!110 [sync] PR-107: backport upstream patch

From: @openeuler-sync-bot Reviewed-by: @sunsuwan Signed-off-by: @sunsuwan
2024-06-28 08:11:36 +00:00 · 2024-06-28 08:11:36 +00:00 · 7d6d766afa
commit 7d6d766afa
parent 5cd16d0fa9 18d8fa91ef
3 changed files with 94 additions and 1 deletions
--- a/backport-libxtables-Fix-memleak-of-matches-udata.patch
+++ b/backport-libxtables-Fix-memleak-of-matches-udata.patch
@ -0,0 +1,34 @@
+From e7366db80740d34d2fe4ba8d12ef86a423e66280 Mon Sep 17 00:00:00 2001
+From: Phil Sutter <phil@nwl.cc>
+Date: Wed, 31 Jan 2024 14:58:17 +0100
+Subject: [PATCH] libxtables: Fix memleak of matches' udata
+
+If the extension specifies a non-zero udata_size, field 'udata' points
+to an allocated buffer which needs to be freed upon extension deinit.
+
+Interestingly, this bug was identified by ASAN and missed by valgrind.
+
+Fixes: 2dba676b68ef8 ("extensions: support for per-extension instance "global" variable space")
+Signed-off-by: Phil Sutter <phil@nwl.cc>
+---
+ libxtables/xtables.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/libxtables/xtables.c b/libxtables/xtables.c
+index b4339e8d..856bfae8 100644
+--- a/libxtables/xtables.c
+++ b/libxtables/xtables.c
+@@ -1420,6 +1420,10 @@ void xtables_rule_matches_free(struct xtables_rule_match **matches)
+ 			free(matchp->match->m);
+ 			matchp->match->m = NULL;
+ 		}
+		if (matchp->match->udata_size) {
+			free(matchp->match->udata);
+			matchp->match->udata = NULL;
+		}
+ 		if (matchp->match == matchp->match->next) {
+ 			free(matchp->match);
+ 			matchp->match = NULL;
+-- 
+2.43.4
+
--- a/backport-xshared-Fix-parsing-of-empty-string-arg-in-c-option.patch
+++ b/backport-xshared-Fix-parsing-of-empty-string-arg-in-c-option.patch
@ -0,0 +1,50 @@
+From a2911408959d7e86bc4bad4f1be2551a19ad125c Mon Sep 17 00:00:00 2001
+From: Phil Sutter <phil@nwl.cc>
+Date: Tue, 9 Apr 2024 13:18:12 +0200
+Subject: [PATCH] xshared: Fix parsing of empty string arg in '-c' option
+
+Calling iptables with '-c ""' resulted in a call to strchr() with an
+invalid pointer as 'optarg + 1' points to past the buffer. The most
+simple fix is to drop the offset: The global optstring part specifies a
+single colon after 'c', so getopt() enforces a valid pointer in optarg.
+If it contains a comma at first position, packet counter value parsing
+will fail so all cases are covered.
+
+Reported-by: gorbanev.es@gmail.com
+Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1741
+Fixes: 60a6073690a45 ("Make --set-counters (-c) accept comma separated counters")
+Signed-off-by: Phil Sutter <phil@nwl.cc>
+---
+ extensions/iptables.t | 5 +++++
+ iptables/xshared.c    | 2 +-
+ 2 files changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/extensions/iptables.t b/extensions/iptables.t
+index b4b6d677..5d6d3d15 100644
+--- a/extensions/iptables.t
+++ b/extensions/iptables.t
+@@ -4,3 +4,8 @@
+ -i eth+ -o alongifacename+;=;OK
+ ! -i eth0;=;OK
+ ! -o eth+;=;OK
+-c "";;FAIL
+-c ,3;;FAIL
+-c 3,;;FAIL
+-c ,;;FAIL
+-c 2,3 -j ACCEPT;-j ACCEPT;OK
+diff --git a/iptables/xshared.c b/iptables/xshared.c
+index b998dd75..b1997ea3 100644
+--- a/iptables/xshared.c
+++ b/iptables/xshared.c
+@@ -1755,7 +1755,7 @@ void do_parse(int argc, char *argv[],
+ 			set_option(&cs->options, OPT_COUNTERS, &args->invflags,
+ 				   invert);
+ 			args->pcnt = optarg;
+-			args->bcnt = strchr(args->pcnt + 1, ',');
+			args->bcnt = strchr(args->pcnt, ',');
+ 			if (args->bcnt)
+ 			    args->bcnt++;
+ 			if (!args->bcnt && xs_has_arg(argc, argv))
+-- 
+2.43.4
+
--- a/iptables.spec
+++ b/iptables.spec
@ -2,7 +2,7 @@
 %global legacy_actions %{_libexecdir}/initscripts/legacy-actions
 Name:		  iptables
 Version:	  1.8.9
-Release:	  4
+Release:	  5
 Summary:	  IP packet filter administration utilities
 License:	  GPL-2.0-only and Artistic-2.0
 URL:		  https://www.netfilter.org/
@ -26,6 +26,8 @@ Patch9:           backport-Fix-checking-of-conntrack-ctproto.patch
 Patch10:          backport-Fix-for-non-CIDR-compatible-hostmasks.patch
 Patch11:          backport-Prevent-XTOPT_PUT-with-XTTYPE_HOSTMASK.patch
 Patch12:          backport-libiptc-Fix-for-another-segfault-due-to-chain-index-NULL-pointer.patch
+Patch13:          backport-libxtables-Fix-memleak-of-matches-udata.patch
+Patch14:          backport-xshared-Fix-parsing-of-empty-string-arg-in-c-option.patch


 BuildRequires:    bison flex gcc kernel-headers libpcap-devel libselinux-devel systemd
@ -343,6 +345,13 @@ fi
 %{_datadir}/xtables/iptables.xslt

 %changelog
+* Tue Jun 25 2024 liweigang <liweiganga@uniontech.com> - 1.8.9-5
+- Type: bugfix
+- ID: NA
+- SUG: NA
+- DESC: libxtables: Fix memleak of matches' udata
+        xshared: Fix parsing of empty string arg in '-c' option
+
 * Fri Jun 14 2024 xinghe <xinghe2@h-partners.com> - 1.8.9-4
 - Type:bugfix
 - ID:NA