Bug 1793030
Summary: | Fix for covscan report | ||||||
---|---|---|---|---|---|---|---|
Product: | Red Hat Enterprise Linux 8 | Reporter: | Phil Sutter <psutter> | ||||
Component: | nftables | Assignee: | Phil Sutter <psutter> | ||||
Status: | CLOSED ERRATA | QA Contact: | Tomas Dolezal <todoleza> | ||||
Severity: | unspecified | Docs Contact: | |||||
Priority: | unspecified | ||||||
Version: | 8.2 | CC: | mleitner, todoleza | ||||
Target Milestone: | rc | ||||||
Target Release: | 8.2 | ||||||
Hardware: | Unspecified | ||||||
OS: | Unspecified | ||||||
Whiteboard: | |||||||
Fixed In Version: | nftables-0.9.3-9.el8 | Doc Type: | If docs needed, set a value | ||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2020-04-28 16:42:15 UTC | Type: | Bug | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Upstream commits to backport: commit c3f6be3f2dcedf6d79751c0b975315ebc3184364 Author: Phil Sutter <phil> Date: Mon Jan 20 13:52:10 2020 +0100 netlink: Fix leak in unterminated string deserializer Allocated 'mask' expression is not freed before returning to caller, although it is used temporarily only. Fixes: b851ba4731d9f ("src: add interface wildcard matching") Signed-off-by: Phil Sutter <phil> Acked-by: Pablo Neira Ayuso <pablo> commit e957bd9f10d5e36671a0b0398e2037fc6201275b Author: Phil Sutter <phil> Date: Mon Jan 20 14:48:26 2020 +0100 netlink: Fix leaks in netlink_parse_cmp() This fixes several problems at once: * Err path would leak expr 'right' in two places and 'left' in one. * Concat case would leak 'right' by overwriting the pointer. Introduce a temporary variable to hold the new pointer. Fixes: 6377380bc265f ("netlink_delinearize: handle relational and lookup concat expressions") Signed-off-by: Phil Sutter <phil> Acked-by: Pablo Neira Ayuso <pablo> commit c9ddf0bff363fc9101b563b592db600bdf4d65c5 Author: Phil Sutter <phil> Date: Mon Jan 20 16:32:40 2020 +0100 netlink: Avoid potential NULL-pointer deref in netlink_gen_payload_stmt() With payload_needs_l4csum_update_pseudohdr() unconditionally dereferencing passed 'desc' parameter and a previous check for it to be non-NULL, make sure to call the function only if input is sane. Fixes: 68de70f2b3fc6 ("netlink_linearize: fix IPv6 layer 4 checksum mangling") Signed-off-by: Phil Sutter <phil> Acked-by: Pablo Neira Ayuso <pablo> Same defects exist in RHEL8.1 as well (not sure why they went unnoticed in last errata), therefore requesting z-stream clone of this ticket. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHEA-2020:1774 |
Created attachment 1653959 [details] added.err Fix valid issues reported in attached covscan run.