Date: Monday, February 13, 2023 @ 09:18:36 Author: freswa Revision: 468705
fix overlapping buffers leading to cut off IPv6 adresses since glibc 2.37 See https://lore.kernel.org/netdev/[email protected]/T/#u Fixes FS#77451 Added: iproute2/trunk/fix_overlapping_buffers.patch Modified: iproute2/trunk/PKGBUILD -------------------------------+ PKGBUILD | 9 ++++++- fix_overlapping_buffers.patch | 46 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 54 insertions(+), 1 deletion(-) Modified: PKGBUILD =================================================================== --- PKGBUILD 2023-02-12 21:51:53 UTC (rev 468704) +++ PKGBUILD 2023-02-13 09:18:36 UTC (rev 468705) @@ -4,7 +4,7 @@ pkgname=iproute2 pkgver=6.1.0 -pkgrel=4 +pkgrel=5 pkgdesc='IP Routing Utilities' arch=('x86_64') license=('GPL2') @@ -29,10 +29,12 @@ validpgpkeys=('9F6FC345B05BE7E766B83C8F80A77F6095CDE47E') # Stephen Hemminger source=("https://www.kernel.org/pub/linux/utils/net/${pkgname}/${pkgname}-${pkgver}.tar."{xz,sign} '0001-make-iproute2-fhs-compliant.patch' + 'fix_overlapping_buffers.patch' 'bdb5.3.patch') sha256sums=('5ce12a0fec6b212725ef218735941b2dab76244db7e72646a76021b0537b43ab' 'SKIP' '758b82bd61ed7512d215efafd5fab5ae7a28fbfa6161b85e2ce7373285e56a5d' + '7d2fb8ba06f3b73a8fa3ab673b8f1ad41c0e4fd85e3c31a8d4002a1b074ec1ae' '908de44ee99bf78669e7c513298fc2a22ca9d7e816a8f99788b1e9b091035cf4') prepare() { @@ -44,6 +46,11 @@ # use Berkeley DB 5.3 patch -Np1 -i "${srcdir}"/bdb5.3.patch + # fix overlapping buffers leading to cut off IPv6 adresses since glibc 2.37 + # See FS#77451 and + # https://lore.kernel.org/netdev/[email protected]/T/#u + patch -Np1 -i "${srcdir}"/fix_overlapping_buffers.patch + # do not treat warnings as errors sed -i 's/-Werror//' Makefile Added: fix_overlapping_buffers.patch =================================================================== --- fix_overlapping_buffers.patch (rev 0) +++ fix_overlapping_buffers.patch 2023-02-13 09:18:36 UTC (rev 468705) @@ -0,0 +1,46 @@ +Fix overlapping buffers passed to strncpy which is UB. format_host_rta_r writes +to the buffer passed to it, so hostname (derived from b1) & b1 partly overlap. + +This gets worse with sys-libs/glibc-2.37 where the ip route output can be truncated, +but it was UB anyway and you can see it occurring w/ glibc-2.36. + +Bug: https://lore.kernel.org/netdev/[email protected]/T/#u +Bug: https://sourceware.org/bugzilla/show_bug.cgi?id=30112 +Thanks-to: Doug Freed <[email protected]> +Signed-off-by: Sam James <[email protected]> +--- + ip/iproute.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/ip/iproute.c b/ip/iproute.c +index 0bab0fdf..a7cd9543 100644 +--- a/ip/iproute.c ++++ b/ip/iproute.c +@@ -748,6 +748,7 @@ int print_route(struct nlmsghdr *n, void *arg) + int ret; + + SPRINT_BUF(b1); ++ SPRINT_BUF(b2); + + if (n->nlmsg_type != RTM_NEWROUTE && n->nlmsg_type != RTM_DELROUTE) { + fprintf(stderr, "Not a route: %08x %08x %08x\n", +@@ -809,7 +810,7 @@ int print_route(struct nlmsghdr *n, void *arg) + r->rtm_dst_len); + } else { + const char *hostname = format_host_rta_r(family, tb[RTA_DST], +- b1, sizeof(b1)); ++ b2, sizeof(b2)); + if (hostname) + strncpy(b1, hostname, sizeof(b1) - 1); + } +@@ -832,7 +833,7 @@ int print_route(struct nlmsghdr *n, void *arg) + r->rtm_src_len); + } else { + const char *hostname = format_host_rta_r(family, tb[RTA_SRC], +- b1, sizeof(b1)); ++ b2, sizeof(b2)); + if (hostname) + strncpy(b1, hostname, sizeof(b1) - 1); + } +-- +2.39.1
