From 73921d7939e4361f45f6b3a9ac425c08dd6c49aa Mon Sep 17 00:00:00 2001 From: yangl777 Date: Thu, 13 Feb 2025 03:42:16 +0000 Subject: [PATCH] sync some patches from upstream --- ...e-of-write-to-avoid-integer-overflow.patch | 52 +++++++++++++++++++ ...m-check-always-succeeding-once-again.patch | 45 ++++++++++++++++ iputils.spec | 10 +++- 3 files changed, 106 insertions(+), 1 deletion(-) create mode 100644 backport-ping-check-return-value-of-write-to-avoid-integer-overflow.patch create mode 100644 backport-ping-fix-IPv4-checksum-check-always-succeeding-once-again.patch diff --git a/backport-ping-check-return-value-of-write-to-avoid-integer-overflow.patch b/backport-ping-check-return-value-of-write-to-avoid-integer-overflow.patch new file mode 100644 index 0000000..8fa7197 --- /dev/null +++ b/backport-ping-check-return-value-of-write-to-avoid-integer-overflow.patch @@ -0,0 +1,52 @@ +From 0f12e6d5bb325df4eb9273b1e294a2cf94a53120 Mon Sep 17 00:00:00 2001 +From: Jan Macku +Date: Tue, 28 May 2024 12:25:57 +0200 +Subject: [PATCH 1/1] ping: check return value of write() to avoid integer + overflow + +Error: INTEGER_OVERFLOW (CWE-190): +iputils-20240117/ping/ping.h:291: tainted_data_return: Called function "write(1, str + o, len - o)", and a possible return value may be less than zero. +iputils-20240117/ping/ping.h:291: assign: Assigning: "cc" = "write(1, str + o, len - o)". +iputils-20240117/ping/ping.h:292: overflow: The expression "o += cc" might be negative, but is used in a context that treats it as unsigned. +iputils-20240117/ping/ping.h:291: overflow: The expression "len - o" is deemed underflowed because at least one of its arguments has underflowed. +iputils-20240117/ping/ping.h:291: overflow_sink: "len - o", which might have underflowed, is passed to "write(1, str + o, len - o)". + 289| ssize_t cc; + 290| do { + 291|-> cc = write(STDOUT_FILENO, str + o, len - o); + 292| o += cc; + 293| } while (len > o || cc < 0); + +Closes: https://github.com/iputils/iputils/pull/545 +Reviewed-by: Petr Vorel +Reviewed-by: Cyril Hrubis +Signed-off-by: Jan Macku + +Reference:https://github.com/iputils/iputils/commit/0f12e6d5bb325df4eb9273b1e294a2cf94a53120 +Conflict:NA + +--- + ping/ping.h | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +diff --git a/ping/ping.h b/ping/ping.h +index 98d035d..3e2e3c3 100644 +--- a/ping/ping.h ++++ b/ping/ping.h +@@ -290,8 +290,12 @@ static inline void write_stdout(const char *str, size_t len) + ssize_t cc; + do { + cc = write(STDOUT_FILENO, str + o, len - o); +- o += cc; +- } while (len > o || cc < 0); ++ ++ if (cc < 0) ++ break; ++ ++ o += (size_t) cc; ++ } while (len > o); + } + + /* +-- +2.33.0 + diff --git a/backport-ping-fix-IPv4-checksum-check-always-succeeding-once-again.patch b/backport-ping-fix-IPv4-checksum-check-always-succeeding-once-again.patch new file mode 100644 index 0000000..118d8c3 --- /dev/null +++ b/backport-ping-fix-IPv4-checksum-check-always-succeeding-once-again.patch @@ -0,0 +1,45 @@ +From bacf1b7bb8555c407d065e97015319abef2a742d Mon Sep 17 00:00:00 2001 +From: Ahmad Fatoum +Date: Thu, 4 Apr 2024 21:17:39 +0200 +Subject: [PATCH 1/1] ping: fix IPv4 checksum check always succeeding once + again + +This issue was fixed once already in commit bff65fbb6f73 +("fix checksum always success in IPv4 ping."), but was reverted +shortly after, likely due to a botched rebase. + +Fix this issue again, so ping correctly reports checksum mismatches +in ICMP ECHO replies. + +This time it was found with barebox v2024.03.0 (or older) which has +broken checksum on a Raspberry Pi 3b and ping its network interface +(checksum mismatch verified by Wireshark). + +Closes: https://github.com/iputils/iputils/pull/534 +Fixes: 8b8686794f69 ("warnings: remove variable shadowing") +Reviewed-by: Petr Vorel +Signed-off-by: Ahmad Fatoum + +Reference:https://github.com/iputils/iputils/commit/bacf1b7bb8555c407d065e97015319abef2a742d +Conflict:NA + +--- + ping/ping.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/ping/ping.c b/ping/ping.c +index d0803fe..1a3e52c 100644 +--- a/ping/ping.c ++++ b/ping/ping.c +@@ -1654,7 +1654,7 @@ int ping4_parse_reply(struct ping_rts *rts, struct socket_st *sock, + wrong_source = 1; + if (gather_statistics(rts, (uint8_t *)icp, sizeof(*icp), cc, + ntohs(icp->un.echo.sequence), +- reply_ttl, 0, tv, pr_addr(rts, from, sizeof *from), ++ reply_ttl, csfailed, tv, pr_addr(rts, from, sizeof *from), + pr_echo_reply, rts->multicast, wrong_source)) { + fflush(stdout); + return 0; +-- +2.33.0 + diff --git a/iputils.spec b/iputils.spec index 42f0683..81d98a2 100644 --- a/iputils.spec +++ b/iputils.spec @@ -1,6 +1,6 @@ Name: iputils Version: 20221126 -Release: 5 +Release: 6 Summary: Network monitoring tools including ping License: BSD and GPLv2+ URL: https://github.com/iputils/iputils @@ -26,6 +26,8 @@ Patch6005: backport-ping6-Fix-support-for-DSCP.patch Patch6006: backport-Revert-ping-use-random-value-for-the-identifier-field.patch Patch6007: backport-ping-Handle-interval-correctly-in-the-second-after-booting.patch Patch6008: backport-tracepath-Dont-assume-tv_sec-0-means-unset.patch +Patch6009: backport-ping-check-return-value-of-write-to-avoid-integer-overflow.patch +Patch6010: backport-ping-fix-IPv4-checksum-check-always-succeeding-once-again.patch BuildRequires: gcc meson libidn2-devel openssl-devel libcap-devel libxslt BuildRequires: docbook5-style-xsl systemd iproute glibc-kernheaders gettext @@ -98,6 +100,12 @@ install -cp ifenslave.8 ${RPM_BUILD_ROOT}%{_mandir}/man8/ %{_mandir}/man8/*.8.gz %changelog +* Thu Feb 13 2025 yanglu - 20221126-6 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:sync some patches from upstream + * Fri Apr 26 2024 suhai - 20221126-5 - Type:bugfix - ID:NA -- Gitee