iputils/backport-ping-check-return-value-of-write-to-avoid-integer-overflow.patch

From 0f12e6d5bb325df4eb9273b1e294a2cf94a53120 Mon Sep 17 00:00:00 2001
From: Jan Macku <jamacku@redhat.com>
Date: Tue, 28 May 2024 12:25:57 +0200
Subject: [PATCH 1/1] ping: check return value of write() to avoid integer
 overflow

Error: INTEGER_OVERFLOW (CWE-190):
iputils-20240117/ping/ping.h:291: tainted_data_return: Called function "write(1, str + o, len - o)", and a possible return value may be less than zero.
iputils-20240117/ping/ping.h:291: assign: Assigning: "cc" = "write(1, str + o, len - o)".
iputils-20240117/ping/ping.h:292: overflow: The expression "o += cc" might be negative, but is used in a context that treats it as unsigned.
iputils-20240117/ping/ping.h:291: overflow: The expression "len - o" is deemed underflowed because at least one of its arguments has underflowed.
iputils-20240117/ping/ping.h:291: overflow_sink: "len - o", which might have underflowed, is passed to "write(1, str + o, len - o)".
  289|           ssize_t cc;
  290|           do {
  291|->                 cc = write(STDOUT_FILENO, str + o, len - o);
  292|                   o += cc;
  293|           } while (len > o || cc < 0);

Closes: https://github.com/iputils/iputils/pull/545
Reviewed-by: Petr Vorel <pvorel@suse.cz>
Reviewed-by: Cyril Hrubis <chrubis@suse.cz>
Signed-off-by: Jan Macku <jamacku@redhat.com>

Reference:https://github.com/iputils/iputils/commit/0f12e6d5bb325df4eb9273b1e294a2cf94a53120
Conflict:NA

---
 ping/ping.h | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/ping/ping.h b/ping/ping.h
index 98d035d..3e2e3c3 100644
--- a/ping/ping.h
+++ b/ping/ping.h
@@ -290,8 +290,12 @@ static inline void write_stdout(const char *str, size_t len)
 	ssize_t cc;
 	do {
 		cc = write(STDOUT_FILENO, str + o, len - o);
-		o += cc;
-	} while (len > o || cc < 0);
+
+		if (cc < 0)
+			break;
+
+		o += (size_t) cc;
+	} while (len > o);
 }
 
 /*
-- 
2.33.0
sync some patches from upstream 2025-02-13 06:19:15 +00:00			`From 0f12e6d5bb325df4eb9273b1e294a2cf94a53120 Mon Sep 17 00:00:00 2001`
			`From: Jan Macku <jamacku@redhat.com>`
			`Date: Tue, 28 May 2024 12:25:57 +0200`
			`Subject: [PATCH 1/1] ping: check return value of write() to avoid integer`
			`overflow`

			`Error: INTEGER_OVERFLOW (CWE-190):`
			`iputils-20240117/ping/ping.h:291: tainted_data_return: Called function "write(1, str + o, len - o)", and a possible return value may be less than zero.`
			`iputils-20240117/ping/ping.h:291: assign: Assigning: "cc" = "write(1, str + o, len - o)".`
			`iputils-20240117/ping/ping.h:292: overflow: The expression "o += cc" might be negative, but is used in a context that treats it as unsigned.`
			`iputils-20240117/ping/ping.h:291: overflow: The expression "len - o" is deemed underflowed because at least one of its arguments has underflowed.`
			`iputils-20240117/ping/ping.h:291: overflow_sink: "len - o", which might have underflowed, is passed to "write(1, str + o, len - o)".`
			`289\| ssize_t cc;`
			`290\| do {`
			`291\|-> cc = write(STDOUT_FILENO, str + o, len - o);`
			`292\| o += cc;`
			`293\| } while (len > o \|\| cc < 0);`

			`Closes: https://github.com/iputils/iputils/pull/545`
			`Reviewed-by: Petr Vorel <pvorel@suse.cz>`
			`Reviewed-by: Cyril Hrubis <chrubis@suse.cz>`
			`Signed-off-by: Jan Macku <jamacku@redhat.com>`

			`Reference:https://github.com/iputils/iputils/commit/0f12e6d5bb325df4eb9273b1e294a2cf94a53120`
			`Conflict:NA`

			`---`
			`ping/ping.h \| 8 ++++++--`
			`1 file changed, 6 insertions(+), 2 deletions(-)`

			`diff --git a/ping/ping.h b/ping/ping.h`
			`index 98d035d..3e2e3c3 100644`
			`--- a/ping/ping.h`
			`+++ b/ping/ping.h`
			`@@ -290,8 +290,12 @@ static inline void write_stdout(const char *str, size_t len)`
			`ssize_t cc;`
			`do {`
			`cc = write(STDOUT_FILENO, str + o, len - o);`
			`- o += cc;`
			`- } while (len > o \|\| cc < 0);`
			`+`
			`+ if (cc < 0)`
			`+ break;`
			`+`
			`+ o += (size_t) cc;`
			`+ } while (len > o);`
			`}`

			`/*`
			`--`
			`2.33.0`