diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..b66c3a1 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/libnetfilter_cthelper-1.0.0.tar.bz2 diff --git a/.libnetfilter_cthelper.metadata b/.libnetfilter_cthelper.metadata new file mode 100644 index 0000000..32c4cb8 --- /dev/null +++ b/.libnetfilter_cthelper.metadata @@ -0,0 +1 @@ +5d0a82794bd46aafde20c16800edca23d563de66 SOURCES/libnetfilter_cthelper-1.0.0.tar.bz2 diff --git a/SOURCES/0002-examples-fix-double-free-in-nftc-helper-add.patch b/SOURCES/0002-examples-fix-double-free-in-nftc-helper-add.patch new file mode 100644 index 0000000..f42d34a --- /dev/null +++ b/SOURCES/0002-examples-fix-double-free-in-nftc-helper-add.patch @@ -0,0 +1,50 @@ +From 7b175a4fc9f81fe3f721d9a7ebb5b954a4fd7606 Mon Sep 17 00:00:00 2001 +From: Liping Zhang +Date: Sun, 19 Mar 2017 22:01:10 +0800 +Subject: [PATCH] examples: fix double free in nftc-helper-add + +After inputting the following test command, core dump happened: + # ./examples/nfct-helper-add test 1 + *** Error in + `.../libnetfilter_cthelper/examples/.libs/lt-nfct-helper-add': + double free or corruption (fasttop): 0x0000000001f3c070 *** + ======= Backtrace: ========= + /lib64/libc.so.6(+0x77de5)[0x7fd9ebe88de5] + /lib64/libc.so.6(+0x8022a)[0x7fd9ebe9122a] + /lib64/libc.so.6(cfree+0x4c)[0x7fd9ebe9478c] + [...] + +Because "struct nfct_helper_policy *p" had been freed by nfct_helper_free, +so there's no need to invoke nfct_helper_policy_free again, otherwise +double free error will happen. + +Signed-off-by: Liping Zhang +Signed-off-by: Pablo Neira Ayuso +(cherry picked from commit 9f223e612d3b0be6e4dca84e1db8042dbec64e93) +--- + examples/nfct-helper-add.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/examples/nfct-helper-add.c b/examples/nfct-helper-add.c +index 6c476261b75e8..cb7291e8ec4b0 100644 +--- a/examples/nfct-helper-add.c ++++ b/examples/nfct-helper-add.c +@@ -32,6 +32,7 @@ int main(int argc, char *argv[]) + nfct_helper_attr_set_u16(nfct_helper, NFCTH_ATTR_PROTO_L3NUM, AF_INET); + nfct_helper_attr_set_u8(nfct_helper, NFCTH_ATTR_PROTO_L4NUM, IPPROTO_TCP); + ++ /* Will be freed by nfct_helper_free. */ + p = nfct_helper_policy_alloc(); + if (p == NULL) { + perror("OOM"); +@@ -49,7 +50,6 @@ int main(int argc, char *argv[]) + nfct_helper_nlmsg_build_payload(nlh, nfct_helper); + + nfct_helper_free(nfct_helper); +- nfct_helper_policy_free(p); + + nl = mnl_socket_open(NETLINK_NETFILTER); + if (nl == NULL) { +-- +2.21.0 + diff --git a/SOURCES/libnetfilter_cthelper-1.0.0-cleanup.patch b/SOURCES/libnetfilter_cthelper-1.0.0-cleanup.patch new file mode 100644 index 0000000..56a8c58 --- /dev/null +++ b/SOURCES/libnetfilter_cthelper-1.0.0-cleanup.patch @@ -0,0 +1,131 @@ +diff --git a/.gitignore b/.gitignore +new file mode 100644 +index 0000000..a83525b +--- /dev/null ++++ b/.gitignore +@@ -0,0 +1,18 @@ ++.deps/ ++.libs/ ++Makefile ++Makefile.in ++*.o ++*.la ++*.lo ++ ++/aclocal.m4 ++/autom4te.cache/ ++/build-aux/ ++/config.* ++/configure ++/libtool ++ ++/doxygen.cfg ++/*.pc ++/stamp-h1 +diff --git a/configure.ac b/configure.ac +index d9b0118..9389b70 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -8,6 +8,7 @@ AC_CONFIG_HEADERS([config.h]) + + AM_INIT_AUTOMAKE([-Wall foreign tar-pax no-dist-gzip dist-bzip2 + 1.6 subdir-objects]) ++m4_ifdef([AM_PROG_AR], [AM_PROG_AR]) + + dnl kernel style compile messages + m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])]) +@@ -21,7 +22,7 @@ AC_DISABLE_STATIC + LT_INIT + CHECK_GCC_FVISIBILITY + case "$host" in +-*-*-linux*) ;; ++*-*-linux* | *-*-uclinux*) ;; + *) AC_MSG_ERROR([Linux only, dude!]);; + esac + +diff --git a/include/linux/netfilter/nfnetlink.h b/include/linux/netfilter/nfnetlink.h +index f1b546e..c755646 100644 +--- a/include/linux/netfilter/nfnetlink.h ++++ b/include/linux/netfilter/nfnetlink.h +@@ -18,6 +18,10 @@ enum nfnetlink_groups { + #define NFNLGRP_CONNTRACK_EXP_UPDATE NFNLGRP_CONNTRACK_EXP_UPDATE + NFNLGRP_CONNTRACK_EXP_DESTROY, + #define NFNLGRP_CONNTRACK_EXP_DESTROY NFNLGRP_CONNTRACK_EXP_DESTROY ++ NFNLGRP_NFTABLES, ++#define NFNLGRP_NFTABLES NFNLGRP_NFTABLES ++ NFNLGRP_ACCT_QUOTA, ++#define NFNLGRP_ACCT_QUOTA NFNLGRP_ACCT_QUOTA + __NFNLGRP_MAX, + }; + #define NFNLGRP_MAX (__NFNLGRP_MAX - 1) +@@ -51,46 +55,12 @@ struct nfgenmsg { + #define NFNL_SUBSYS_ACCT 7 + #define NFNL_SUBSYS_CTNETLINK_TIMEOUT 8 + #define NFNL_SUBSYS_CTHELPER 9 +-#define NFNL_SUBSYS_COUNT 10 ++#define NFNL_SUBSYS_NFTABLES 10 ++#define NFNL_SUBSYS_NFT_COMPAT 11 ++#define NFNL_SUBSYS_COUNT 12 + +-#ifdef __KERNEL__ ++/* Reserved control nfnetlink messages */ ++#define NFNL_MSG_BATCH_BEGIN NLMSG_MIN_TYPE ++#define NFNL_MSG_BATCH_END NLMSG_MIN_TYPE+1 + +-#include +-#include +-#include +- +-struct nfnl_callback { +- int (*call)(struct sock *nl, struct sk_buff *skb, +- const struct nlmsghdr *nlh, +- const struct nlattr * const cda[]); +- int (*call_rcu)(struct sock *nl, struct sk_buff *skb, +- const struct nlmsghdr *nlh, +- const struct nlattr * const cda[]); +- const struct nla_policy *policy; /* netlink attribute policy */ +- const u_int16_t attr_count; /* number of nlattr's */ +-}; +- +-struct nfnetlink_subsystem { +- const char *name; +- __u8 subsys_id; /* nfnetlink subsystem ID */ +- __u8 cb_count; /* number of callbacks */ +- const struct nfnl_callback *cb; /* callback for individual types */ +-}; +- +-extern int nfnetlink_subsys_register(const struct nfnetlink_subsystem *n); +-extern int nfnetlink_subsys_unregister(const struct nfnetlink_subsystem *n); +- +-extern int nfnetlink_has_listeners(struct net *net, unsigned int group); +-extern int nfnetlink_send(struct sk_buff *skb, struct net *net, u32 pid, unsigned group, +- int echo, gfp_t flags); +-extern int nfnetlink_set_err(struct net *net, u32 pid, u32 group, int error); +-extern int nfnetlink_unicast(struct sk_buff *skb, struct net *net, u_int32_t pid, int flags); +- +-extern void nfnl_lock(void); +-extern void nfnl_unlock(void); +- +-#define MODULE_ALIAS_NFNL_SUBSYS(subsys) \ +- MODULE_ALIAS("nfnetlink-subsys-" __stringify(subsys)) +- +-#endif /* __KERNEL__ */ +-#endif /* _NFNETLINK_H */ ++#endif /* _NFNETLINK_H */ +diff --git a/src/libnetfilter_cthelper.c b/src/libnetfilter_cthelper.c +index 2978870..f8f58e6 100644 +--- a/src/libnetfilter_cthelper.c ++++ b/src/libnetfilter_cthelper.c +@@ -113,11 +113,11 @@ void nfct_helper_free(struct nfct_helper *h) + { + int i; + +- free(h); + for (i=0; iexpect_policy[i]) + free(h->expect_policy[i]); + } ++ free(h); + } + EXPORT_SYMBOL(nfct_helper_free); + diff --git a/SPECS/libnetfilter_cthelper.spec b/SPECS/libnetfilter_cthelper.spec new file mode 100644 index 0000000..11a4154 --- /dev/null +++ b/SPECS/libnetfilter_cthelper.spec @@ -0,0 +1,70 @@ +Name: libnetfilter_cthelper +Version: 1.0.0 +Release: 11%{?dist} +Summary: User-space infrastructure for connection tracking helpers +Group: System Environment/Libraries +License: GPLv2 +URL: http://www.netfilter.org/projects/libnetfilter_cthelper/index.html +Source0: http://www.netfilter.org/projects/libnetfilter_cthelper/files/libnetfilter_cthelper-%{version}.tar.bz2 +BuildRequires: libmnl-devel >= 1.0.0, pkgconfig, kernel-headers + +Patch1: libnetfilter_cthelper-1.0.0-cleanup.patch +Patch2: 0002-examples-fix-double-free-in-nftc-helper-add.patch + +%description +This library provides the infrastructure for the user-space helper +infrastructure available since the Linux kernel 3.6. + +%package devel +Summary: Development files for %{name} +Group: Development/Libraries +Requires: %{name}%{?_isa} = %{version}-%{release} +Requires: libmnl-devel >= 1.0.0 +Requires: kernel-headers + +%description devel +The %{name}-devel package contains libraries and header files for +developing applications that use %{name}. + +%prep +%setup -q +%patch1 -p1 +%patch2 -p1 + +%build +%configure --disable-static +make %{?_smp_mflags} + +%install +rm -rf $RPM_BUILD_ROOT +%make_install +find $RPM_BUILD_ROOT -type f -name '*.la' -exec rm -f {} ';' + +%post -p /sbin/ldconfig +%postun -p /sbin/ldconfig + +%files +%doc COPYING README +%{_libdir}/*.so.* + +%files devel +%{_libdir}/pkgconfig/*.pc +%dir %{_includedir}/libnetfilter_cthelper +%{_includedir}/libnetfilter_cthelper/*.h +%{_libdir}/*.so + +%changelog +* Fri Sep 06 2019 Phil Sutter - 1.0.0-11 +- Rebuild for inclusion into s390x. + +* Mon Mar 11 2019 Phil Sutter - 1.0.0-10 +- Resolves: rhbz#1256215 - double free happened when nfct_helper_free() [...] + +* Mon Jul 25 2016 Paul Wouters - 1.0.0-9 +- Resolves: rhbz#1252344 Use after free in nfct_helper_free + +* Wed Oct 14 2015 Paul Wouters - 1.0.0-8 +- Resolves: rhbz#1233222 (do not include examples/ as these become arch specific) + +* Wed Jun 10 2015 Paul Wouters - 1.0.0-7 +- Resolves: rhbz#1233222 Add libnetfilter_cthelper package to RHEL-7