diff options
author | netblue30 <netblue30@yahoo.com> | 2017-11-11 08:09:46 -0500 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2017-11-11 08:09:46 -0500 |
commit | 6945c5a3c3a75a9c2f2b84694a54b7ac477a2276 (patch) | |
tree | aa630073d2d7f141df6b42eab2abad38a0646414 | |
parent | maintenance: updated terminal support in disable-common.inc (diff) | |
download | firejail-6945c5a3c3a75a9c2f2b84694a54b7ac477a2276.tar.gz firejail-6945c5a3c3a75a9c2f2b84694a54b7ac477a2276.tar.zst firejail-6945c5a3c3a75a9c2f2b84694a54b7ac477a2276.zip |
libnetlink cleanup0.9.38.12
-rw-r--r-- | RELNOTES | 5 | ||||
-rw-r--r-- | src/lib/libnetlink.c | 66 |
2 files changed, 19 insertions, 52 deletions
@@ -8,12 +8,13 @@ firejail (0.9.38.12) baseline; urgency=low | |||
8 | * bugfix: --quiet option | 8 | * bugfix: --quiet option |
9 | * bugfix: truncated output in snprintf | 9 | * bugfix: truncated output in snprintf |
10 | * bugfix: fix handling of /dev/shm in whitelists | 10 | * bugfix: fix handling of /dev/shm in whitelists |
11 | * enhancement: --output cleanup | ||
12 | * enhancement: quiet support in profile files | 11 | * enhancement: quiet support in profile files |
12 | * maintenance: --output cleanup | ||
13 | * manitenance: libnetlink cleanup | ||
13 | * maintenance: updated terminal support in disable-common.inc | 14 | * maintenance: updated terminal support in disable-common.inc |
14 | * maintenance: updated copyright statement in all files | 15 | * maintenance: updated copyright statement in all files |
15 | * maintenance: testing suite update for Debian "stretch" | 16 | * maintenance: testing suite update for Debian "stretch" |
16 | -- netblue30 <netblue30@yahoo.com> Wed, 4 Oct 2017 10:00:00 -0500 | 17 | -- netblue30 <netblue30@yahoo.com> Sat, 11 Nov 2017 10:00:00 -0500 |
17 | 18 | ||
18 | firejail (0.9.38.10) baseline; urgency=low | 19 | firejail (0.9.38.10) baseline; urgency=low |
19 | * security: new fix for CVE-2017-5180 reported by Sebastian Krahmer last week | 20 | * security: new fix for CVE-2017-5180 reported by Sebastian Krahmer last week |
diff --git a/src/lib/libnetlink.c b/src/lib/libnetlink.c index 07457eefe..d2975bd57 100644 --- a/src/lib/libnetlink.c +++ b/src/lib/libnetlink.c | |||
@@ -1,16 +1,16 @@ | |||
1 | /* file extracted from iproute2 software package | 1 | /* file extracted from iproute2 software package |
2 | * | 2 | * |
3 | * Original source code: | 3 | * Original source code: |
4 | * | 4 | * |
5 | * Information: | 5 | * Information: |
6 | * http://www.linuxfoundation.org/collaborate/workgroups/networking/iproute2 | 6 | * http://www.linuxfoundation.org/collaborate/workgroups/networking/iproute2 |
7 | * | 7 | * |
8 | * Download: | 8 | * Download: |
9 | * http://www.kernel.org/pub/linux/utils/net/iproute2/ | 9 | * http://www.kernel.org/pub/linux/utils/net/iproute2/ |
10 | * | 10 | * |
11 | * Repository: | 11 | * Repository: |
12 | * git://git.kernel.org/pub/scm/linux/kernel/git/shemminger/iproute2.git | 12 | * git://git.kernel.org/pub/scm/linux/kernel/git/shemminger/iproute2.git |
13 | * | 13 | * |
14 | * License: GPL v2 | 14 | * License: GPL v2 |
15 | * | 15 | * |
16 | * Original copyright header | 16 | * Original copyright header |
@@ -105,6 +105,7 @@ int rtnl_open(struct rtnl_handle *rth, unsigned subscriptions) | |||
105 | return rtnl_open_byproto(rth, subscriptions, NETLINK_ROUTE); | 105 | return rtnl_open_byproto(rth, subscriptions, NETLINK_ROUTE); |
106 | } | 106 | } |
107 | 107 | ||
108 | #if 0 | ||
108 | int rtnl_wilddump_request(struct rtnl_handle *rth, int family, int type) | 109 | int rtnl_wilddump_request(struct rtnl_handle *rth, int family, int type) |
109 | { | 110 | { |
110 | return rtnl_wilddump_req_filter(rth, family, type, RTEXT_FILTER_VF); | 111 | return rtnl_wilddump_req_filter(rth, family, type, RTEXT_FILTER_VF); |
@@ -165,7 +166,7 @@ int rtnl_send_check(struct rtnl_handle *rth, const void *buf, int len) | |||
165 | struct nlmsgerr *err = (struct nlmsgerr*)NLMSG_DATA(h); | 166 | struct nlmsgerr *err = (struct nlmsgerr*)NLMSG_DATA(h); |
166 | if (h->nlmsg_len < NLMSG_LENGTH(sizeof(struct nlmsgerr))) | 167 | if (h->nlmsg_len < NLMSG_LENGTH(sizeof(struct nlmsgerr))) |
167 | fprintf(stderr, "ERROR truncated\n"); | 168 | fprintf(stderr, "ERROR truncated\n"); |
168 | else | 169 | else |
169 | errno = -err->error; | 170 | errno = -err->error; |
170 | return -1; | 171 | return -1; |
171 | } | 172 | } |
@@ -303,6 +304,7 @@ int rtnl_dump_filter(struct rtnl_handle *rth, | |||
303 | 304 | ||
304 | return rtnl_dump_filter_l(rth, a); | 305 | return rtnl_dump_filter_l(rth, a); |
305 | } | 306 | } |
307 | #endif | ||
306 | 308 | ||
307 | int rtnl_talk(struct rtnl_handle *rtnl, struct nlmsghdr *n, pid_t peer, | 309 | int rtnl_talk(struct rtnl_handle *rtnl, struct nlmsghdr *n, pid_t peer, |
308 | unsigned groups, struct nlmsghdr *answer) | 310 | unsigned groups, struct nlmsghdr *answer) |
@@ -422,6 +424,7 @@ int rtnl_talk(struct rtnl_handle *rtnl, struct nlmsghdr *n, pid_t peer, | |||
422 | } | 424 | } |
423 | } | 425 | } |
424 | 426 | ||
427 | #if 0 | ||
425 | int rtnl_listen(struct rtnl_handle *rtnl, | 428 | int rtnl_listen(struct rtnl_handle *rtnl, |
426 | rtnl_filter_t handler, | 429 | rtnl_filter_t handler, |
427 | void *jarg) | 430 | void *jarg) |
@@ -580,7 +583,7 @@ int addattrstrz(struct nlmsghdr *n, int maxlen, int type, const char *str) | |||
580 | { | 583 | { |
581 | return addattr_l(n, maxlen, type, str, strlen(str)+1); | 584 | return addattr_l(n, maxlen, type, str, strlen(str)+1); |
582 | } | 585 | } |
583 | 586 | #endif | |
584 | 587 | ||
585 | 588 | ||
586 | int addattr_l(struct nlmsghdr *n, int maxlen, int type, const void *data, | 589 | int addattr_l(struct nlmsghdr *n, int maxlen, int type, const void *data, |
@@ -597,7 +600,7 @@ if (type == IFLA_LINK) { | |||
597 | for (i = 0; i < alen; i++) | 600 | for (i = 0; i < alen; i++) |
598 | printf("%02x, ", *((unsigned char *)data + i)); | 601 | printf("%02x, ", *((unsigned char *)data + i)); |
599 | printf("\n"); | 602 | printf("\n"); |
600 | } | 603 | } |
601 | else if (type == IFLA_IFNAME) { | 604 | else if (type == IFLA_IFNAME) { |
602 | printf("IFLA_IFNAME\n"); | 605 | printf("IFLA_IFNAME\n"); |
603 | printf("\tdata - #%s#\n", data); | 606 | printf("\tdata - #%s#\n", data); |
@@ -612,8 +615,8 @@ else if (type == IFLA_ADDRESS) { | |||
612 | printf("\n"); | 615 | printf("\n"); |
613 | } | 616 | } |
614 | else if (type == IFLA_BROADCAST) printf("IFLA_BROADCAST or IFLA_INFO_DATA\n"); | 617 | else if (type == IFLA_BROADCAST) printf("IFLA_BROADCAST or IFLA_INFO_DATA\n"); |
615 | 618 | ||
616 | printf("\tdata length: %d\n", alen); | 619 | printf("\tdata length: %d\n", alen); |
617 | #endif | 620 | #endif |
618 | 621 | ||
619 | int len = RTA_LENGTH(alen); | 622 | int len = RTA_LENGTH(alen); |
@@ -632,46 +635,8 @@ printf("\tdata length: %d\n", alen); | |||
632 | return 0; | 635 | return 0; |
633 | } | 636 | } |
634 | 637 | ||
635 | #if 0 | ||
636 | int addattr_l(struct nlmsghdr *n, int maxlen, int type, const void *data, | ||
637 | int alen) | ||
638 | { | ||
639 | printf("%s: adding type %d, length %d ", __FUNCTION__, type, alen); | ||
640 | if (type == IFLA_INFO_KIND) { | ||
641 | if (alen) | ||
642 | printf("(IFLA_INFO_KIND %s)\n", (char *)data); | ||
643 | else | ||
644 | printf("(VETH_INFO_PEER)\n"); | ||
645 | } | ||
646 | else if (type == IFLA_IFNAME) { | ||
647 | printf("(IFLA_IFNAME %s)\n", (char *) data); | ||
648 | } | ||
649 | else if (type == IFLA_NET_NS_PID) { | ||
650 | printf("(IFLA_NET_NS_PID %u)\n", *((unsigned *) data)); | ||
651 | } | ||
652 | else if (type == IFLA_LINKINFO) | ||
653 | printf("(IFLA_LINKINFO)\n"); | ||
654 | else if (type == IFLA_INFO_DATA) | ||
655 | printf("(IFLA_INFO_DATA)\n"); | ||
656 | else | ||
657 | printf("\n"); | ||
658 | |||
659 | int len = RTA_LENGTH(alen); | ||
660 | struct rtattr *rta; | ||
661 | |||
662 | if (NLMSG_ALIGN(n->nlmsg_len) + RTA_ALIGN(len) > maxlen) { | ||
663 | fprintf(stderr, "addattr_l ERROR: message exceeded bound of %d\n",maxlen); | ||
664 | return -1; | ||
665 | } | ||
666 | rta = NLMSG_TAIL(n); | ||
667 | rta->rta_type = type; | ||
668 | rta->rta_len = len; | ||
669 | memcpy(RTA_DATA(rta), data, alen); | ||
670 | n->nlmsg_len = NLMSG_ALIGN(n->nlmsg_len) + RTA_ALIGN(len); | ||
671 | return 0; | ||
672 | } | ||
673 | #endif | ||
674 | 638 | ||
639 | #if 0 | ||
675 | int addraw_l(struct nlmsghdr *n, int maxlen, const void *data, int len) | 640 | int addraw_l(struct nlmsghdr *n, int maxlen, const void *data, int len) |
676 | { | 641 | { |
677 | if ((int)(NLMSG_ALIGN(n->nlmsg_len) + NLMSG_ALIGN(len)) > maxlen) { | 642 | if ((int)(NLMSG_ALIGN(n->nlmsg_len) + NLMSG_ALIGN(len)) > maxlen) { |
@@ -723,7 +688,7 @@ int rta_addattr32(struct rtattr *rta, int maxlen, int type, __u32 data) | |||
723 | int len = RTA_LENGTH(4); | 688 | int len = RTA_LENGTH(4); |
724 | struct rtattr *subrta; | 689 | struct rtattr *subrta; |
725 | 690 | ||
726 | if (RTA_ALIGN(rta->rta_len) + len > maxlen) { | 691 | if ((int) (RTA_ALIGN(rta->rta_len) + len) > maxlen) { |
727 | fprintf(stderr,"rta_addattr32: Error! max allowed bound %d exceeded\n",maxlen); | 692 | fprintf(stderr,"rta_addattr32: Error! max allowed bound %d exceeded\n",maxlen); |
728 | return -1; | 693 | return -1; |
729 | } | 694 | } |
@@ -741,7 +706,7 @@ int rta_addattr_l(struct rtattr *rta, int maxlen, int type, | |||
741 | struct rtattr *subrta; | 706 | struct rtattr *subrta; |
742 | int len = RTA_LENGTH(alen); | 707 | int len = RTA_LENGTH(alen); |
743 | 708 | ||
744 | if (RTA_ALIGN(rta->rta_len) + RTA_ALIGN(len) > maxlen) { | 709 | if ((int) (RTA_ALIGN(rta->rta_len) + RTA_ALIGN(len)) > maxlen) { |
745 | fprintf(stderr,"rta_addattr_l: Error! max allowed bound %d exceeded\n",maxlen); | 710 | fprintf(stderr,"rta_addattr_l: Error! max allowed bound %d exceeded\n",maxlen); |
746 | return -1; | 711 | return -1; |
747 | } | 712 | } |
@@ -802,3 +767,4 @@ int __parse_rtattr_nested_compat(struct rtattr *tb[], int max, struct rtattr *rt | |||
802 | memset(tb, 0, sizeof(struct rtattr *) * (max + 1)); | 767 | memset(tb, 0, sizeof(struct rtattr *) * (max + 1)); |
803 | return 0; | 768 | return 0; |
804 | } | 769 | } |
770 | #endif | ||