rpms/iproute/F-10 ip-maddr-show.patch, NONE, 1.1 prefix-assigned.patch, NONE, 1.1 iproute.spec, 1.89, 1.90

Marcela Mašláňová mmaslano at fedoraproject.org
Mon Jan 12 09:14:28 UTC 2009 

Author: mmaslano

Update of /cvs/pkgs/rpms/iproute/F-10
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv26088

Modified Files:
	iproute.spec 
Added Files:
	ip-maddr-show.patch prefix-assigned.patch 
Log Message:
* Mon Jan 12 2009 Marcela Mašláňová <mmaslano at redhat.com> - 2.6.27-2
- 475130 - Negative preferred lifetimes of IPv6 prefixes/addresses
  displayed incorrectly
- 472878 - “ip maddr show” in IB interface causes a stack corruption
- both patches will be probably in iproute v2.6.28


ip-maddr-show.patch:

--- NEW FILE ip-maddr-show.patch ---
>From 7f71c0cae2db61890474e04ba3a26e40219e5561 Mon Sep 17 00:00:00 2001
From: Olivier Fourdan <ofourdan at redhat.com>
Date: Tue, 25 Nov 2008 12:36:22 +0000
Subject: [PATCH] =?utf-8?q?ip=20maddr=20show=E2=80=9D=20on=20an=20infiniband=20address=20causes=20a=20stack=20corruption?=
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit

“ip maddr show” on an infiniband address causes a stack corruption
because the length of the address for Infiniband (20 bytes, as
described in kernel doc Documentation/infiniband/ipoib.txt) does not
fit on the 16 bytes of the field in which it gets stored.

The proposed patch increases the size of the hardware address from 4
__u32 to 8 and also adds a check to avoid overriding the available
size while parsing the hardware address.

This bug affects current upstream code AFAICT.

Hope this helps,
Cheers,
Olivier.

“ip maddr show ib0” causes a stack corruption because the length of the address
for Infiniband (20 see kernel doc Documentation/infiniband/ipoib.txt) does not
fit on the 16 bytes of the field in which it gets stored.

The proposed patch increases the size of the hardware address from 4 u32 to 8
and adds a check to avoid overriding the available size while parsing the
hardware address.
---
 include/utils.h |    2 +-
 ip/ipmaddr.c    |    8 ++++----
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git iproute-2.6.27/iproute2-2.6.27/include/utils.h iproute-2.6.27/iproute2-2.6.27/include/utils.h
index 5daed6b..f7ef939 100644
--- iproute-2.6.27/iproute2-2.6.27/include/utils.h
+++ iproute-2.6.27/iproute2-2.6.27/include/utils.h
@@ -46,7 +46,7 @@ typedef struct
 	__u8 bytelen;
 	__s16 bitlen;
 	__u32 flags;
-	__u32 data[4];
+	__u32 data[8];
 } inet_prefix;
 
 #define PREFIXLEN_SPECIFIED 1
diff --git iproute-2.6.27/iproute2-2.6.27/ip/ipmaddr.c iproute-2.6.27/iproute2-2.6.27/ip/ipmaddr.c
index 1014f83..44ffdfc 100644
--- iproute-2.6.27/iproute2-2.6.27/ip/ipmaddr.c
+++ iproute-2.6.27/iproute2-2.6.27/ip/ipmaddr.c
@@ -43,11 +43,11 @@ static void usage(void)
 	exit(-1);
 }
 
-static int parse_hex(char *str, unsigned char *addr)
+static int parse_hex(char *str, unsigned char *addr, size_t size)
 {
 	int len=0;
 
-	while (*str) {
+	while (*str && (len < 2 * size)) {
 		int tmp;
 		if (str[1] == 0)
 			return -1;
@@ -104,7 +104,7 @@ void read_dev_mcast(struct ma_info **result_p)
 
 		m.addr.family = AF_PACKET;
 
-		len = parse_hex(hexa, (unsigned char*)&m.addr.data);
+		len = parse_hex(hexa, (unsigned char*)&m.addr.data, sizeof (m.addr.data));
 		if (len >= 0) {
 			struct ma_info *ma = malloc(sizeof(m));
 
@@ -176,7 +176,7 @@ void read_igmp6(struct ma_info **result_p)
 
 		m.addr.family = AF_INET6;
 
-		len = parse_hex(hexa, (unsigned char*)&m.addr.data);
+		len = parse_hex(hexa, (unsigned char*)&m.addr.data, sizeof (m.addr.data));
 		if (len >= 0) {
 			struct ma_info *ma = malloc(sizeof(m));
 
-- 
1.6.0.6


prefix-assigned.patch:

--- NEW FILE prefix-assigned.patch ---
>From 037d950bceed6d5053758dea601e0d018f5f22d7 Mon Sep 17 00:00:00 2001
From: Benedikt Gollatz <ben at differentialschokolade.org>
Date: Tue, 6 Jan 2009 19:36:56 -0800
Subject: [PATCH] When the preferred lifetime of a prefix assigned by IPv6 autoconfiguration
 (router solicitation) becomes negative

How reproducible:

Always.

Steps to Reproduce:
1. Configure an IPv6 router to advertise a prefix with a short preferred
lifetime, e.g. 0.
2. Wait for the IPv6 autoconfiguration process to complete for an interface
<if> connected to a link where that router advertises.
3. Run ip -6 show dev <if>.

Actual results:

The preferred lifetime will have become negative, but it is printed as an
unsigned integer. The preferred lifetime to be displayed will therefore be
close to UINT_MAX.
---
 ip/ipaddress.c |   13 ++++++++++---
 1 files changed, 10 insertions(+), 3 deletions(-)

diff --git iproute-2.6.27/iproute2-2.6.27/ip/ipaddress.c iproute-2.6.27/iproute2-2.6.27/ip/ipaddress.c
index 51471e8..a732d80 100644
--- iproute-2.6.27/iproute2-2.6.27/ip/ipaddress.c
+++ iproute-2.6.27/iproute2-2.6.27/ip/ipaddress.c
@@ -359,6 +359,7 @@ int print_addrinfo(const struct sockaddr_nl *who, struct nlmsghdr *n,
 	FILE *fp = (FILE*)arg;
 	struct ifaddrmsg *ifa = NLMSG_DATA(n);
 	int len = n->nlmsg_len;
+	int deprecated = 0;
 	struct rtattr * rta_tb[IFA_MAX+1];
 	char abuf[256];
 	SPRINT_BUF(b1);
@@ -488,6 +489,7 @@ int print_addrinfo(const struct sockaddr_nl *who, struct nlmsghdr *n,
 	}
 	if (ifa->ifa_flags&IFA_F_DEPRECATED) {
 		ifa->ifa_flags &= ~IFA_F_DEPRECATED;
+		deprecated = 1;
 		fprintf(fp, "deprecated ");
 	}
 	if (ifa->ifa_flags&IFA_F_HOMEADDRESS) {
@@ -516,9 +518,14 @@ int print_addrinfo(const struct sockaddr_nl *who, struct nlmsghdr *n,
 			sprintf(buf, "valid_lft %usec", ci->ifa_valid);
 		if (ci->ifa_prefered == INFINITY_LIFE_TIME)
 			sprintf(buf+strlen(buf), " preferred_lft forever");
-		else
-			sprintf(buf+strlen(buf), " preferred_lft %usec",
-				ci->ifa_prefered);
+		else {
+			if (deprecated)
+				sprintf(buf+strlen(buf), " preferred_lft %dsec",
+					ci->ifa_prefered);
+			else
+				sprintf(buf+strlen(buf), " preferred_lft %usec",
+					ci->ifa_prefered);
+		}
 		fprintf(fp, "       %s", buf);
 	}
 	fprintf(fp, "\n");
-- 
1.6.0.6



Index: iproute.spec
===================================================================
RCS file: /cvs/pkgs/rpms/iproute/F-10/iproute.spec,v
retrieving revision 1.89
retrieving revision 1.90
diff -u -r1.89 -r1.90
--- iproute.spec	4 Dec 2008 10:02:40 -0000	1.89
+++ iproute.spec	12 Jan 2009 09:13:58 -0000	1.90
@@ -4,7 +4,7 @@
 Summary: Advanced IP routing and network device configuration tools
 Name: iproute
 Version: 2.6.27
-Release: 1%{?dist}
+Release: 2%{?dist}
 Group: Applications/System
 Source: http://developer.osdl.org/dev/iproute2/download/iproute2-%{version}.tar.gz
 #Source1: iproute-doc-2.6.22.tar.gz
@@ -13,6 +13,8 @@
 Patch2: iproute2-ss050901-opt_flags.patch
 Patch3: iproute-ip-man.patch
 Patch4: iproute2-2.6.25-segfault.patch
+Patch5: prefix-assigned.patch
+Patch6: ip-maddr-show.patch
 
 License: GPLv2+
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -30,6 +32,8 @@
 %patch2 -p1 -b .opt_flags
 %patch3 -p1
 %patch4 -p1 -b .seg
+%patch5 -p1 -b .prefix
+%patch6 -p1 -b .maddr
 
 %build
 export LIBDIR=%{_libdir}
@@ -105,6 +109,12 @@
 %config(noreplace) %{_sysconfdir}/sysconfig/cbq/*
 
 %changelog
+* Mon Jan 12 2009 Marcela Mašláňová <mmaslano at redhat.com> - 2.6.27-2
+- 475130 - Negative preferred lifetimes of IPv6 prefixes/addresses
+  displayed incorrectly
+- 472878 - “ip maddr show” in IB interface causes a stack corruption
+- both patches will be probably in iproute v2.6.28
+
 * Thu Dec 4 2008 Marcela Maslanova <mmaslano at redhat.com> - 2.6.27-1
 - aead support was included into upstream version
 - patch for moving libs is now deprecated

More information about the scm-commits mailing list