libnl3/backport-fix-reference-counters-of-sa-selector-addresses.patch

From c4c22d267117900b9582d5c2e934c107419c9603 Mon Sep 17 00:00:00 2001
From: Thomas Egerer <thomas.egerer@secunet.com>
Date: Mon, 27 Nov 2023 15:58:19 +0100
Subject: [PATCH] xfrm/sp: fix reference counters of sa selector/tmpl addresses

It's a similar issue as in commit 3f4f1dda, when calling
xfrmnl_sp_parse, the refcount of the addresses for selectors and
templates increases to two, as xfrmnl_sel_set_[s|d]addr and
xfrmnl_user_tmpl_set_[s|d]addr add another reference to the address
object. As only one of those refs is dropped in sel_destroy or
xfrmnl_user_tmpl_free respectively the address objects' refcount
will never drop to zero, causing a leak.

Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>

Fixes: 917154470895 ('xfrm: add xfrm support')

Conflict:NA
Reference:https://github.com/thom311/libnl/commit/c4c22d267117900b9582d5c2e934c107419c9603

---
 lib/xfrm/sp.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/lib/xfrm/sp.c b/lib/xfrm/sp.c
index ab7cf89..d38daef 100644
--- a/lib/xfrm/sp.c
+++ b/lib/xfrm/sp.c
@@ -563,6 +563,8 @@ int xfrmnl_sp_parse(struct nlmsghdr *n, struct xfrmnl_sp **result)
 		addr    = nl_addr_build (sp_info->sel.family, &sp_info->sel.daddr.a6, sizeof (sp_info->sel.daddr.a6));
 	nl_addr_set_prefixlen (addr, sp_info->sel.prefixlen_d);
 	xfrmnl_sel_set_daddr (sp->sel, addr);
+	/* Drop the reference count from the above set operation */
+	nl_addr_put(addr);
 	xfrmnl_sel_set_prefixlen_d (sp->sel, sp_info->sel.prefixlen_d);
 
 	if (sp_info->sel.family == AF_INET)
@@ -571,6 +573,8 @@ int xfrmnl_sp_parse(struct nlmsghdr *n, struct xfrmnl_sp **result)
 		addr    = nl_addr_build (sp_info->sel.family, &sp_info->sel.saddr.a6, sizeof (sp_info->sel.saddr.a6));
 	nl_addr_set_prefixlen (addr, sp_info->sel.prefixlen_s);
 	xfrmnl_sel_set_saddr (sp->sel, addr);
+	/* Drop the reference count from the above set operation */
+	nl_addr_put(addr);
 	xfrmnl_sel_set_prefixlen_s (sp->sel, sp_info->sel.prefixlen_s);
 
 	xfrmnl_sel_set_dport (sp->sel, ntohs (sp_info->sel.dport));
@@ -647,6 +651,8 @@ int xfrmnl_sp_parse(struct nlmsghdr *n, struct xfrmnl_sp **result)
 			else
 				addr = nl_addr_build(tmpl->family, &tmpl->id.daddr.a6, sizeof (tmpl->id.daddr.a6));
 			xfrmnl_user_tmpl_set_daddr (sputmpl, addr);
+			/* Drop the reference count from the above set operation */
+			nl_addr_put(addr);
 			xfrmnl_user_tmpl_set_spi (sputmpl, ntohl(tmpl->id.spi));
 			xfrmnl_user_tmpl_set_proto (sputmpl, tmpl->id.proto);
 			xfrmnl_user_tmpl_set_family (sputmpl, tmpl->family);
@@ -656,6 +662,8 @@ int xfrmnl_sp_parse(struct nlmsghdr *n, struct xfrmnl_sp **result)
 			else
 				addr = nl_addr_build(tmpl->family, &tmpl->saddr.a6, sizeof (tmpl->saddr.a6));
 			xfrmnl_user_tmpl_set_saddr (sputmpl, addr);
+			/* Drop the reference count from the above set operation */
+			nl_addr_put(addr);
 
 			xfrmnl_user_tmpl_set_reqid (sputmpl, tmpl->reqid);
 			xfrmnl_user_tmpl_set_mode (sputmpl, tmpl->mode);
-- 
2.33.0
sync some pathes from upstream (cherry picked from commit fc0dcd5419c12191d5a88cdb06d7cc1911a82c17) 2024-04-25 21:26:08 +08:00			`From c4c22d267117900b9582d5c2e934c107419c9603 Mon Sep 17 00:00:00 2001`
			`From: Thomas Egerer <thomas.egerer@secunet.com>`
			`Date: Mon, 27 Nov 2023 15:58:19 +0100`
			`Subject: [PATCH] xfrm/sp: fix reference counters of sa selector/tmpl addresses`

			`It's a similar issue as in commit 3f4f1dda, when calling`
			`xfrmnl_sp_parse, the refcount of the addresses for selectors and`
			`templates increases to two, as xfrmnl_sel_set_[s\|d]addr and`
			`xfrmnl_user_tmpl_set_[s\|d]addr add another reference to the address`
			`object. As only one of those refs is dropped in sel_destroy or`
			`xfrmnl_user_tmpl_free respectively the address objects' refcount`
			`will never drop to zero, causing a leak.`

			`Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>`

			`Fixes: 917154470895 ('xfrm: add xfrm support')`

			`Conflict:NA`
			`Reference:https://github.com/thom311/libnl/commit/c4c22d267117900b9582d5c2e934c107419c9603`

			`---`
			`lib/xfrm/sp.c \| 8 ++++++++`
			`1 file changed, 8 insertions(+)`

			`diff --git a/lib/xfrm/sp.c b/lib/xfrm/sp.c`
			`index ab7cf89..d38daef 100644`
			`--- a/lib/xfrm/sp.c`
			`+++ b/lib/xfrm/sp.c`
			`@@ -563,6 +563,8 @@ int xfrmnl_sp_parse(struct nlmsghdr n, struct xfrmnl_sp *result)`
			`addr = nl_addr_build (sp_info->sel.family, &sp_info->sel.daddr.a6, sizeof (sp_info->sel.daddr.a6));`
			`nl_addr_set_prefixlen (addr, sp_info->sel.prefixlen_d);`
			`xfrmnl_sel_set_daddr (sp->sel, addr);`
			`+ /* Drop the reference count from the above set operation */`
			`+ nl_addr_put(addr);`
			`xfrmnl_sel_set_prefixlen_d (sp->sel, sp_info->sel.prefixlen_d);`

			`if (sp_info->sel.family == AF_INET)`
			`@@ -571,6 +573,8 @@ int xfrmnl_sp_parse(struct nlmsghdr n, struct xfrmnl_sp *result)`
			`addr = nl_addr_build (sp_info->sel.family, &sp_info->sel.saddr.a6, sizeof (sp_info->sel.saddr.a6));`
			`nl_addr_set_prefixlen (addr, sp_info->sel.prefixlen_s);`
			`xfrmnl_sel_set_saddr (sp->sel, addr);`
			`+ /* Drop the reference count from the above set operation */`
			`+ nl_addr_put(addr);`
			`xfrmnl_sel_set_prefixlen_s (sp->sel, sp_info->sel.prefixlen_s);`

			`xfrmnl_sel_set_dport (sp->sel, ntohs (sp_info->sel.dport));`
			`@@ -647,6 +651,8 @@ int xfrmnl_sp_parse(struct nlmsghdr n, struct xfrmnl_sp *result)`
			`else`
			`addr = nl_addr_build(tmpl->family, &tmpl->id.daddr.a6, sizeof (tmpl->id.daddr.a6));`
			`xfrmnl_user_tmpl_set_daddr (sputmpl, addr);`
			`+ /* Drop the reference count from the above set operation */`
			`+ nl_addr_put(addr);`
			`xfrmnl_user_tmpl_set_spi (sputmpl, ntohl(tmpl->id.spi));`
			`xfrmnl_user_tmpl_set_proto (sputmpl, tmpl->id.proto);`
			`xfrmnl_user_tmpl_set_family (sputmpl, tmpl->family);`
			`@@ -656,6 +662,8 @@ int xfrmnl_sp_parse(struct nlmsghdr n, struct xfrmnl_sp *result)`
			`else`
			`addr = nl_addr_build(tmpl->family, &tmpl->saddr.a6, sizeof (tmpl->saddr.a6));`
			`xfrmnl_user_tmpl_set_saddr (sputmpl, addr);`
			`+ /* Drop the reference count from the above set operation */`
			`+ nl_addr_put(addr);`

			`xfrmnl_user_tmpl_set_reqid (sputmpl, tmpl->reqid);`
			`xfrmnl_user_tmpl_set_mode (sputmpl, tmpl->mode);`
			`--`
			`2.33.0`