Bug 1661327
| Summary: | Backport covscan fixes | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 8 | Reporter: | Phil Sutter <psutter> |
| Component: | libnftnl | Assignee: | Phil Sutter <psutter> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Tomas Dolezal <todoleza> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 8.0 | CC: | todoleza, wchadwic |
| Target Milestone: | rc | Flags: | rule-engine:
mirror+
|
| Target Release: | 8.0 | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | libnftnl-1.1.1-3.el8 | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2019-06-14 01:07:10 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Phil Sutter
2018-12-20 20:06:31 UTC
Upstream commits to backport:
commit 16c44d9f42170264c4d484478c76e940951f1b70
Author: Phil Sutter <phil>
Date: Thu Dec 20 21:03:27 2018 +0100
object: Avoid obj_ops array overrun
In version 1.1.1, obj_ops array was smaller than __NFT_OBJECT_MAX since
there are no ops for NFT_OBJECT_CONNLIMIT. Avoid this potential issue in
the future by defining the array size.
Signed-off-by: Phil Sutter <phil>
Signed-off-by: Pablo Neira Ayuso <pablo>
commit 404ef7222d055aacdbd4d73dc0d8731fa8f6cbe4
Author: Phil Sutter <phil>
Date: Thu Dec 20 21:03:28 2018 +0100
flowtable: Add missing break
In nftnl_flowtable_set_data(), when setting flowtable size, the switch()
case fell through and the same value was copied into ft_flags field.
This can't be right.
Fixes: 41fe3d38ba34b ("flowtable: support for flags")
Signed-off-by: Phil Sutter <phil>
Signed-off-by: Pablo Neira Ayuso <pablo>
commit 822dc96815e96465822ce4b1187c4b29c06cb7c1
Author: Phil Sutter <phil>
Date: Thu Dec 20 21:03:29 2018 +0100
flowtable: Fix use after free in two spots
When freeing flowtable devices array, the loop freeing each device
string incorrectly included the call to free the device array itself.
Fixes: eb58f53372e74 ("src: add flowtable support")
Signed-off-by: Phil Sutter <phil>
Signed-off-by: Pablo Neira Ayuso <pablo>
commit 8ef66870832d56881703a7798ecdff9e19917b15
Author: Phil Sutter <phil>
Date: Thu Dec 20 21:03:30 2018 +0100
flowtable: Fix memleak in nftnl_flowtable_parse_devs()
Allocated strings in dev_array were not freed. Fix this by freeing them
on error path and assigning them to c->dev_array directly in regular
path.
Fixes: eb58f53372e74 ("src: add flowtable support")
Signed-off-by: Phil Sutter <phil>
Signed-off-by: Pablo Neira Ayuso <pablo>
commit f8eed54150fd49ed814e63a5db39eda67d4b3938
Author: Phil Sutter <phil>
Date: Thu Dec 20 21:03:31 2018 +0100
flowtable: Fix for reading garbage
nftnl_flowtable_get_data() doesn't assign to passt data_len pointer
destination in all cases, so initialize it to 0.
Fixes: eb58f53372e74 ("src: add flowtable support")
Signed-off-by: Phil Sutter <phil>
Signed-off-by: Pablo Neira Ayuso <pablo>
Given that libnftnl requires more work anyway (to resolve bug 1666495), I think this should be resolved along the way, too. |