diff --git a/backport-8021Qaz-check-for-rx-block-validity.patch b/backport-8021Qaz-check-for-rx-block-validity.patch new file mode 100644 index 0000000000000000000000000000000000000000..53d9b7cd19bb863281fadf18e77522ab477f9ffb --- /dev/null +++ b/backport-8021Qaz-check-for-rx-block-validity.patch @@ -0,0 +1,129 @@ +From dbbfdde4febf2f2ebb8522ff817f5fd169883dbc Mon Sep 17 00:00:00 2001 +From: Aaron Conole +Date: Wed, 25 Aug 2021 10:37:22 -0400 +Subject: [PATCH] 8021Qaz: check for rx block validity + +There is a slim but possible race in the 8021Qaz processing when handling +TLVs during ifdown windows. To address this, check for the rx block +before dereferencing it. + +Conflict:NA +Reference:https://github.com/openSUSE/lldpad/commit/dbbfdde4febf2f2ebb8522ff817f5fd169883dbc + +closes https://github.com/intel/openlldp/issues/78 +Signed-off-by: Aaron Conole +--- + lldp_8021qaz.c | 41 ++++++++++++++++++++++++++++------------- + 1 file changed, 28 insertions(+), 13 deletions(-) + +diff --git a/lldp_8021qaz.c b/lldp_8021qaz.c +index 094676d..b684dbc 100644 +--- a/lldp_8021qaz.c ++++ b/lldp_8021qaz.c +@@ -1557,48 +1557,63 @@ static bool unpack_ieee8021qaz_tlvs(struct port *port, + /* Process */ + switch (tlv->info[OUI_SIZE]) { + case IEEE8021QAZ_ETSCFG_TLV: +- if (tlvs->rx->etscfg == NULL) { ++ if (tlvs->rx && tlvs->rx->etscfg == NULL) { + tlvs->ieee8021qazdu |= RCVD_IEEE8021QAZ_TLV_ETSCFG; + tlvs->rx->etscfg = tlv; +- } else { ++ } else if (tlvs->rx) { + LLDPAD_WARN("%s: %s: 802.1Qaz Duplicate ETSCFG TLV\n", + __func__, port->ifname); + agent->rx.dupTlvs |= DUP_IEEE8021QAZ_TLV_ETSCFG; + return false; ++ } else { ++ LLDPAD_INFO("%s: %s: 802.1Qaz port IFDOWN\n", ++ __func__, port->ifname); ++ return false; + } + break; + case IEEE8021QAZ_ETSREC_TLV: +- if (tlvs->rx->etsrec == NULL) { ++ if (tlvs->rx && tlvs->rx->etsrec == NULL) { + tlvs->ieee8021qazdu |= RCVD_IEEE8021QAZ_TLV_ETSREC; + tlvs->rx->etsrec = tlv; +- } else { ++ } else if (tlvs->rx) { + LLDPAD_WARN("%s: %s: 802.1Qaz Duplicate ETSREC TLV\n", + __func__, port->ifname); + agent->rx.dupTlvs |= DUP_IEEE8021QAZ_TLV_ETSREC; + return false; ++ } else { ++ LLDPAD_INFO("%s: %s: 802.1Qaz port IFDOWN\n", ++ __func__, port->ifname); ++ return false; + } + break; +- + case IEEE8021QAZ_PFC_TLV: +- if (tlvs->rx->pfc == NULL) { ++ if (tlvs->rx && tlvs->rx->pfc == NULL) { + tlvs->ieee8021qazdu |= RCVD_IEEE8021QAZ_TLV_PFC; + tlvs->rx->pfc = tlv; +- } else { ++ } else if (tlvs->rx) { + LLDPAD_WARN("%s: %s: 802.1Qaz Duplicate PFC TLV\n", + __func__, port->ifname); + agent->rx.dupTlvs |= DUP_IEEE8021QAZ_TLV_PFC; + return false; ++ } else { ++ LLDPAD_INFO("%s: %s: 802.1Qaz port IFDOWN\n", ++ __func__, port->ifname); ++ return false; + } + break; + case IEEE8021QAZ_APP_TLV: +- if (tlvs->rx->app == NULL) { ++ if (tlvs->rx && tlvs->rx->app == NULL) { + tlvs->ieee8021qazdu |= RCVD_IEEE8021QAZ_TLV_APP; + tlvs->rx->app = tlv; +- } else { ++ } else if (tlvs->rx) { + LLDPAD_WARN("%s: %s: 802.1Qaz Duplicate APP TLV\n", + __func__, port->ifname); + agent->rx.dupTlvs |= DUP_IEEE8021QAZ_TLV_APP; + return false; ++ } else { ++ LLDPAD_INFO("%s: %s: 802.1Qaz port IFDOWN\n", ++ __func__, port->ifname); ++ return false; + } + break; + default: +@@ -1885,26 +1900,26 @@ static void ieee8021qaz_mibUpdateObjects(struct port *port) + + tlvs = ieee8021qaz_data(port->ifname); + +- if (tlvs->rx->etscfg) { ++ if (tlvs->rx && tlvs->rx->etscfg) { + process_ieee8021qaz_etscfg_tlv(port); + } else if (tlvs->ets->cfgr) { + free(tlvs->ets->cfgr); + tlvs->ets->cfgr = NULL; + } + +- if (tlvs->rx->etsrec) { ++ if (tlvs->rx && tlvs->rx->etsrec) { + process_ieee8021qaz_etsrec_tlv(port); + } else if (tlvs->ets->recr) { + free(tlvs->ets->recr); + tlvs->ets->recr = NULL; + } + +- if (tlvs->rx->pfc) ++ if (tlvs->rx && tlvs->rx->pfc) + process_ieee8021qaz_pfc_tlv(port); + else if (tlvs->pfc) + tlvs->pfc->remote_param = false; + +- if (tlvs->rx->app) ++ if (tlvs->rx && tlvs->rx->app) + process_ieee8021qaz_app_tlv(port); + else + ieee8021qaz_app_reset(&tlvs->app_head); +-- +2.33.0 + diff --git a/backport-basman-use-return-address-when-pulling-address.patch b/backport-basman-use-return-address-when-pulling-address.patch new file mode 100644 index 0000000000000000000000000000000000000000..8b85ca1c917e010ceda2b1b3a691c5bd8c18762d --- /dev/null +++ b/backport-basman-use-return-address-when-pulling-address.patch @@ -0,0 +1,34 @@ +From 594c4e8257fbdc3c1608acde5419009a20f31650 Mon Sep 17 00:00:00 2001 +From: Aaron Conole +Date: Wed, 10 Nov 2021 16:40:20 -0500 +Subject: [PATCH] basman: use return address when pulling address + +The managed address pulling routine will fail to reset the return +value from a previous attempt if no IPv4 and IPv6 addresses are +available. Use the return address of the hwaddr fetch. + +Conflict:NA +Reference:https://github.com/openSUSE/lldpad/commit/594c4e8257fbdc3c1608acde5419009a20f31650 + +Resolves: https://github.com/intel/openlldp/issues/82 +Signed-off-by: Aaron Conole +--- + lldp_basman.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lldp_basman.c b/lldp_basman.c +index 824dd9a..bd25dcd 100644 +--- a/lldp_basman.c ++++ b/lldp_basman.c +@@ -517,7 +517,7 @@ static int basman_bld_manaddr_tlv(struct basman_data *bd, + if (rc) { + rc = basman_get_manaddr_sub(bd, agent, MANADDR_IPV6); + if (rc) +- basman_get_manaddr_sub(bd, agent, MANADDR_ALL802); ++ rc = basman_get_manaddr_sub(bd, agent, MANADDR_ALL802); + } + out_err: + return rc; +-- +2.33.0 + diff --git a/backport-macvtap-fix-error-condition.patch b/backport-macvtap-fix-error-condition.patch new file mode 100644 index 0000000000000000000000000000000000000000..3830a86b7cc9c6d080840c433864460bc46e9fcf --- /dev/null +++ b/backport-macvtap-fix-error-condition.patch @@ -0,0 +1,34 @@ +From 56b21ceb743fabe290ef7a8be8bbeecc55888a9e Mon Sep 17 00:00:00 2001 +From: Aaron Conole +Date: Wed, 25 Aug 2021 10:22:20 -0400 +Subject: [PATCH] macvtap: fix error condition + +If the socket() call fails, we will jump to out and pass a +negative value to close() which is not allowed. + +Conflict:NA +Reference:https://github.com/openSUSE/lldpad/commit/56b21ceb743fabe290ef7a8be8bbeecc55888a9e + +Fixes: d43abb0267f3 ("lldpad: do not use macv[tap/lan] interfaces as ports") +closes https://github.com/intel/openlldp/issues/75 +Signed-off-by: Aaron Conole +--- + lldp_util.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lldp_util.c b/lldp_util.c +index f12d46b..95c419c 100644 +--- a/lldp_util.c ++++ b/lldp_util.c +@@ -663,7 +663,7 @@ int is_macvtap(const char *ifname) + s = socket(PF_NETLINK, SOCK_DGRAM, NETLINK_ROUTE); + + if (s < 0) { +- goto out; ++ return false; + } + + nlh = malloc(NLMSG_SIZE); +-- +2.33.0 + diff --git a/lldpad.spec b/lldpad.spec index 11cbeebff2bbfe7cbfe28ca8a162578958f74df1..1498f93f71e2bd39e51d94a5f0ca9e73b65234ea 100644 --- a/lldpad.spec +++ b/lldpad.spec @@ -4,7 +4,7 @@ Name: lldpad Version: 1.0.1 -Release: 14 +Release: 15 Summary: Intel LLDP Agent License: GPLv2 URL: https://www.open-lldp.org @@ -37,6 +37,9 @@ Patch25: open-lldp-v1.0.1-25-l2_linux_packet-correctly-process-return-value- Patch26: open-lldp-v1.0.1-26-lldpad-system-capability-incorrect-advertised-as-sta.patch Patch27: open-lldp-v1.0.1-27-fix-build-warnings.patch Patch28: CVE-2018-10932.patch +Patch29: backport-8021Qaz-check-for-rx-block-validity.patch +Patch30: backport-basman-use-return-address-when-pulling-address.patch +Patch31: backport-macvtap-fix-error-condition.patch BuildRequires: automake autoconf libtool flex kernel-headers libconfig-devel BuildRequires: libnl3-devel readline-devel systemd git @@ -111,6 +114,12 @@ make check %{_mandir}/man*/* %changelog +* Wed Sep 14 2022 yanglu - 1.0.1-15 +- Type:bugfix +- CVE:NA +- SUG:NA +- DESC:backport upstream patches + * Wed Sep 30 2020 wangxiaopeng - 1.0.1-14 - Type:CVE - Id:CVE-2018-10932