From 821ef3499cfea763423e88f125415b43adaaf2a9 Mon Sep 17 00:00:00 2001 From: superCharge Date: Fri, 28 Apr 2023 15:38:18 +0800 Subject: [PATCH] =?UTF-8?q?backport=20patch=20from=20upstream=EF=BC=9A=20b?= =?UTF-8?q?ackport-libbpf-Fix-alen-calculation-in-libbpf=5Fnla=5Fdump=5Fer?= =?UTF-8?q?ror.patch?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...calculation-in-libbpf_nla_dump_error.patch | 32 +++++++++++++++++++ libbpf.spec | 7 +++- 2 files changed, 38 insertions(+), 1 deletion(-) create mode 100644 backport-libbpf-Fix-alen-calculation-in-libbpf_nla_dump_error.patch diff --git a/backport-libbpf-Fix-alen-calculation-in-libbpf_nla_dump_error.patch b/backport-libbpf-Fix-alen-calculation-in-libbpf_nla_dump_error.patch new file mode 100644 index 0000000..c59ec79 --- /dev/null +++ b/backport-libbpf-Fix-alen-calculation-in-libbpf_nla_dump_error.patch @@ -0,0 +1,32 @@ +From 418962b6861c0f3459400b3ea43aa6e709612f49 Mon Sep 17 00:00:00 2001 +From: Ilya Leoshkevich +Date: Fri, 10 Feb 2023 01:12:01 +0100 +Subject: [PATCH] libbpf: Fix alen calculation in libbpf_nla_dump_errormsg() + +The code assumes that everything that comes after nlmsgerr are nlattrs. +When calculating their size, it does not account for the initial +nlmsghdr. This may lead to accessing uninitialized memory. + +Fixes: bbf48c18ee0c ("libbpf: add error reporting in XDP") +Signed-off-by: Ilya Leoshkevich +Signed-off-by: Andrii Nakryiko +Link: https://lore.kernel.org/bpf/20230210001210.395194-8-iii@linux.ibm.com +--- + src/nlattr.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/nlattr.c b/src/nlattr.c +index 3900d05..975e265 100644 +--- a/src/nlattr.c ++++ b/src/nlattr.c +@@ -178,7 +178,7 @@ int libbpf_nla_dump_errormsg(struct nlmsghdr *nlh) + hlen += nlmsg_len(&err->msg); + + attr = (struct nlattr *) ((void *) err + hlen); +- alen = nlh->nlmsg_len - hlen; ++ alen = (void *)nlh + nlh->nlmsg_len - (void *)attr; + + if (libbpf_nla_parse(tb, NLMSGERR_ATTR_MAX, attr, alen, + extack_policy) != 0) { + + diff --git a/libbpf.spec b/libbpf.spec index d7432e3..55ff190 100644 --- a/libbpf.spec +++ b/libbpf.spec @@ -4,7 +4,7 @@ Name: %{githubname} Version: %{githubver} -Release: 4 +Release: 5 Summary: Libbpf library License: LGPLv2 or BSD @@ -25,6 +25,7 @@ Patch0009: backport-libbpf-Fix-null-pointer-dereference-in-find_prog_by_.pa Patch0010: backport-sync-start-syncing-include-uapi-linux-fcntl.h-UAPI-h.patch Patch0011: backport-libbpf-Handle-size-overflow-for-ringbuf-mmap.patch Patch0012: backport-libbpf-Use-page-size-as-max_entries-when-probing-rin.patch +Patch0013: backport-libbpf-Fix-alen-calculation-in-libbpf_nla_dump_error.patch # This package supersedes libbpf from kernel-tools, # which has default Epoch: 0. By having Epoch: 1 @@ -77,6 +78,10 @@ developing applications that use %{name} %{_libdir}/libbpf.a %changelog +* Fri Apr 28 2023 SuperCharge -2:0.8.1-5 +- backport patches from upstream: + backport-libbpf-Fix-alen-calculation-in-libbpf_nla_dump_error.patch + * Sat Mar 11 2023 SuperCharge -2:0.8.1-4 - backport patches from upstream: backport-libbpf-Fix-overrun-in-netlink-attribute-iteration.patch -- Gitee