+ char* res = 0;
+ res = fgets(buf, sizeof(buf), fp);
m.addr.family = AF_INET;
m.addr.bitlen = 32;
Index: ip/ipmroute.c
===================================================================
--- ip/ipmroute.c.orig
+++ ip/ipmroute.c
@@ -58,7 +58,8 @@ static void read_viftable(void)
if (!fp)
return;
- fgets(buf, sizeof(buf), fp);
+ char* res = 0;
+ res = fgets(buf, sizeof(buf), fp);
while (fgets(buf, sizeof(buf), fp)) {
int vifi;
@@ -83,7 +84,8 @@ static void read_mroute_list(FILE *ofp)
if (!fp)
return;
- fgets(buf, sizeof(buf), fp);
+ char* res = 0;
+ res = fgets(buf, sizeof(buf), fp);
while (fgets(buf, sizeof(buf), fp)) {
inet_prefix maddr, msrc;
Index: ip/iptunnel.c
===================================================================
--- ip/iptunnel.c.orig
+++ ip/iptunnel.c
@@ -407,8 +407,9 @@ static int do_tunnels_list(struct ip_tun
return -1;
}
- fgets(buf, sizeof(buf), fp);
- fgets(buf, sizeof(buf), fp);
+ char* res = 0;
+ res = fgets(buf, sizeof(buf), fp);
+ res = fgets(buf, sizeof(buf), fp);
while (fgets(buf, sizeof(buf), fp) != NULL) {
int index, type;
Index: ip/rtmon.c
===================================================================
--- ip/rtmon.c.orig
+++ ip/rtmon.c
@@ -33,6 +33,7 @@ static void write_stamp(FILE *fp)
char buf[128];
struct nlmsghdr *n1 = (void*)buf;
struct timeval tv;
+ size_t res;
n1->nlmsg_type = 15;
n1->nlmsg_flags = 0;
@@ -42,7 +43,7 @@ static void write_stamp(FILE *fp)
gettimeofday(&tv, NULL);
((__u32*)NLMSG_DATA(n1))[0] = tv.tv_sec;
((__u32*)NLMSG_DATA(n1))[1] = tv.tv_usec;
- fwrite((void*)n1, 1, NLMSG_ALIGN(n1->nlmsg_len), fp);
+ res = fwrite((void*)n1, 1, NLMSG_ALIGN(n1->nlmsg_len), fp);
}
static int dump_msg(const struct sockaddr_nl *who, struct nlmsghdr *n,
@@ -51,7 +52,8 @@ static int dump_msg(const struct sockadd
FILE *fp = (FILE*)arg;
if (!init_phase)
write_stamp(fp);
- fwrite((void*)n, 1, NLMSG_ALIGN(n->nlmsg_len), fp);
+ int res = 0;
+ res = fwrite((void*)n, 1, NLMSG_ALIGN(n->nlmsg_len), fp);
fflush(fp);
return 0;
}
Index: misc/ifstat.c
===================================================================
--- misc/ifstat.c.orig
+++ misc/ifstat.c
@@ -716,8 +716,9 @@ int main(int argc, char *argv[])
fclose(tfp);
}
if (uptime >= 0 && time(NULL) >= stb.st_mtime+uptime) {
+ int res = 0;
fprintf(stderr, "ifstat: history is aged out, resetting\n");
- ftruncate(fileno(hist_fp), 0);
+ res = ftruncate(fileno(hist_fp), 0);
}
}
@@ -759,7 +760,8 @@ int main(int argc, char *argv[])
dump_incr_db(stdout);
}
if (!no_update) {
- ftruncate(fileno(hist_fp), 0);
+ int res = 0;
+ res = ftruncate(fileno(hist_fp), 0);
rewind(hist_fp);
dump_raw_db(hist_fp, 1);
fflush(hist_fp);
Index: misc/lnstat_util.c
===================================================================
--- misc/lnstat_util.c.orig
+++ misc/lnstat_util.c
@@ -49,7 +49,8 @@ static int scan_lines(struct lnstat_file
num_lines++;
- fgets(buf, sizeof(buf)-1, lf->fp);
+ char* res = 0;
+ res = fgets(buf, sizeof(buf)-1, lf->fp);
gettimeofday(&lf->last_read, NULL);
for (j = 0; j < lf->num_fields; j++) {
@@ -89,12 +90,13 @@ int lnstat_update(struct lnstat_file *ln
for (lf = lnstat_files; lf; lf = lf->next) {
if (time_after(&lf->last_read, &lf->interval, &tv)) {
int i;
+ char* res = 0;
struct lnstat_field *lfi;
rewind(lf->fp);
if (!lf->compat) {
/* skip first line */
- fgets(buf, sizeof(buf)-1, lf->fp);
+ res = fgets(buf, sizeof(buf)-1, lf->fp);
}
scan_lines(lf, 1);
@@ -108,7 +110,7 @@ int lnstat_update(struct lnstat_file *ln
}
rewind(lf->fp);
- fgets(buf, sizeof(buf)-1, lf->fp);
+ res = fgets(buf, sizeof(buf)-1, lf->fp);
scan_lines(lf, 0);
}
}
@@ -140,9 +142,10 @@ static int __lnstat_scan_fields(struct l
static int lnstat_scan_fields(struct lnstat_file *lf)
{
char buf[FGETS_BUF_SIZE];
+ char* res = 0;
rewind(lf->fp);
- fgets(buf, sizeof(buf)-1, lf->fp);
+ res = fgets(buf, sizeof(buf)-1, lf->fp);
return __lnstat_scan_fields(lf, buf);
}
Index: misc/nstat.c
===================================================================
--- misc/nstat.c.orig
+++ misc/nstat.c
@@ -567,8 +567,9 @@ int main(int argc, char *argv[])
fclose(tfp);
}
if (uptime >= 0 && time(NULL) >= stb.st_mtime+uptime) {
+ int res = 0;
fprintf(stderr, "nstat: history is aged out, resetting\n");
- ftruncate(fileno(hist_fp), 0);
+ res = ftruncate(fileno(hist_fp), 0);
}
}
@@ -612,7 +613,8 @@ int main(int argc, char *argv[])
dump_incr_db(stdout);
}
if (!no_update) {
- ftruncate(fileno(hist_fp), 0);
+ int res = 0;
+ res = ftruncate(fileno(hist_fp), 0);
rewind(hist_fp);
dump_kern_db(hist_fp, 1);
fflush(hist_fp);
Index: misc/rtacct.c
===================================================================
--- misc/rtacct.c.orig
+++ misc/rtacct.c
@@ -562,8 +562,10 @@ int main(int argc, char *argv[])
fprintf(stderr, "rtacct: something is so wrong with history file, that I prefer not to proceed.\n");
exit(-1);
}
- if (stb.st_size != sizeof(*hist_db))
- write(fd, kern_db, sizeof(*hist_db));
+ if (stb.st_size != sizeof(*hist_db)) {
+ ssize_t res = 0;
+ res = write(fd, kern_db, sizeof(*hist_db));
+ }
hist_db = mmap(NULL, sizeof(*hist_db),
PROT_READ|PROT_WRITE,
Index: misc/ss.c
===================================================================
--- misc/ss.c.orig
+++ misc/ss.c
@@ -290,7 +290,8 @@ static void user_ent_hash_build(void)
snprintf(tmp, sizeof(tmp), "%s/%d/stat", root, pid);
if ((fp = fopen(tmp, "r")) != NULL) {
- fscanf(fp, "%*d (%[^)])", process);
+ int res = 0;
+ res = fscanf(fp, "%*d (%[^)])", process);
fclose(fp);
}
}
@@ -372,7 +373,8 @@ int get_slabstat(struct slabstat *s)
cnt = sizeof(*s)/sizeof(int);
- fgets(buf, sizeof(buf), fp);
+ char* res = 0;
+ res = fgets(buf, sizeof(buf), fp);
while(fgets(buf, sizeof(buf), fp) != NULL) {
int i;
for (i=0; i<sizeof(slabstat_ids)/sizeof(slabstat_ids[0]); i++) {
@@ -496,7 +498,8 @@ void init_service_resolver(void)
char buf[128];
FILE *fp = popen("/usr/sbin/rpcinfo -p 2>/dev/null", "r");
if (fp) {
- fgets(buf, sizeof(buf), fp);
+ char* res = 0;
+ res = fgets(buf, sizeof(buf), fp);
while (fgets(buf, sizeof(buf), fp) != NULL) {
unsigned int progn, port;
char proto[128], prog[128];
@@ -534,7 +537,8 @@ static int is_ephemeral(int port)
if (!ip_local_port_min) {
FILE *f = ephemeral_ports_open();
if (f) {
- fscanf(f, "%d %d",
+ int res = 0;
+ res = fscanf(f, "%d %d",
&ip_local_port_min, &ip_local_port_max);
fclose(f);
} else {
@@ -711,7 +715,8 @@ int run_ssfilter(struct ssfilter *f, str
if (!low) {
FILE *fp = ephemeral_ports_open();
if (fp) {
- fscanf(fp, "%d%d", &low, &high);
+ int res = 0;
+ res = fscanf(fp, "%d%d", &low, &high);
fclose(fp);
}
}
@@ -1555,8 +1560,10 @@ static int tcp_show_netlink(struct filte
return 0;
}
- if (dump_fp)
- fwrite(buf, 1, NLMSG_ALIGN(status), dump_fp);
+ if (dump_fp) {
+ size_t res = 0;
+ res = fwrite(buf, 1, NLMSG_ALIGN(status), dump_fp);
+ }
h = (struct nlmsghdr*)buf;
while (NLMSG_OK(h, status)) {
@@ -1993,9 +2000,11 @@ int unix_show(struct filter *f)
int cnt;
struct unixstat *list = NULL;
- if ((fp = net_unix_open()) == NULL)
+ if ((fp = net_unix_open()) == NULL) {
return -1;
- fgets(buf, sizeof(buf)-1, fp);
+ }
+ char* res = 0;
+ res = fgets(buf, sizeof(buf)-1, fp);
if (memcmp(buf, "Peer", 4) == 0)
newformat = 1;
@@ -2081,9 +2090,11 @@ int packet_show(struct filter *f)
if (!(f->states & (1<<SS_CLOSE)))
return 0;
- if ((fp = net_packet_open()) == NULL)
+ if ((fp = net_packet_open()) == NULL) {
return -1;
- fgets(buf, sizeof(buf)-1, fp);
+ }
+ char* res = 0;
+ res = fgets(buf, sizeof(buf)-1, fp);
while (fgets(buf, sizeof(buf)-1, fp)) {
sscanf(buf, "%llx %*d %d %x %d %d %u %u %u",
@@ -2154,9 +2165,11 @@ int netlink_show(struct filter *f)
if (!(f->states & (1<<SS_CLOSE)))
return 0;
- if ((fp = net_netlink_open()) == NULL)
+ if ((fp = net_netlink_open()) == NULL) {
return -1;
- fgets(buf, sizeof(buf)-1, fp);
+ }
+ char* res = 0;
+ res = fgets(buf, sizeof(buf)-1, fp);
while (fgets(buf, sizeof(buf)-1, fp)) {
sscanf(buf, "%llx %d %d %x %d %d %llx %d",
Index: netem/maketable.c
===================================================================
--- netem/maketable.c.orig
+++ netem/maketable.c
@@ -38,7 +38,8 @@ readdoubles(FILE *fp, int *number)
}
for (i=0; i<limit; ++i){
- fscanf(fp, "%lf", &x[i]);
+ int res = 0;
+ res = fscanf(fp, "%lf", &x[i]);
if (feof(fp))
break;
++n;

15
iproute2.changes
View File

@ -1,3 +1,18 @@
-------------------------------------------------------------------
Wed Mar 23 18:57:20 UTC 2011 - bphilips@novell.com
Remove unneeded patches:
* iproute2-warnings.diff bnc#34714
Warnings no longer exist
* iproute2-iptunnel-fclose.diff
Process is dying no need to close file pointers
* iproute2-ss-pclose.diff
Process is dying no need to close file pointers
* iproute2-flushcheckuid.diff
Fixed upstream
* iproute2-skbedit-memset.diff
Fixed upstream 46a6573259f46f86eb0048a2c805b24ff4183fa6
-------------------------------------------------------------------
Tue Mar 22 08:57:44 CET 2011 - ms@suse.de

12
iproute2.spec
View File

@ -33,12 +33,7 @@ Source0: %name-%rversion.tar.bz2
Patch0: %name-libdir-1.diff
Patch1: %name-HZ.diff
Patch2: %name-pdfdoc.diff
Patch3: %name-flushcheckuid.diff
Patch4: %name-warnings.diff
Patch5: %name-skbedit-memset.diff
Patch6: %name-iptunnel-fclose.diff
Patch7: %name-ss-pclose.diff
Patch8: %name-memleak.diff
Patch3: %name-memleak.diff
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
@ -79,11 +74,6 @@ as well as examples and other outdated files.
%patch1
%patch2
%patch3
%patch4
%patch5
%patch6
%patch7
%patch8
find . -name *.orig -print0 | xargs -r0 rm -v
%build