libnetlink cleanup0.9.38.12

author: netblue30 <netblue30@yahoo.com> 2017-11-11 08:09:46 -0500
committer: netblue30 <netblue30@yahoo.com> 2017-11-11 08:09:46 -0500
commit: 6945c5a3c3a75a9c2f2b84694a54b7ac477a2276 (patch)
tree: aa630073d2d7f141df6b42eab2abad38a0646414
parent: maintenance: updated terminal support in disable-common.inc (diff)
download: firejail-6945c5a3c3a75a9c2f2b84694a54b7ac477a2276.tar.gz
firejail-6945c5a3c3a75a9c2f2b84694a54b7ac477a2276.tar.zst
firejail-6945c5a3c3a75a9c2f2b84694a54b7ac477a2276.zip
2 files changed, 19 insertions, 52 deletions
diff --git a/RELNOTES b/RELNOTES
index 4591625f5..4b1125eb1 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -8,12 +8,13 @@ firejail (0.9.38.12) baseline; urgency=low
  * bugfix: --quiet option
  * bugfix: truncated output in snprintf
  * bugfix: fix handling of /dev/shm in whitelists
-  * enhancement: --output cleanup
  * enhancement: quiet support in profile files
+  * maintenance: --output cleanup
+  * manitenance: libnetlink cleanup
  * maintenance: updated terminal support in disable-common.inc
  * maintenance: updated copyright statement in all files
  * maintenance: testing suite update for Debian "stretch"
- -- netblue30 <netblue30@yahoo.com>  Wed, 4 Oct 2017 10:00:00 -0500
+ -- netblue30 <netblue30@yahoo.com>  Sat, 11 Nov 2017 10:00:00 -0500
 firejail (0.9.38.10) baseline; urgency=low
  * security: new fix for CVE-2017-5180 reported by Sebastian Krahmer last week
diff --git a/src/lib/libnetlink.c b/src/lib/libnetlink.c
index 07457eefe..d2975bd57 100644
--- a/src/lib/libnetlink.c
+++ b/src/lib/libnetlink.c
@@ -1,16 +1,16 @@
 /* file extracted from iproute2 software package
 *
 * Original source code:
- * 
+ *
 * Information:
 *     http://www.linuxfoundation.org/collaborate/workgroups/networking/iproute2
- * 
+ *
 * Download:
 *     http://www.kernel.org/pub/linux/utils/net/iproute2/
- * 
+ *
 * Repository:
 *     git://git.kernel.org/pub/scm/linux/kernel/git/shemminger/iproute2.git
- * 
+ *
 * License: GPL v2
 *
 * Original copyright header
@@ -105,6 +105,7 @@ int rtnl_open(struct rtnl_handle *rth, unsigned subscriptions)
        return rtnl_open_byproto(rth, subscriptions, NETLINK_ROUTE);
 }
+#if 0
 int rtnl_wilddump_request(struct rtnl_handle *rth, int family, int type)
 {
        return rtnl_wilddump_req_filter(rth, family, type, RTEXT_FILTER_VF);
@@ -165,7 +166,7 @@ int rtnl_send_check(struct rtnl_handle *rth, const void *buf, int len)
                        struct nlmsgerr *err = (struct nlmsgerr*)NLMSG_DATA(h);
                        if (h->nlmsg_len < NLMSG_LENGTH(sizeof(struct nlmsgerr)))
                                fprintf(stderr, "ERROR truncated\n");
-                        else 
+                        else
                                errno = -err->error;
                        return -1;
                }
@@ -303,6 +304,7 @@ int rtnl_dump_filter(struct rtnl_handle *rth,
        return rtnl_dump_filter_l(rth, a);
 }
+#endif
 int rtnl_talk(struct rtnl_handle *rtnl, struct nlmsghdr *n, pid_t peer,
              unsigned groups, struct nlmsghdr *answer)
@@ -422,6 +424,7 @@ int rtnl_talk(struct rtnl_handle *rtnl, struct nlmsghdr *n, pid_t peer,
        }
 }
+#if 0
 int rtnl_listen(struct rtnl_handle *rtnl,
                rtnl_filter_t handler,
                void *jarg)
@@ -580,7 +583,7 @@ int addattrstrz(struct nlmsghdr *n, int maxlen, int type, const char *str)
 {
        return addattr_l(n, maxlen, type, str, strlen(str)+1);
 }
+#endif
 int addattr_l(struct nlmsghdr *n, int maxlen, int type, const void *data,
@@ -597,7 +600,7 @@ if (type == IFLA_LINK) {
        for (i = 0; i < alen; i++)
                printf("%02x, ", *((unsigned char *)data + i));
        printf("\n");
-}       
+}
 else if (type == IFLA_IFNAME) {
        printf("IFLA_IFNAME\n");
        printf("\tdata - #%s#\n", data);
@@ -612,8 +615,8 @@ else if (type == IFLA_ADDRESS) {
        printf("\n");
 }
 else if (type == IFLA_BROADCAST) printf("IFLA_BROADCAST or IFLA_INFO_DATA\n");
-        
-printf("\tdata length: %d\n", alen);    
+printf("\tdata length: %d\n", alen);
 #endif
        int len = RTA_LENGTH(alen);
@@ -632,46 +635,8 @@ printf("\tdata length: %d\n", alen);
        return 0;
 }
-#if 0
-int addattr_l(struct nlmsghdr *n, int maxlen, int type, const void *data,
-              int alen)
-{
-printf("%s: adding type %d, length %d ", __FUNCTION__, type, alen);
-if (type == IFLA_INFO_KIND) {
-if (alen)
-        printf("(IFLA_INFO_KIND %s)\n", (char *)data);  
-else
-printf("(VETH_INFO_PEER)\n");
-}
-else if (type == IFLA_IFNAME) {
-printf("(IFLA_IFNAME %s)\n", (char *) data);
-}
-else if (type == IFLA_NET_NS_PID) {
-printf("(IFLA_NET_NS_PID %u)\n", *((unsigned *) data));
-}
-else if (type == IFLA_LINKINFO)
-printf("(IFLA_LINKINFO)\n");
-else if (type == IFLA_INFO_DATA)
-printf("(IFLA_INFO_DATA)\n");
-else
-        printf("\n");
-        int len = RTA_LENGTH(alen);
-        struct rtattr *rta;
-        if (NLMSG_ALIGN(n->nlmsg_len) + RTA_ALIGN(len) > maxlen) {
-                fprintf(stderr, "addattr_l ERROR: message exceeded bound of %d\n",maxlen);
-                return -1;
-        }
-        rta = NLMSG_TAIL(n);
-        rta->rta_type = type;
-        rta->rta_len = len;
-        memcpy(RTA_DATA(rta), data, alen);
-        n->nlmsg_len = NLMSG_ALIGN(n->nlmsg_len) + RTA_ALIGN(len);
-        return 0;
-}
-#endif
+#if 0
 int addraw_l(struct nlmsghdr *n, int maxlen, const void *data, int len)
 {
        if ((int)(NLMSG_ALIGN(n->nlmsg_len) + NLMSG_ALIGN(len)) > maxlen) {
@@ -723,7 +688,7 @@ int rta_addattr32(struct rtattr *rta, int maxlen, int type, __u32 data)
        int len = RTA_LENGTH(4);
        struct rtattr *subrta;
-        if (RTA_ALIGN(rta->rta_len) + len > maxlen) {
+        if ((int) (RTA_ALIGN(rta->rta_len) + len) > maxlen) {
                fprintf(stderr,"rta_addattr32: Error! max allowed bound %d exceeded\n",maxlen);
                return -1;
        }
@@ -741,7 +706,7 @@ int rta_addattr_l(struct rtattr *rta, int maxlen, int type,
        struct rtattr *subrta;
        int len = RTA_LENGTH(alen);
-        if (RTA_ALIGN(rta->rta_len) + RTA_ALIGN(len) > maxlen) {
+        if ((int) (RTA_ALIGN(rta->rta_len) + RTA_ALIGN(len)) > maxlen) {
                fprintf(stderr,"rta_addattr_l: Error! max allowed bound %d exceeded\n",maxlen);
                return -1;
        }
@@ -802,3 +767,4 @@ int __parse_rtattr_nested_compat(struct rtattr *tb[], int max, struct rtattr *rt
        memset(tb, 0, sizeof(struct rtattr *) * (max + 1));
        return 0;
 }
+#endif
author	netblue30 <netblue30@yahoo.com>	2017-11-11 08:09:46 -0500
committer	netblue30 <netblue30@yahoo.com>	2017-11-11 08:09:46 -0500
commit	6945c5a3c3a75a9c2f2b84694a54b7ac477a2276 (patch)
tree	aa630073d2d7f141df6b42eab2abad38a0646414
parent	maintenance: updated terminal support in disable-common.inc (diff)
download	firejail-6945c5a3c3a75a9c2f2b84694a54b7ac477a2276.tar.gz firejail-6945c5a3c3a75a9c2f2b84694a54b7ac477a2276.tar.zst firejail-6945c5a3c3a75a9c2f2b84694a54b7ac477a2276.zip

diff --git a/RELNOTES b/RELNOTES index 4591625f5..4b1125eb1 100644 --- a/RELNOTES +++ b/RELNOTES
@@ -8,12 +8,13 @@ firejail (0.9.38.12) baseline; urgency=low
8	* bugfix: --quiet option	8	* bugfix: --quiet option
9	* bugfix: truncated output in snprintf	9	* bugfix: truncated output in snprintf
10	* bugfix: fix handling of /dev/shm in whitelists	10	* bugfix: fix handling of /dev/shm in whitelists
11	* enhancement: --output cleanup
12	* enhancement: quiet support in profile files	11	* enhancement: quiet support in profile files
		12	* maintenance: --output cleanup
		13	* manitenance: libnetlink cleanup
13	* maintenance: updated terminal support in disable-common.inc	14	* maintenance: updated terminal support in disable-common.inc
14	* maintenance: updated copyright statement in all files	15	* maintenance: updated copyright statement in all files
15	* maintenance: testing suite update for Debian "stretch"	16	* maintenance: testing suite update for Debian "stretch"
16	-- netblue30 <netblue30@yahoo.com> Wed, 4 Oct 2017 10:00:00 -0500	17	-- netblue30 <netblue30@yahoo.com> Sat, 11 Nov 2017 10:00:00 -0500
17		18
18	firejail (0.9.38.10) baseline; urgency=low	19	firejail (0.9.38.10) baseline; urgency=low
19	* security: new fix for CVE-2017-5180 reported by Sebastian Krahmer last week	20	* security: new fix for CVE-2017-5180 reported by Sebastian Krahmer last week


diff --git a/src/lib/libnetlink.c b/src/lib/libnetlink.c index 07457eefe..d2975bd57 100644 --- a/src/lib/libnetlink.c +++ b/src/lib/libnetlink.c
@@ -1,16 +1,16 @@
1	/* file extracted from iproute2 software package	1	/* file extracted from iproute2 software package
2	*	2	*
3	* Original source code:	3	* Original source code:
4	*	4	*
5	* Information:	5	* Information:
6	* http://www.linuxfoundation.org/collaborate/workgroups/networking/iproute2	6	* http://www.linuxfoundation.org/collaborate/workgroups/networking/iproute2
7	*	7	*
8	* Download:	8	* Download:
9	* http://www.kernel.org/pub/linux/utils/net/iproute2/	9	* http://www.kernel.org/pub/linux/utils/net/iproute2/
10	*	10	*
11	* Repository:	11	* Repository:
12	* git://git.kernel.org/pub/scm/linux/kernel/git/shemminger/iproute2.git	12	* git://git.kernel.org/pub/scm/linux/kernel/git/shemminger/iproute2.git
13	*	13	*
14	* License: GPL v2	14	* License: GPL v2
15	*	15	*
16	* Original copyright header	16	* Original copyright header
@@ -105,6 +105,7 @@ int rtnl_open(struct rtnl_handle *rth, unsigned subscriptions)
105	return rtnl_open_byproto(rth, subscriptions, NETLINK_ROUTE);	105	return rtnl_open_byproto(rth, subscriptions, NETLINK_ROUTE);
106	}	106	}
107		107
		108	#if 0
108	int rtnl_wilddump_request(struct rtnl_handle *rth, int family, int type)	109	int rtnl_wilddump_request(struct rtnl_handle *rth, int family, int type)
109	{	110	{
110	return rtnl_wilddump_req_filter(rth, family, type, RTEXT_FILTER_VF);	111	return rtnl_wilddump_req_filter(rth, family, type, RTEXT_FILTER_VF);
@@ -165,7 +166,7 @@ int rtnl_send_check(struct rtnl_handle rth, const void buf, int len)
165	struct nlmsgerr err = (struct nlmsgerr)NLMSG_DATA(h);	166	struct nlmsgerr err = (struct nlmsgerr)NLMSG_DATA(h);
166	if (h->nlmsg_len < NLMSG_LENGTH(sizeof(struct nlmsgerr)))	167	if (h->nlmsg_len < NLMSG_LENGTH(sizeof(struct nlmsgerr)))
167	fprintf(stderr, "ERROR truncated\n");	168	fprintf(stderr, "ERROR truncated\n");
168	else	169	else
169	errno = -err->error;	170	errno = -err->error;
170	return -1;	171	return -1;
171	}	172	}
@@ -303,6 +304,7 @@ int rtnl_dump_filter(struct rtnl_handle *rth,
303		304
304	return rtnl_dump_filter_l(rth, a);	305	return rtnl_dump_filter_l(rth, a);
305	}	306	}
		307	#endif
306		308
307	int rtnl_talk(struct rtnl_handle rtnl, struct nlmsghdr n, pid_t peer,	309	int rtnl_talk(struct rtnl_handle rtnl, struct nlmsghdr n, pid_t peer,
308	unsigned groups, struct nlmsghdr *answer)	310	unsigned groups, struct nlmsghdr *answer)
@@ -422,6 +424,7 @@ int rtnl_talk(struct rtnl_handle rtnl, struct nlmsghdr n, pid_t peer,
422	}	424	}
423	}	425	}
424		426
		427	#if 0
425	int rtnl_listen(struct rtnl_handle *rtnl,	428	int rtnl_listen(struct rtnl_handle *rtnl,
426	rtnl_filter_t handler,	429	rtnl_filter_t handler,
427	void *jarg)	430	void *jarg)
@@ -580,7 +583,7 @@ int addattrstrz(struct nlmsghdr n, int maxlen, int type, const char str)
580	{	583	{
581	return addattr_l(n, maxlen, type, str, strlen(str)+1);	584	return addattr_l(n, maxlen, type, str, strlen(str)+1);
582	}	585	}
583		586	#endif
584		587
585		588
586	int addattr_l(struct nlmsghdr n, int maxlen, int type, const void data,	589	int addattr_l(struct nlmsghdr n, int maxlen, int type, const void data,
@@ -597,7 +600,7 @@ if (type == IFLA_LINK) {
597	for (i = 0; i < alen; i++)	600	for (i = 0; i < alen; i++)
598	printf("%02x, ", ((unsigned char )data + i));	601	printf("%02x, ", ((unsigned char )data + i));
599	printf("\n");	602	printf("\n");
600	}	603	}
601	else if (type == IFLA_IFNAME) {	604	else if (type == IFLA_IFNAME) {
602	printf("IFLA_IFNAME\n");	605	printf("IFLA_IFNAME\n");
603	printf("\tdata - #%s#\n", data);	606	printf("\tdata - #%s#\n", data);
@@ -612,8 +615,8 @@ else if (type == IFLA_ADDRESS) {
612	printf("\n");	615	printf("\n");
613	}	616	}
614	else if (type == IFLA_BROADCAST) printf("IFLA_BROADCAST or IFLA_INFO_DATA\n");	617	else if (type == IFLA_BROADCAST) printf("IFLA_BROADCAST or IFLA_INFO_DATA\n");
615		618
616	printf("\tdata length: %d\n", alen);	619	printf("\tdata length: %d\n", alen);
617	#endif	620	#endif
618		621
619	int len = RTA_LENGTH(alen);	622	int len = RTA_LENGTH(alen);
@@ -632,46 +635,8 @@ printf("\tdata length: %d\n", alen);
632	return 0;	635	return 0;
633	}	636	}
634		637
635	#if 0
636	int addattr_l(struct nlmsghdr n, int maxlen, int type, const void data,
637	int alen)
638	{
639	printf("%s: adding type %d, length %d ", __FUNCTION__, type, alen);
640	if (type == IFLA_INFO_KIND) {
641	if (alen)
642	printf("(IFLA_INFO_KIND %s)\n", (char *)data);
643	else
644	printf("(VETH_INFO_PEER)\n");
645	}
646	else if (type == IFLA_IFNAME) {
647	printf("(IFLA_IFNAME %s)\n", (char *) data);
648	}
649	else if (type == IFLA_NET_NS_PID) {
650	printf("(IFLA_NET_NS_PID %u)\n", ((unsigned ) data));
651	}
652	else if (type == IFLA_LINKINFO)
653	printf("(IFLA_LINKINFO)\n");
654	else if (type == IFLA_INFO_DATA)
655	printf("(IFLA_INFO_DATA)\n");
656	else
657	printf("\n");
658
659	int len = RTA_LENGTH(alen);
660	struct rtattr *rta;
661
662	if (NLMSG_ALIGN(n->nlmsg_len) + RTA_ALIGN(len) > maxlen) {
663	fprintf(stderr, "addattr_l ERROR: message exceeded bound of %d\n",maxlen);
664	return -1;
665	}
666	rta = NLMSG_TAIL(n);
667	rta->rta_type = type;
668	rta->rta_len = len;
669	memcpy(RTA_DATA(rta), data, alen);
670	n->nlmsg_len = NLMSG_ALIGN(n->nlmsg_len) + RTA_ALIGN(len);
671	return 0;
672	}
673	#endif
674		638
		639	#if 0
675	int addraw_l(struct nlmsghdr n, int maxlen, const void data, int len)	640	int addraw_l(struct nlmsghdr n, int maxlen, const void data, int len)
676	{	641	{
677	if ((int)(NLMSG_ALIGN(n->nlmsg_len) + NLMSG_ALIGN(len)) > maxlen) {	642	if ((int)(NLMSG_ALIGN(n->nlmsg_len) + NLMSG_ALIGN(len)) > maxlen) {
@@ -723,7 +688,7 @@ int rta_addattr32(struct rtattr *rta, int maxlen, int type, __u32 data)
723	int len = RTA_LENGTH(4);	688	int len = RTA_LENGTH(4);
724	struct rtattr *subrta;	689	struct rtattr *subrta;
725		690
726	if (RTA_ALIGN(rta->rta_len) + len > maxlen) {	691	if ((int) (RTA_ALIGN(rta->rta_len) + len) > maxlen) {
727	fprintf(stderr,"rta_addattr32: Error! max allowed bound %d exceeded\n",maxlen);	692	fprintf(stderr,"rta_addattr32: Error! max allowed bound %d exceeded\n",maxlen);
728	return -1;	693	return -1;
729	}	694	}
@@ -741,7 +706,7 @@ int rta_addattr_l(struct rtattr *rta, int maxlen, int type,
741	struct rtattr *subrta;	706	struct rtattr *subrta;
742	int len = RTA_LENGTH(alen);	707	int len = RTA_LENGTH(alen);
743		708
744	if (RTA_ALIGN(rta->rta_len) + RTA_ALIGN(len) > maxlen) {	709	if ((int) (RTA_ALIGN(rta->rta_len) + RTA_ALIGN(len)) > maxlen) {
745	fprintf(stderr,"rta_addattr_l: Error! max allowed bound %d exceeded\n",maxlen);	710	fprintf(stderr,"rta_addattr_l: Error! max allowed bound %d exceeded\n",maxlen);
746	return -1;	711	return -1;
747	}	712	}
@@ -802,3 +767,4 @@ int __parse_rtattr_nested_compat(struct rtattr tb[], int max, struct rtattr rt
802	memset(tb, 0, sizeof(struct rtattr ) (max + 1));	767	memset(tb, 0, sizeof(struct rtattr ) (max + 1));
803	return 0;	768	return 0;
804	}	769	}
		770	#endif