Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP7:Update
libpcap.35576
libpcap-CVE-2023-7256.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File libpcap-CVE-2023-7256.patch of Package libpcap.35576
From 2aa69b04d8173b18a0e3492e0c8f2f7fabdf642d Mon Sep 17 00:00:00 2001 From: Guy Harris <gharris@sonic.net> Date: Thu, 28 Sep 2023 00:37:57 -0700 Subject: [PATCH] Have sock_initaddress() return the list of addrinfo structures or NULL. Its return address is currently 0 for success and -1 for failure, with a pointer to the first element of the list of struct addrinfos returned through a pointer on success; change it to return that pointer on success and NULL on failure. That way, we don't have to worry about what happens to the pointer pointeed to by the argument in question on failure; we know that we got NULL back if no struct addrinfos were found because getaddrinfo() failed. Thus, we know that we have something to free iff sock_initaddress() returned a pointer to that something rather than returning NULL. This avoids a double-free in some cases. --- pcap-rpcap.c | 48 ++++++++++++++++++++-------------------- rpcapd/daemon.c | 8 +++++-- rpcapd/rpcapd.c | 8 +++++-- sockutils.c | 58 ++++++++++++++++++++++++++++--------------------- sockutils.h | 5 ++--- 5 files changed, 72 insertions(+), 55 deletions(-) Index: libpcap-1.9.1/pcap-rpcap.c =================================================================== --- libpcap-1.9.1.orig/pcap-rpcap.c +++ libpcap-1.9.1/pcap-rpcap.c @@ -949,7 +949,6 @@ rpcap_remoteact_getsock(const char *host { struct activehosts *temp; /* temp var needed to scan the host list chain */ struct addrinfo hints, *addrinfo, *ai_next; /* temp var needed to translate between hostname to its address */ - int retval; /* retrieve the network address corresponding to 'host' */ addrinfo = NULL; @@ -957,8 +956,9 @@ rpcap_remoteact_getsock(const char *host hints.ai_family = PF_UNSPEC; hints.ai_socktype = SOCK_STREAM; - retval = getaddrinfo(host, "0", &hints, &addrinfo); - if (retval != 0) + addrinfo = sock_initaddress(host, "0", &hints, errbuf, + PCAP_ERRBUF_SIZE); + if (addrinfo == NULL) { pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE, "getaddrinfo() %s", gai_strerror(retval)); @@ -1102,7 +1102,9 @@ static int pcap_startcapture_remote(pcap hints.ai_flags = AI_PASSIVE; /* Data connection is opened by the server toward the client */ /* Let's the server pick up a free network port for us */ - if (sock_initaddress(NULL, "0", &hints, &addrinfo, fp->errbuf, PCAP_ERRBUF_SIZE) == -1) + addrinfo = sock_initaddress(NULL, "0", &hints, fp->errbuf, + PCAP_ERRBUF_SIZE); + if (addrinfo == NULL) goto error_nodiscard; if ((sockdata = sock_open(addrinfo, SOCKOPEN_SERVER, @@ -1214,7 +1216,9 @@ static int pcap_startcapture_remote(pcap pcap_snprintf(portdata, PCAP_BUF_SIZE, "%d", ntohs(startcapreply.portdata)); /* Let's the server pick up a free network port for us */ - if (sock_initaddress(host, portdata, &hints, &addrinfo, fp->errbuf, PCAP_ERRBUF_SIZE) == -1) + addrinfo = sock_initaddress(host, portstring, &hints, + fp->errbuf, PCAP_ERRBUF_SIZE); + if (addrinfo == NULL) goto error; if ((sockdata = sock_open(addrinfo, SOCKOPEN_CLIENT, 0, fp->errbuf, PCAP_ERRBUF_SIZE)) == INVALID_SOCKET) @@ -2112,16 +2116,16 @@ rpcap_setup_session(const char *source, if (port[0] == 0) { /* the user chose not to specify the port */ - if (sock_initaddress(host, RPCAP_DEFAULT_NETPORT, - &hints, &addrinfo, errbuf, PCAP_ERRBUF_SIZE) == -1) - return -1; + addrinfo = sock_initaddress(host, RPCAP_DEFAULT_NETPORT, + &hints, errbuf, PCAP_ERRBUF_SIZE); } else { - if (sock_initaddress(host, port, &hints, &addrinfo, - errbuf, PCAP_ERRBUF_SIZE) == -1) - return -1; + addrinfo = sock_initaddress(host, port, &hints, + errbuf, PCAP_ERRBUF_SIZE); } + if (addrinfo == NULL) + return -1; if ((*sockctrlp = sock_open(addrinfo, SOCKOPEN_CLIENT, 0, errbuf, PCAP_ERRBUF_SIZE)) == INVALID_SOCKET) @@ -2654,19 +2658,19 @@ SOCKET pcap_remoteact_accept(const char /* Do the work */ if ((port == NULL) || (port[0] == 0)) { - if (sock_initaddress(address, RPCAP_DEFAULT_NETPORT_ACTIVE, &hints, &addrinfo, errbuf, PCAP_ERRBUF_SIZE) == -1) - { - return (SOCKET)-2; - } + addrinfo = sock_initaddress(address, + RPCAP_DEFAULT_NETPORT_ACTIVE, &hints, errbuf, + PCAP_ERRBUF_SIZE); } else { - if (sock_initaddress(address, port, &hints, &addrinfo, errbuf, PCAP_ERRBUF_SIZE) == -1) - { - return (SOCKET)-2; - } + addrinfo = sock_initaddress(address, port, &hints, errbuf, + PCAP_ERRBUF_SIZE); + } + if (addrinfo == NULL) + { + return (SOCKET)-2; } - if ((sockmain = sock_open(addrinfo, SOCKOPEN_SERVER, 1, errbuf, PCAP_ERRBUF_SIZE)) == INVALID_SOCKET) { @@ -2768,7 +2772,6 @@ int pcap_remoteact_close(const char *hos { struct activehosts *temp, *prev; /* temp var needed to scan the host list chain */ struct addrinfo hints, *addrinfo, *ai_next; /* temp var needed to translate between hostname to its address */ - int retval; temp = activeHosts; prev = NULL; @@ -2779,12 +2782,12 @@ int pcap_remoteact_close(const char *hos hints.ai_family = PF_UNSPEC; hints.ai_socktype = SOCK_STREAM; - retval = getaddrinfo(host, "0", &hints, &addrinfo); - if (retval != 0) - { - pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE, "getaddrinfo() %s", gai_strerror(retval)); - return -1; - } + addrinfo = sock_initaddress(host, "0", &hints, errbuf, + PCAP_ERRBUF_SIZE); + if (addrinfo == NULL) + { + return -1; + } while (temp) { Index: libpcap-1.9.1/rpcapd/daemon.c =================================================================== --- libpcap-1.9.1.orig/rpcapd/daemon.c +++ libpcap-1.9.1/rpcapd/daemon.c @@ -1747,7 +1747,9 @@ daemon_msg_startcap_req(uint8 ver, struc goto error; } - if (sock_initaddress(peerhost, portdata, &hints, &addrinfo, errmsgbuf, PCAP_ERRBUF_SIZE) == -1) + addrinfo = sock_initaddress(peerhost, portdata, &hints, + errmsgbuf, PCAP_ERRBUF_SIZE); + if (addrinfo == NULL) goto error; if ((session->sockdata = sock_open(addrinfo, SOCKOPEN_CLIENT, 0, errmsgbuf, PCAP_ERRBUF_SIZE)) == INVALID_SOCKET) @@ -1758,7 +1760,9 @@ daemon_msg_startcap_req(uint8 ver, struc hints.ai_flags = AI_PASSIVE; // Let's the server socket pick up a free network port for us - if (sock_initaddress(NULL, "0", &hints, &addrinfo, errmsgbuf, PCAP_ERRBUF_SIZE) == -1) + addrinfo = sock_initaddress(NULL, NULL, &hints, errmsgbuf, + PCAP_ERRBUF_SIZE); + if (addrinfo == NULL) goto error; if ((session->sockdata = sock_open(addrinfo, SOCKOPEN_SERVER, 1 /* max 1 connection in queue */, errmsgbuf, PCAP_ERRBUF_SIZE)) == INVALID_SOCKET) Index: libpcap-1.9.1/rpcapd/rpcapd.c =================================================================== --- libpcap-1.9.1.orig/rpcapd/rpcapd.c +++ libpcap-1.9.1/rpcapd/rpcapd.c @@ -549,7 +549,9 @@ void main_startup(void) // // Get a list of sockets on which to listen. // - if (sock_initaddress((address[0]) ? address : NULL, port, &mainhints, &addrinfo, errbuf, PCAP_ERRBUF_SIZE) == -1) + addrinfo = sock_initaddress((address[0]) ? address : NULL, + port, &mainhints, errbuf, PCAP_ERRBUF_SIZE); + if (addrinfo == NULL) { rpcapd_log(LOGPRIO_DEBUG, "%s", errbuf); return; @@ -1286,7 +1288,9 @@ main_active(void *ptr) memset(errbuf, 0, sizeof(errbuf)); // Do the work - if (sock_initaddress(activepars->address, activepars->port, &hints, &addrinfo, errbuf, PCAP_ERRBUF_SIZE) == -1) + addrinfo = sock_initaddress(activepars->address, activepars->port, + &hints, errbuf, PCAP_ERRBUF_SIZE); + if (addrinfo == NULL) { rpcapd_log(LOGPRIO_DEBUG, "%s", errbuf); return 0; Index: libpcap-1.9.1/sockutils.c =================================================================== --- libpcap-1.9.1.orig/sockutils.c +++ libpcap-1.9.1/sockutils.c @@ -683,31 +683,36 @@ get_gai_errstring(char *errbuf, int errb * \param errbuflen: length of the buffer that will contains the error. The error message cannot be * larger than 'errbuflen - 1' because the last char is reserved for the string terminator. * - * \return '0' if everything is fine, '-1' if some errors occurred. The error message is returned - * in the 'errbuf' variable. The addrinfo variable that has to be used in the following sockets calls is - * returned into the addrinfo parameter. + * \return a pointer to the first element in a list of addrinfo structures + * if everything is fine, NULL if some errors occurred. The error message + * is returned in the 'errbuf' variable. * - * \warning The 'addrinfo' variable has to be deleted by the programmer by calling freeaddrinfo() when - * it is no longer needed. + * \warning The list of addrinfo structures returned has to be deleted by + * the programmer by calling freeaddrinfo() when it is no longer needed. * * \warning This function requires the 'hints' variable as parameter. The semantic of this variable is the same * of the one of the corresponding variable used into the standard getaddrinfo() socket function. We suggest * the programmer to look at that function in order to set the 'hints' variable appropriately. */ -int sock_initaddress(const char *host, const char *port, - struct addrinfo *hints, struct addrinfo **addrinfo, char *errbuf, int errbuflen) +struct addrinfo *sock_initaddress(const char *host, const char *port, + struct addrinfo *hints, char *errbuf, int errbuflen) { + struct addrinfo *addrinfo; int retval; - retval = getaddrinfo(host, port, hints, addrinfo); + retval = getaddrinfo(host, port == NULL ? "0", hints, &addrinfo); if (retval != 0) { + /* + * That call failed. + * Determine whether the problem is that the host is bad. + */ if (errbuf) { get_gai_errstring(errbuf, errbuflen, "", retval, host, port); } - return -1; + return NULL; } /* * \warning SOCKET: I should check all the accept() in order to bind to all addresses in case @@ -722,30 +727,28 @@ int sock_initaddress(const char *host, c * ignore all addresses that are neither? (What, no IPX * support? :-)) */ - if (((*addrinfo)->ai_family != PF_INET) && - ((*addrinfo)->ai_family != PF_INET6)) + if ((addrinfo->ai_family != PF_INET) && + (addrinfo->ai_family != PF_INET6)) { if (errbuf) pcap_snprintf(errbuf, errbuflen, "getaddrinfo(): socket type not supported"); - freeaddrinfo(*addrinfo); - *addrinfo = NULL; - return -1; + freeaddrinfo(addrinfo); + return NULL; } /* * You can't do multicast (or broadcast) TCP. */ - if (((*addrinfo)->ai_socktype == SOCK_STREAM) && - (sock_ismcastaddr((*addrinfo)->ai_addr) == 0)) + if ((addrinfo->ai_socktype == SOCK_STREAM) && + (sock_ismcastaddr(addrinfo->ai_addr) == 0)) { if (errbuf) pcap_snprintf(errbuf, errbuflen, "getaddrinfo(): multicast addresses are not valid when using TCP streams"); - freeaddrinfo(*addrinfo); - *addrinfo = NULL; - return -1; + freeaddrinfo(addrinfo); + return NULL; } - return 0; + return addrinfo; } /* @@ -1607,7 +1610,6 @@ int sock_getascii_addrport(const struct */ int sock_present2network(const char *address, struct sockaddr_storage *sockaddr, int addr_family, char *errbuf, int errbuflen) { - int retval; struct addrinfo *addrinfo; struct addrinfo hints; @@ -1615,7 +1617,9 @@ int sock_present2network(const char *add hints.ai_family = addr_family; - if ((retval = sock_initaddress(address, "22222" /* fake port */, &hints, &addrinfo, errbuf, errbuflen)) == -1) + addrinfo = sock_initaddress(address, "22222" /* fake port */, &hints, + errbuf, errbuflen); + if (addrinfo == NULL) return 0; if (addrinfo->ai_family == PF_INET) Index: libpcap-1.9.1/sockutils.h =================================================================== --- libpcap-1.9.1.orig/sockutils.h +++ libpcap-1.9.1/sockutils.h @@ -125,9 +125,8 @@ int sock_init(char *errbuf, int errbufle void sock_cleanup(void); void sock_fmterror(const char *caller, int errcode, char *errbuf, int errbuflen); void sock_geterror(const char *caller, char *errbuf, int errbufsize); -int sock_initaddress(const char *address, const char *port, - struct addrinfo *hints, struct addrinfo **addrinfo, - char *errbuf, int errbuflen); +struct addrinfo *sock_initaddress(const char *address, const char *port, + struct addrinfo *hints, char *errbuf, int errbuflen); int sock_recv(SOCKET sock, void *buffer, size_t size, int receiveall, char *errbuf, int errbuflen); int sock_recv_dgram(SOCKET sock, void *buffer, size_t size,
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor