Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1661327

Summary: Backport covscan fixes
Product: Red Hat Enterprise Linux 8 Reporter: Phil Sutter <psutter>
Component: libnftnlAssignee: Phil Sutter <psutter>
Status: CLOSED CURRENTRELEASE QA Contact: Tomas Dolezal <todoleza>
Severity: medium Docs Contact:
Priority: medium    
Version: 8.0CC: todoleza, wchadwic
Target Milestone: rcFlags: rule-engine: mirror+
Target Release: 8.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: libnftnl-1.1.1-3.el8 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-06-14 01:07:10 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Phil Sutter 2018-12-20 20:06:31 UTC 
Covscan identified a number of potential issues, fixed in this series sent upstream: https://marc.info/?l=netfilter-devel&m=154533625412027&w=2
Comment 2 Phil Sutter 2019-01-16 22:57:40 UTC 
Upstream commits to backport:

commit 16c44d9f42170264c4d484478c76e940951f1b70
Author: Phil Sutter <phil>
Date:   Thu Dec 20 21:03:27 2018 +0100

    object: Avoid obj_ops array overrun
    
    In version 1.1.1, obj_ops array was smaller than __NFT_OBJECT_MAX since
    there are no ops for NFT_OBJECT_CONNLIMIT. Avoid this potential issue in
    the future by defining the array size.
    
    Signed-off-by: Phil Sutter <phil>
    Signed-off-by: Pablo Neira Ayuso <pablo>

commit 404ef7222d055aacdbd4d73dc0d8731fa8f6cbe4
Author: Phil Sutter <phil>
Date:   Thu Dec 20 21:03:28 2018 +0100

    flowtable: Add missing break
    
    In nftnl_flowtable_set_data(), when setting flowtable size, the switch()
    case fell through and the same value was copied into ft_flags field.
    This can't be right.
    
    Fixes: 41fe3d38ba34b ("flowtable: support for flags")
    Signed-off-by: Phil Sutter <phil>
    Signed-off-by: Pablo Neira Ayuso <pablo>

commit 822dc96815e96465822ce4b1187c4b29c06cb7c1
Author: Phil Sutter <phil>
Date:   Thu Dec 20 21:03:29 2018 +0100

    flowtable: Fix use after free in two spots
    
    When freeing flowtable devices array, the loop freeing each device
    string incorrectly included the call to free the device array itself.
    
    Fixes: eb58f53372e74 ("src: add flowtable support")
    Signed-off-by: Phil Sutter <phil>
    Signed-off-by: Pablo Neira Ayuso <pablo>

commit 8ef66870832d56881703a7798ecdff9e19917b15
Author: Phil Sutter <phil>
Date:   Thu Dec 20 21:03:30 2018 +0100

    flowtable: Fix memleak in nftnl_flowtable_parse_devs()
    
    Allocated strings in dev_array were not freed. Fix this by freeing them
    on error path and assigning them to c->dev_array directly in regular
    path.
    
    Fixes: eb58f53372e74 ("src: add flowtable support")
    Signed-off-by: Phil Sutter <phil>
    Signed-off-by: Pablo Neira Ayuso <pablo>

commit f8eed54150fd49ed814e63a5db39eda67d4b3938
Author: Phil Sutter <phil>
Date:   Thu Dec 20 21:03:31 2018 +0100

    flowtable: Fix for reading garbage
    
    nftnl_flowtable_get_data() doesn't assign to passt data_len pointer
    destination in all cases, so initialize it to 0.
    
    Fixes: eb58f53372e74 ("src: add flowtable support")
    Signed-off-by: Phil Sutter <phil>
    Signed-off-by: Pablo Neira Ayuso <pablo>
Comment 3 Phil Sutter 2019-01-17 17:22:15 UTC 
Given that libnftnl requires more work anyway (to resolve bug 1666495), I think this should be resolved along the way, too.