RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1793030 - Fix for covscan report
Summary: Fix for covscan report
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 8
Classification: Red Hat
Component: nftables
Version: 8.2
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: 8.2
Assignee: Phil Sutter
QA Contact: Tomas Dolezal
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2020-01-20 14:18 UTC by Phil Sutter
Modified: 2023-04-11 15:53 UTC (History)
2 users (show)

Fixed In Version: nftables-0.9.3-9.el8
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2020-04-28 16:42:15 UTC
Type: Bug
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)
added.err (19.96 KB, text/plain)
2020-01-20 14:18 UTC, Phil Sutter 		no flags Details
View All


Links
System ID Private Priority Status Summary Last Updated
Red Hat Issue Tracker RHELPLAN-33628 0 None None None 2023-04-11 15:53:00 UTC
Red Hat Product Errata RHEA-2020:1774 0 None None None 2020-04-28 16:42:33 UTC

Description Phil Sutter 2020-01-20 14:18:19 UTC 
Created attachment 1653959 [details]
added.err

Fix valid issues reported in attached covscan run.
Comment 1 Phil Sutter 2020-01-27 12:32:29 UTC 
Upstream commits to backport:

commit c3f6be3f2dcedf6d79751c0b975315ebc3184364
Author: Phil Sutter <phil>
Date:   Mon Jan 20 13:52:10 2020 +0100

    netlink: Fix leak in unterminated string deserializer
    
    Allocated 'mask' expression is not freed before returning to caller,
    although it is used temporarily only.
    
    Fixes: b851ba4731d9f ("src: add interface wildcard matching")
    Signed-off-by: Phil Sutter <phil>
    Acked-by: Pablo Neira Ayuso <pablo>

commit e957bd9f10d5e36671a0b0398e2037fc6201275b
Author: Phil Sutter <phil>
Date:   Mon Jan 20 14:48:26 2020 +0100

    netlink: Fix leaks in netlink_parse_cmp()
    
    This fixes several problems at once:
    
    * Err path would leak expr 'right' in two places and 'left' in one.
    * Concat case would leak 'right' by overwriting the pointer. Introduce a
      temporary variable to hold the new pointer.
    
    Fixes: 6377380bc265f ("netlink_delinearize: handle relational and lookup concat expressions")
    Signed-off-by: Phil Sutter <phil>
    Acked-by: Pablo Neira Ayuso <pablo>

commit c9ddf0bff363fc9101b563b592db600bdf4d65c5
Author: Phil Sutter <phil>
Date:   Mon Jan 20 16:32:40 2020 +0100

    netlink: Avoid potential NULL-pointer deref in netlink_gen_payload_stmt()
    
    With payload_needs_l4csum_update_pseudohdr() unconditionally
    dereferencing passed 'desc' parameter and a previous check for it to be
    non-NULL, make sure to call the function only if input is sane.
    
    Fixes: 68de70f2b3fc6 ("netlink_linearize: fix IPv6 layer 4 checksum mangling")
    Signed-off-by: Phil Sutter <phil>
    Acked-by: Pablo Neira Ayuso <pablo>
Comment 4 Phil Sutter 2020-02-12 17:44:47 UTC 
Same defects exist in RHEL8.1 as well (not sure why they went unnoticed in last errata), therefore requesting z-stream clone of this ticket.
Comment 7 errata-xmlrpc 2020-04-28 16:42:15 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2020:1774
Note You need to log in before you can comment on or make changes to this bug.