diff --git a/backport-8021Qaz-check-for-rx-block-validity.patch b/backport-8021Qaz-check-for-rx-block-validity.patch new file mode 100644 index 0000000000000000000000000000000000000000..71868f28f2342efbb090fe506cc86c0a7444ddd2 --- /dev/null +++ b/backport-8021Qaz-check-for-rx-block-validity.patch @@ -0,0 +1,129 @@ +From dbbfdde4febf2f2ebb8522ff817f5fd169883dbc Mon Sep 17 00:00:00 2001 +From: Aaron Conole +Date: Wed, 25 Aug 2021 10:37:22 -0400 +Subject: [PATCH] 8021Qaz: check for rx block validity + +There is a slim but possible race in the 8021Qaz processing when handling +TLVs during ifdown windows. To address this, check for the rx block +before dereferencing it. + +Conflict:NA +Reference:https://github.com/openSUSE/lldpad/commit/dbbfdde4febf2f2ebb8522ff817f5fd169883dbc + +closes https://github.com/intel/openlldp/issues/78 +Signed-off-by: Aaron Conole +--- + lldp_8021qaz.c | 41 ++++++++++++++++++++++++++++------------- + 1 file changed, 28 insertions(+), 13 deletions(-) + +diff --git a/lldp_8021qaz.c b/lldp_8021qaz.c +index abeae46..5fccbe4 100644 +--- a/lldp_8021qaz.c ++++ b/lldp_8021qaz.c +@@ -1563,48 +1563,63 @@ static bool unpack_ieee8021qaz_tlvs(struct port *port, + /* Process */ + switch (tlv->info[OUI_SIZE]) { + case IEEE8021QAZ_ETSCFG_TLV: +- if (tlvs->rx->etscfg == NULL) { ++ if (tlvs->rx && tlvs->rx->etscfg == NULL) { + tlvs->ieee8021qazdu |= RCVD_IEEE8021QAZ_TLV_ETSCFG; + tlvs->rx->etscfg = tlv; +- } else { ++ } else if (tlvs->rx) { + LLDPAD_WARN("%s: %s: 802.1Qaz Duplicate ETSCFG TLV\n", + __func__, port->ifname); + agent->rx.dupTlvs |= DUP_IEEE8021QAZ_TLV_ETSCFG; + return false; ++ } else { ++ LLDPAD_INFO("%s: %s: 802.1Qaz port IFDOWN\n", ++ __func__, port->ifname); ++ return false; + } + break; + case IEEE8021QAZ_ETSREC_TLV: +- if (tlvs->rx->etsrec == NULL) { ++ if (tlvs->rx && tlvs->rx->etsrec == NULL) { + tlvs->ieee8021qazdu |= RCVD_IEEE8021QAZ_TLV_ETSREC; + tlvs->rx->etsrec = tlv; +- } else { ++ } else if (tlvs->rx) { + LLDPAD_WARN("%s: %s: 802.1Qaz Duplicate ETSREC TLV\n", + __func__, port->ifname); + agent->rx.dupTlvs |= DUP_IEEE8021QAZ_TLV_ETSREC; + return false; ++ } else { ++ LLDPAD_INFO("%s: %s: 802.1Qaz port IFDOWN\n", ++ __func__, port->ifname); ++ return false; + } + break; +- + case IEEE8021QAZ_PFC_TLV: +- if (tlvs->rx->pfc == NULL) { ++ if (tlvs->rx && tlvs->rx->pfc == NULL) { + tlvs->ieee8021qazdu |= RCVD_IEEE8021QAZ_TLV_PFC; + tlvs->rx->pfc = tlv; +- } else { ++ } else if (tlvs->rx) { + LLDPAD_WARN("%s: %s: 802.1Qaz Duplicate PFC TLV\n", + __func__, port->ifname); + agent->rx.dupTlvs |= DUP_IEEE8021QAZ_TLV_PFC; + return false; ++ } else { ++ LLDPAD_INFO("%s: %s: 802.1Qaz port IFDOWN\n", ++ __func__, port->ifname); ++ return false; + } + break; + case IEEE8021QAZ_APP_TLV: +- if (tlvs->rx->app == NULL) { ++ if (tlvs->rx && tlvs->rx->app == NULL) { + tlvs->ieee8021qazdu |= RCVD_IEEE8021QAZ_TLV_APP; + tlvs->rx->app = tlv; +- } else { ++ } else if (tlvs->rx) { + LLDPAD_WARN("%s: %s: 802.1Qaz Duplicate APP TLV\n", + __func__, port->ifname); + agent->rx.dupTlvs |= DUP_IEEE8021QAZ_TLV_APP; + return false; ++ } else { ++ LLDPAD_INFO("%s: %s: 802.1Qaz port IFDOWN\n", ++ __func__, port->ifname); ++ return false; + } + break; + default: +@@ -1891,26 +1906,26 @@ static void ieee8021qaz_mibUpdateObjects(struct port *port) + + tlvs = ieee8021qaz_data(port->ifname); + +- if (tlvs->rx->etscfg) { ++ if (tlvs->rx && tlvs->rx->etscfg) { + process_ieee8021qaz_etscfg_tlv(port); + } else if (tlvs->ets->cfgr) { + free(tlvs->ets->cfgr); + tlvs->ets->cfgr = NULL; + } + +- if (tlvs->rx->etsrec) { ++ if (tlvs->rx && tlvs->rx->etsrec) { + process_ieee8021qaz_etsrec_tlv(port); + } else if (tlvs->ets->recr) { + free(tlvs->ets->recr); + tlvs->ets->recr = NULL; + } + +- if (tlvs->rx->pfc) ++ if (tlvs->rx && tlvs->rx->pfc) + process_ieee8021qaz_pfc_tlv(port); + else if (tlvs->pfc) + tlvs->pfc->remote_param = false; + +- if (tlvs->rx->app) ++ if (tlvs->rx && tlvs->rx->app) + process_ieee8021qaz_app_tlv(port); + else + ieee8021qaz_app_reset(&tlvs->app_head); +-- +1.8.3.1 + diff --git a/backport-8021qaz-squelch-initialization-errors.patch b/backport-8021qaz-squelch-initialization-errors.patch new file mode 100644 index 0000000000000000000000000000000000000000..27ef170d4de78b6e663cffb2a38c6ab6eaa41de7 --- /dev/null +++ b/backport-8021qaz-squelch-initialization-errors.patch @@ -0,0 +1,34 @@ +From 1459f3ca787e799eeddd40ca5abd28de1efc12b6 Mon Sep 17 00:00:00 2001 +From: Aaron Conole +Date: Wed, 25 Aug 2021 10:29:19 -0400 +Subject: [PATCH] 8021qaz: squelch initialization errors + +Some static analysis tools (like coverity) flag this array +as accessed without proper initialization. Squelch by forcing +initialization. + +Conflict:NA +Reference:https://github.com/openSUSE/lldpad/commit/1459f3ca787e799eeddd40ca5abd28de1efc12b6 + +closes https://github.com/intel/openlldp/issues/77 +Signed-off-by: Aaron Conole +--- + lldp_8021qaz_clif.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lldp_8021qaz_clif.c b/lldp_8021qaz_clif.c +index f776392..9031cb0 100644 +--- a/lldp_8021qaz_clif.c ++++ b/lldp_8021qaz_clif.c +@@ -253,7 +253,7 @@ static void ieee8021qaz_print_app_tlv(u16 len, char *info) + { + u8 app, app_idx, app_prio, app_sel; + u16 proto, offset = 2; +- u8 dscp[MAX_USER_PRIORITIES][MAX_APP_ENTRIES]; ++ u8 dscp[MAX_USER_PRIORITIES][MAX_APP_ENTRIES] = {0}; + u8 dscp_count[MAX_USER_PRIORITIES] = {0}; + u8 i, j; + bool first_app = true; +-- +1.8.3.1 + diff --git a/backport-basman-use-return-address-when-pulling-address.patch b/backport-basman-use-return-address-when-pulling-address.patch new file mode 100644 index 0000000000000000000000000000000000000000..b9dc50f46eb3c2d7fe2bdb5bfc4c0428a7e6b895 --- /dev/null +++ b/backport-basman-use-return-address-when-pulling-address.patch @@ -0,0 +1,34 @@ +From 594c4e8257fbdc3c1608acde5419009a20f31650 Mon Sep 17 00:00:00 2001 +From: Aaron Conole +Date: Wed, 10 Nov 2021 16:40:20 -0500 +Subject: [PATCH] basman: use return address when pulling address + +The managed address pulling routine will fail to reset the return +value from a previous attempt if no IPv4 and IPv6 addresses are +available. Use the return address of the hwaddr fetch. + +Conflict:NA +Reference:https://github.com/openSUSE/lldpad/commit/594c4e8257fbdc3c1608acde5419009a20f31650 + +Resolves: https://github.com/intel/openlldp/issues/82 +Signed-off-by: Aaron Conole +--- + lldp_basman.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lldp_basman.c b/lldp_basman.c +index 25e7d9e..cb0c50c 100644 +--- a/lldp_basman.c ++++ b/lldp_basman.c +@@ -515,7 +515,7 @@ static int basman_bld_manaddr_tlv(struct basman_data *bd, + if (rc) { + rc = basman_get_manaddr_sub(bd, agent, MANADDR_IPV6); + if (rc) +- basman_get_manaddr_sub(bd, agent, MANADDR_ALL802); ++ rc = basman_get_manaddr_sub(bd, agent, MANADDR_ALL802); + } + out_err: + return rc; +-- +1.8.3.1 + diff --git a/backport-macvtap-fix-error-condition.patch b/backport-macvtap-fix-error-condition.patch new file mode 100644 index 0000000000000000000000000000000000000000..7cefd7b19110ff578c161b60adeb5c6681b82402 --- /dev/null +++ b/backport-macvtap-fix-error-condition.patch @@ -0,0 +1,34 @@ +From 56b21ceb743fabe290ef7a8be8bbeecc55888a9e Mon Sep 17 00:00:00 2001 +From: Aaron Conole +Date: Wed, 25 Aug 2021 10:22:20 -0400 +Subject: [PATCH] macvtap: fix error condition + +If the socket() call fails, we will jump to out and pass a +negative value to close() which is not allowed. + +Conflict:NA +Reference:https://github.com/openSUSE/lldpad/commit/56b21ceb743fabe290ef7a8be8bbeecc55888a9e + +Fixes: d43abb0267f3 ("lldpad: do not use macv[tap/lan] interfaces as ports") +closes https://github.com/intel/openlldp/issues/75 +Signed-off-by: Aaron Conole +--- + lldp_util.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lldp_util.c b/lldp_util.c +index 1e58b1e..be1333e 100644 +--- a/lldp_util.c ++++ b/lldp_util.c +@@ -681,7 +681,7 @@ int is_macvtap(const char *ifname) + s = socket(PF_NETLINK, SOCK_DGRAM, NETLINK_ROUTE); + + if (s < 0) { +- goto out; ++ return false; + } + + nlh = malloc(NLMSG_SIZE); +-- +1.8.3.1 + diff --git a/backport-vdp22-convert-command-parsing-to-null-term.patch b/backport-vdp22-convert-command-parsing-to-null-term.patch new file mode 100644 index 0000000000000000000000000000000000000000..ce7a3dcb4976c3d52c3842483c640ce75781f31f --- /dev/null +++ b/backport-vdp22-convert-command-parsing-to-null-term.patch @@ -0,0 +1,32 @@ +From 89202fc87f03d6ae836a98a000f75690a45314d6 Mon Sep 17 00:00:00 2001 +From: Aaron Conole +Date: Wed, 25 Aug 2021 10:19:16 -0400 +Subject: [PATCH] vdp22: convert command parsing to null term + +There is a theoretical buffer escape here. + +Conflict:NA +Reference:https://github.com/openSUSE/lldpad/commit/89202fc87f03d6ae836a98a000f75690a45314d6 + +closes https://github.com/intel/openlldp/issues/74 +Signed-off-by: Aaron Conole +--- + qbg/vdp22_cmds.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/qbg/vdp22_cmds.c b/qbg/vdp22_cmds.c +index a8025ee..0ded0f1 100644 +--- a/qbg/vdp22_cmds.c ++++ b/qbg/vdp22_cmds.c +@@ -577,7 +577,7 @@ static int get_arg_vsi(struct cmd *cmd, char *arg, char *argvalue, + memset(&vsi, 0, sizeof(vsi)); + memset(vsi_str, 0, sizeof(vsi_str)); + vsi.request = cmd->tlvid; +- strncpy(vsi.ifname, cmd->ifname, sizeof(vsi.ifname)); ++ STRNCPY_TERMINATED(vsi.ifname, cmd->ifname, sizeof(vsi.ifname)); + good_cmd = cmd_failed; + if ((cmd->ops & op_config) && (cmd->ops & op_arg)) { + memset(&mac, 0, sizeof(mac)); +-- +1.8.3.1 + diff --git a/lldpad.spec b/lldpad.spec index 5c7882f5d92e4daf53a4053ea872f400c7cbed59..c8c2619b08ed58cda49179f81375676d60b83e61 100644 --- a/lldpad.spec +++ b/lldpad.spec @@ -4,12 +4,18 @@ Name: lldpad Version: 1.1 -Release: 2 +Release: 3 Summary: Intel LLDP Agent License: GPLv2 URL: https://www.open-lldp.org Source0: https://github.com/intel/lldpad/archive/v%{version}.tar.gz +Patch1: backport-8021Qaz-check-for-rx-block-validity.patch +Patch2: backport-8021qaz-squelch-initialization-errors.patch +Patch3: backport-basman-use-return-address-when-pulling-address.patch +Patch4: backport-macvtap-fix-error-condition.patch +Patch5: backport-vdp22-convert-command-parsing-to-null-term.patch + BuildRequires: automake autoconf libtool flex kernel-headers libconfig-devel BuildRequires: libnl3-devel readline-devel systemd @@ -83,11 +89,17 @@ make check %{_mandir}/man*/* %changelog +* Wed Sep 14 2022 yanglu - 1.1-3 +- Type:bugfix +- CVE:NA +- SUG:NA +- DESC:backport upstream patches + * Fri Jul 30 2021 chenyanpanHW - 1.1-2 - DESC: delete -S git from %autosetup, and delete BuildRequires git * Sat Jan 30 2021 xihaochen - 1.1-1 -- Type:requirements +- Type:requirements - Id:NA - SUG:NA - DESC:update lldpad to 1.1