Bug 1793030

Summary: Fix for covscan report
Product: Red Hat Enterprise Linux 8 Reporter: Phil Sutter <psutter>
Component: nftablesAssignee: Phil Sutter <psutter>
Status: CLOSED ERRATA QA Contact: Tomas Dolezal <todoleza>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 8.2CC: mleitner, todoleza
Target Milestone: rc   
Target Release: 8.2   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: nftables-0.9.3-9.el8 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-04-28 16:42:15 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
added.err none

Description Phil Sutter 2020-01-20 14:18:19 UTC 
Created attachment 1653959 [details]
added.err

Fix valid issues reported in attached covscan run.
Comment 1 Phil Sutter 2020-01-27 12:32:29 UTC 
Upstream commits to backport:

commit c3f6be3f2dcedf6d79751c0b975315ebc3184364
Author: Phil Sutter <phil>
Date:   Mon Jan 20 13:52:10 2020 +0100

    netlink: Fix leak in unterminated string deserializer
    
    Allocated 'mask' expression is not freed before returning to caller,
    although it is used temporarily only.
    
    Fixes: b851ba4731d9f ("src: add interface wildcard matching")
    Signed-off-by: Phil Sutter <phil>
    Acked-by: Pablo Neira Ayuso <pablo>

commit e957bd9f10d5e36671a0b0398e2037fc6201275b
Author: Phil Sutter <phil>
Date:   Mon Jan 20 14:48:26 2020 +0100

    netlink: Fix leaks in netlink_parse_cmp()
    
    This fixes several problems at once:
    
    * Err path would leak expr 'right' in two places and 'left' in one.
    * Concat case would leak 'right' by overwriting the pointer. Introduce a
      temporary variable to hold the new pointer.
    
    Fixes: 6377380bc265f ("netlink_delinearize: handle relational and lookup concat expressions")
    Signed-off-by: Phil Sutter <phil>
    Acked-by: Pablo Neira Ayuso <pablo>

commit c9ddf0bff363fc9101b563b592db600bdf4d65c5
Author: Phil Sutter <phil>
Date:   Mon Jan 20 16:32:40 2020 +0100

    netlink: Avoid potential NULL-pointer deref in netlink_gen_payload_stmt()
    
    With payload_needs_l4csum_update_pseudohdr() unconditionally
    dereferencing passed 'desc' parameter and a previous check for it to be
    non-NULL, make sure to call the function only if input is sane.
    
    Fixes: 68de70f2b3fc6 ("netlink_linearize: fix IPv6 layer 4 checksum mangling")
    Signed-off-by: Phil Sutter <phil>
    Acked-by: Pablo Neira Ayuso <pablo>
Comment 4 Phil Sutter 2020-02-12 17:44:47 UTC 
Same defects exist in RHEL8.1 as well (not sure why they went unnoticed in last errata), therefore requesting z-stream clone of this ticket.
Comment 7 errata-xmlrpc 2020-04-28 16:42:15 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2020:1774