package/iproute2: backport NULL dereference fix

This will be part of 6.15.0 release. Signed-off-by: Petr Vorel <petr.vorel@gmail.com> [Julien: fix check-package error by adding "Upstream:" tag in patch] Signed-off-by: Julien Olivain <ju.o@free.fr> (cherry picked from commit 6bcefa73b1) Signed-off-by: Thomas Perale <thomas.perale@mind.be>
2025-04-21 22:31:07 +02:00
parent 358908b8e9
commit 2715339ec6
1 changed files with 36 additions and 0 deletions
--- a/package/iproute2/0001-nstat-NULL-Dereference-when-no-entries-specified.patch
+++ b/package/iproute2/0001-nstat-NULL-Dereference-when-no-entries-specified.patch
@@ -0,0 +1,36 @@
+From 866e1d107b7de68ca1fcd1d4d5ffecf9d96bff30 Mon Sep 17 00:00:00 2001
+From: ZiAo Li <23110240084@m.fudan.edu.cn>
+Date: Wed, 9 Apr 2025 23:03:30 +0800
+Subject: [PATCH] nstat: NULL Dereference when no entries specified
+
+The NULL Pointer Dereference vulnerability happens in load_ugly_table(), misc/nstat.c, in the latest version of iproute2.
+The vulnerability can be triggered by:
+1. db is set to NULL at struct nstat_ent *db = NULL;
+2. n is set to NULL at n = db;
+3. NULL dereference of variable n happens at sscanf(p+1, "%llu", &n->val) != 1
+
+Signed-off-by: ZiAo Li <23110240084@m.fudan.edu.cn>
+Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
+Upstream: https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit/?id=866e1d107b7de68ca1fcd1d4d5ffecf9d96bff30
+---
+ misc/nstat.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/misc/nstat.c b/misc/nstat.c
+index fce3e9c1..b2e19bde 100644
+--- a/misc/nstat.c
+++ b/misc/nstat.c
+@@ -218,6 +218,10 @@ static void load_ugly_table(FILE *fp)
+ 			p = next;
+ 		}
+ 		n = db;
+		if (n == NULL) {
+			fprintf(stderr, "Error: Invalid input – line has ':' but no entries. Add values after ':'.\n");
+			exit(-2);
+		}
+ 		nread = getline(&buf, &buflen, fp);
+ 		if (nread == -1) {
+ 			fprintf(stderr, "%s:%d: error parsing history file\n",
+-- 
+2.49.0
+