pool/nftables
SHA256
2
0
Fork 2
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

- Add anonset-crashfix.patch [boo#1171321]

Browse Source 
OBS-URL: https://build.opensuse.org/package/show/security:netfilter/nftables?expand=0&rev=50
This commit is contained in:
Jan Engelhardt 2020-05-07 11:41:38 +00:00 committed by Git OBS Bridge
parent 7bd3a40a7f
commit 627143b6f9
3 changed files with 49 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
anonset-crashfix.patch Normal file
View File

@ -0,0 +1,42 @@
From pablo@netfilter.org Thu May 7 13:29:26 2020
Date: Thu, 7 May 2020 13:29:19
From: Pablo Neira Ayuso <pablo@netfilter.org>
To: netfilter-devel@vger.kernel.org
Cc: jengelh@inai.de
Subject: [PATCH nft] mnl: fix error rule reporting with missing table/chain and anonymous sets
Program received signal SIGSEGV, Segmentation fault.
0x00007ffff7f64f1e in erec_print (octx=0x55555555d2c0, erec=0x55555555fcf0, debug_mask=0) at erec.c:95
95 switch (indesc->type) {
(gdb) bt
buf=0x55555555db20 "add rule inet traffic-filter input tcp dport { 22, 80, 443 } accept") at libnftables.c:459
(gdb) p indesc
$1 = (const struct input_descriptor *) 0x0
Closes: http://bugzilla.opensuse.org/show_bug.cgi?id=1171321
Fixes: 086ec6f30c96 ("mnl: extended error support for create command")
Reported-by: Jan Engelhardt <jengelh@inai.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
src/mnl.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/src/mnl.c b/src/mnl.c
index 94e80261afb7..9ce4072859b1 100644
--- a/src/mnl.c
+++ b/src/mnl.c
@@ -1048,7 +1048,10 @@ int mnl_nft_set_add(struct netlink_ctx *ctx, struct cmd *cmd,
cmd_add_loc(cmd, nlh->nlmsg_len, &h->table.location);
mnl_attr_put_strz(nlh, NFTA_SET_TABLE, h->table.name);
- cmd_add_loc(cmd, nlh->nlmsg_len, &h->set.location);
+ if (set_is_anonymous(set->flags))
+ cmd_add_loc(cmd, nlh->nlmsg_len, &cmd->location);
+ else
+ cmd_add_loc(cmd, nlh->nlmsg_len, &h->set.location);
mnl_attr_put_strz(nlh, NFTA_SET_NAME, h->set.name);
nftnl_set_nlmsg_build_payload(nlh, nls);
--
2.20.1

5
nftables.changes
View File

@ -1,3 +1,8 @@
-------------------------------------------------------------------
Thu May 7 11:41:07 UTC 2020 - Jan Engelhardt <jengelh@inai.de>
- Add anonset-crashfix.patch [boo#1171321]
-------------------------------------------------------------------
Wed Apr 1 18:48:56 UTC 2020 - Jan Engelhardt <jengelh@inai.de>

3
nftables.spec
View File

@ -28,6 +28,7 @@ URL: https://netfilter.org/projects/nftables/
Source: http://ftp.netfilter.org/pub/nftables/nftables-%version.tar.bz2
Source2: http://ftp.netfilter.org/pub/nftables/nftables-%version.tar.bz2.sig
Source3: %name.keyring
Patch1: anonset-crashfix.patch
BuildRequires: asciidoc
BuildRequires: bison
BuildRequires: flex
@ -78,7 +79,7 @@ Group: Development/Languages/Python
A Python module for nftables.
%prep
%setup -q
%autosetup -p1
%build
mkdir bin