diff --git a/backport-Avoiding-null-pointer-dereference.patch b/backport-Avoiding-null-pointer-dereference.patch new file mode 100644 index 0000000000000000000000000000000000000000..858277a42d8b7752abac3a2241217c7b6455a1a9 --- /dev/null +++ b/backport-Avoiding-null-pointer-dereference.patch @@ -0,0 +1,71 @@ +From 483ec3cf70f68627b8ad2d29c36334ff54571a45 Mon Sep 17 00:00:00 2001 +From: klebertarcisio +Date: Fri, 2 Apr 2021 19:54:03 -0300 +Subject: [PATCH] Avoiding null pointer dereference + +--- + ctrl_iface.c | 2 ++ + dcbtool_cmds.c | 2 ++ + lldp_8021qaz.c | 4 ++++ + lldp_dcbx.c | 4 ++++ + 4 files changed, 12 insertions(+) + +diff --git a/ctrl_iface.c b/ctrl_iface.c +index 666f7c8..5f86fd2 100644 +--- a/ctrl_iface.c ++++ b/ctrl_iface.c +@@ -180,6 +180,8 @@ int clif_iface_attach(struct clif_data *clifd, + } else { + tlv = strdup(ibuf); + str = tlv; ++ if (!str) ++ goto err_tlv; + str++; + /* Count number of TLV Modules */ + tokenize = strtok(str, delim); +diff --git a/dcbtool_cmds.c b/dcbtool_cmds.c +index 0846f83..e1c76c4 100644 +--- a/dcbtool_cmds.c ++++ b/dcbtool_cmds.c +@@ -373,6 +373,8 @@ int handle_dcb_cmds(struct clif *clif, int argc, char *argv[], int raw) + } + + cmd_args = get_cmd_args(); ++ if (!cmd_args) ++ return -1; + + if (get_feature() == FEATURE_DCBX) + snprintf(cbuf, sizeof(cbuf), "%c%01x%02x%02x%s", +diff --git a/lldp_8021qaz.c b/lldp_8021qaz.c +index 045bd45..abeae46 100644 +--- a/lldp_8021qaz.c ++++ b/lldp_8021qaz.c +@@ -1944,6 +1944,10 @@ int ieee8021qaz_rchange(struct port *port, struct lldp_agent *agent, + if (tlv->type == TYPE_1) { + clear_ieee8021qaz_rx(qaz_tlvs); + rx = malloc(sizeof(*rx)); ++ if (!rx) { ++ LLDPAD_INFO("failed malloc for rx\n"); ++ return TLV_ERR; ++ } + memset(rx, 0, sizeof(*rx)); + qaz_tlvs->rx = rx; + qaz_tlvs->ieee8021qazdu = 0; +diff --git a/lldp_dcbx.c b/lldp_dcbx.c +index 3567634..66df857 100644 +--- a/lldp_dcbx.c ++++ b/lldp_dcbx.c +@@ -695,6 +695,10 @@ int dcbx_rchange(struct port *port, struct lldp_agent *agent, struct unpacked_tl + */ + if (tlv->type == TYPE_1) { + manifest = malloc(sizeof(*manifest)); ++ if (!manifest) { ++ LLDPAD_INFO("failed malloc for manifest\n"); ++ return TLV_ERR; ++ } + memset(manifest, 0, sizeof(*manifest)); + dcbx->manifest = manifest; + dcbx->dcbdu = 0; +-- +2.33.0 + diff --git a/backport-agent-reset-frame-status-on-message-delete.patch b/backport-agent-reset-frame-status-on-message-delete.patch new file mode 100644 index 0000000000000000000000000000000000000000..0672a69283b6a07cf2641c240489b368623b1b10 --- /dev/null +++ b/backport-agent-reset-frame-status-on-message-delete.patch @@ -0,0 +1,30 @@ +From 1c0e2a125b35ab5fca7f6f4ac9319a3ae71a8ecd Mon Sep 17 00:00:00 2001 +From: Rajesh B M <59466308+rajeshm-elisity@users.noreply.github.com> +Date: Mon, 8 Mar 2021 23:29:32 +0530 +Subject: [PATCH] agent: reset frame status on message delete + +Currently, when the agent state machine transitions out of +DELETE_INFO, it leaves the rcvFrame flag set. This flag should +be cleared since the frame info is no longer considered usable. + +Signed-off-by: Rajesh B M +Signed-off-by: Aaron Conole +--- + lldp/rx.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/lldp/rx.c b/lldp/rx.c +index 9a0c758..f0c8002 100644 +--- a/lldp/rx.c ++++ b/lldp/rx.c +@@ -568,6 +568,7 @@ void process_delete_info(struct port *port, struct lldp_agent *agent) + + agent->rx.sizein = 0; + agent->rx.remoteChange = true; ++ agent->rx.rcvFrame = false; + return; + } + +-- +2.33.0 + diff --git a/backport-event_iface-only-set-rcv-buf-size-if-too-small.patch b/backport-event_iface-only-set-rcv-buf-size-if-too-small.patch new file mode 100644 index 0000000000000000000000000000000000000000..bc343a1aeee605ef29ebe698ee72c6e4b8d5da07 --- /dev/null +++ b/backport-event_iface-only-set-rcv-buf-size-if-too-small.patch @@ -0,0 +1,75 @@ +From 9dada231f322a0889b2bcb5c6e02ac895695699a Mon Sep 17 00:00:00 2001 +From: Lee Duncan +Date: Thu, 10 Dec 2020 11:25:14 -0800 +Subject: [PATCH] event_iface: only set rcv buf size if too small + +Instead of always setting the receive buffer size +to a small 8K, which causes problems when a flood of +netlink messages are received, set it to a +"minimal" value only if it is currently less +than that value. + +The value used is 32 x the MAX_PAYLOAD size +of 4k, i.e. 128k. + +A config value to modify this can be added if needed, +but doesn't seem warranted at this time. + +Changes in V2: +* remove unneeded debugging/logging + +Acked-by: Aaron Conole +--- + event_iface.c | 13 +++++++++++-- + include/qbg_vdpnl.h | 1 + + 2 files changed, 12 insertions(+), 2 deletions(-) + +diff --git a/event_iface.c b/event_iface.c +index 1be2963..916bf4b 100644 +--- a/event_iface.c ++++ b/event_iface.c +@@ -418,7 +418,8 @@ event_iface_receive(int sock, UNUSED void *eloop_ctx, UNUSED void *sock_ctx) + int event_iface_init() + { + int fd; +- int rcv_size = MAX_PAYLOAD; ++ int rcv_size = 0; ++ socklen_t rcv_len = sizeof(int); + struct sockaddr_nl snl; + + fd = socket(PF_NETLINK, SOCK_RAW, NETLINK_ROUTE); +@@ -426,10 +427,18 @@ int event_iface_init() + if (fd < 0) + return fd; + +- if (setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &rcv_size, sizeof(int)) < 0) { ++ /* is receive buffer size too small? */ ++ if (getsockopt(fd, SOL_SOCKET, SO_RCVBUF, &rcv_size, &rcv_len) < 0) { + close(fd); + return -EIO; + } ++ if (rcv_size < MIN_RCVBUF_SIZE) { ++ rcv_size = MIN_RCVBUF_SIZE >> 1; /* we get back 2x what we set */ ++ if (setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &rcv_size, rcv_len) < 0) { ++ close(fd); ++ return -EIO; ++ } ++ } + + memset((void *)&snl, 0, sizeof(struct sockaddr_nl)); + snl.nl_family = AF_NETLINK; +diff --git a/include/qbg_vdpnl.h b/include/qbg_vdpnl.h +index cb7efca..a9369d9 100644 +--- a/include/qbg_vdpnl.h ++++ b/include/qbg_vdpnl.h +@@ -33,6 +33,7 @@ + #include + + #define MAX_PAYLOAD 4096 /* Maximum Payload Size */ ++#define MIN_RCVBUF_SIZE (MAX_PAYLOAD << 5) /* SO_RCVBUF min */ + + enum { + vdpnl_nlf1 = 1, /* Netlink message format 1 (draft 0.2) */ +-- +2.33.0 + diff --git a/backport-tx-rename-variable.patch b/backport-tx-rename-variable.patch new file mode 100644 index 0000000000000000000000000000000000000000..c956a7927de083286e6356e2bfe52f30feeed829 --- /dev/null +++ b/backport-tx-rename-variable.patch @@ -0,0 +1,39 @@ +From 2446318f61b3161cccc7c4c467f3a58be33a9c16 Mon Sep 17 00:00:00 2001 +From: Aaron Conole +Date: Fri, 11 Dec 2020 12:34:56 -0500 +Subject: [PATCH] tx: rename variable + +This was originally intended to be part of f91cf35f5871 ("tx: when ...") +but was omitted in error. Addresses the original comment. + +Signed-off-by: Aaron Conole +--- + lldp/tx.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/lldp/tx.c b/lldp/tx.c +index 9b36071..9ecd9d1 100644 +--- a/lldp/tx.c ++++ b/lldp/tx.c +@@ -330,15 +330,15 @@ void process_tx_idle(UNUSED struct lldp_agent *agent) + return; + } + +-/* we ignore 'state' value in the case that we have recently transitioned ++/* we ignore 'adminStatus' in the case that we have recently transitioned + * to the shutdown state (in the case of the 'tx' state change) to allow + * for transmitting the ttl==0 as required by the IEEE standard. */ + void process_tx_shutdown_frame(struct port *port, struct lldp_agent *agent, +- bool ignoreState) ++ bool ignoreStatus) + { + if (agent->adminStatus != enabledRxTx && + agent->adminStatus != enabledTxOnly) { +- if (!ignoreState) { ++ if (!ignoreStatus) { + return; + } + } +-- +2.33.0 + diff --git a/backport-tx-when-operating-in-rx-only-mode-don-t-send-a-port-.patch b/backport-tx-when-operating-in-rx-only-mode-don-t-send-a-port-.patch new file mode 100644 index 0000000000000000000000000000000000000000..1230bd0baa6fd85ccb1d30d441ed948263b0c4f6 --- /dev/null +++ b/backport-tx-when-operating-in-rx-only-mode-don-t-send-a-port-.patch @@ -0,0 +1,87 @@ +From f91cf35f5871ab66f4482a9242c415264314ca84 Mon Sep 17 00:00:00 2001 +From: Aaron Conole +Date: Tue, 8 Dec 2020 13:20:30 -0500 +Subject: [PATCH] tx: when operating in rx-only mode don't send a port shutdown + pdu + +Currently, lldpad correctly transmits a shutdown pdu with ttl = 0s when +transitioning from rxtx or txonly to rxonly. However, when we shutdown +lldpad it will transmit a shutdown pdu even if the port is configured +to rxonly mode. For some implementations of LLDP this can create +a confusing state and lead to issues in the network. Correct this by +only transmitting a shutdown PDU when going from any transmit mode to +a receive only mode, and don't transmit PDUs on shutdown if the port +agent isn't configured to transmit. + +Reported-by: Matthew Whitehead +Reported-at: https://bugzilla.redhat.com/show_bug.cgi?id=1905210 +Signed-off-by: Aaron Conole +--- + lldp/agent.c | 2 +- + lldp/states.h | 2 +- + lldp/tx.c | 15 +++++++++++++-- + 3 files changed, 15 insertions(+), 4 deletions(-) + +diff --git a/lldp/agent.c b/lldp/agent.c +index aa4a8d1..14fcf71 100644 +--- a/lldp/agent.c ++++ b/lldp/agent.c +@@ -200,7 +200,7 @@ void clean_lldp_agents(void) + LLDPAD_DBG("Send shutdown frame on port %s\n", + port->ifname); + LIST_FOREACH(agent, &port->agent_head, entry) { +- process_tx_shutdown_frame(port, agent); ++ process_tx_shutdown_frame(port, agent, false); + } + } else { + LLDPAD_DBG("No shutdown frame is sent on port %s\n", +diff --git a/lldp/states.h b/lldp/states.h +index 7cf69b8..f7b8ee0 100644 +--- a/lldp/states.h ++++ b/lldp/states.h +@@ -85,7 +85,7 @@ u8 txFrame(struct port *port, struct lldp_agent *); + void run_tx_sm(struct port *, struct lldp_agent *); + void process_tx_initialize_sm(struct port *); + void process_tx_idle(struct lldp_agent *); +-void process_tx_shutdown_frame(struct port *, struct lldp_agent *); ++void process_tx_shutdown_frame(struct port *, struct lldp_agent *, bool); + void process_tx_info_frame(struct port *, struct lldp_agent *); + void update_tx_timers(struct lldp_agent *); + void run_tx_timers_sm(struct port *, struct lldp_agent *); +diff --git a/lldp/tx.c b/lldp/tx.c +index 1b95208..9b36071 100644 +--- a/lldp/tx.c ++++ b/lldp/tx.c +@@ -270,7 +270,7 @@ void run_tx_sm(struct port *port, struct lldp_agent *agent) + process_tx_idle(agent); + break; + case TX_SHUTDOWN_FRAME: +- process_tx_shutdown_frame(port, agent); ++ process_tx_shutdown_frame(port, agent, true); + break; + case TX_INFO_FRAME: + process_tx_info_frame(port, agent); +@@ -330,8 +330,19 @@ void process_tx_idle(UNUSED struct lldp_agent *agent) + return; + } + +-void process_tx_shutdown_frame(struct port *port, struct lldp_agent *agent) ++/* we ignore 'state' value in the case that we have recently transitioned ++ * to the shutdown state (in the case of the 'tx' state change) to allow ++ * for transmitting the ttl==0 as required by the IEEE standard. */ ++void process_tx_shutdown_frame(struct port *port, struct lldp_agent *agent, ++ bool ignoreState) + { ++ if (agent->adminStatus != enabledRxTx && ++ agent->adminStatus != enabledTxOnly) { ++ if (!ignoreState) { ++ return; ++ } ++ } ++ + if (agent->timers.txShutdownWhile == 0) { + if (mibConstrShutdownLLDPDU(port, agent)) + txFrame(port, agent); +-- +2.33.0 + diff --git a/huawei-lldpad-stop-cause-coredump.patch b/huawei-lldpad-stop-cause-coredump.patch new file mode 100644 index 0000000000000000000000000000000000000000..25496cb57bb993d6a69c06480eaac295d4ddc5b6 --- /dev/null +++ b/huawei-lldpad-stop-cause-coredump.patch @@ -0,0 +1,25 @@ +From 175fc335301e78b7cf321faecd8b1430291e3723 Mon Sep 17 00:00:00 2001 +From: yangchen +Date: Thu, 10 Oct 2024 12:29:56 +0800 +Subject: [PATCH] lldpad stop cause coredump + +--- + lldp_dcbx.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/lldp_dcbx.c b/lldp_dcbx.c +index 66df857..1309c49 100644 +--- a/lldp_dcbx.c ++++ b/lldp_dcbx.c +@@ -369,6 +369,8 @@ static void dcbx_free_data(struct dcbd_user_data *dud) + if (dud) { + while (!LIST_EMPTY(&dud->head)) { + dd = LIST_FIRST(&dud->head); ++ if (dd->entry.le_next == NULL && dd->entry.le_prev == NULL) ++ break; + LIST_REMOVE(dd, entry); + dcbx_free_tlv(dd); + dcbx_free_manifest(dd->manifest); +-- +2.33.0 + diff --git a/huawei-set-send-timeout-to-10s.patch b/huawei-set-send-timeout-to-10s.patch new file mode 100644 index 0000000000000000000000000000000000000000..233af007b0a4f6a04b3d90d46e31029040729885 --- /dev/null +++ b/huawei-set-send-timeout-to-10s.patch @@ -0,0 +1,31 @@ +From c680a1d75af2e9b104ea92669872d74e9e8127b6 Mon Sep 17 00:00:00 2001 +From: yangchen +Date: Thu, 10 Oct 2024 12:32:41 +0800 +Subject: [PATCH] set send timeout to 10s + +set send timeout to 10s,avoid getting stuck in the send() function for a +long time when there is no space in send buffer +--- + lldp/l2_packet_linux.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/lldp/l2_packet_linux.c b/lldp/l2_packet_linux.c +index be9b8af..4ce5e76 100644 +--- a/lldp/l2_packet_linux.c ++++ b/lldp/l2_packet_linux.c +@@ -220,6 +220,12 @@ struct l2_packet_data * l2_packet_init( + ifname, MAC2STR(l2->curr_mac_addr), + MAC2STR(l2->perm_mac_addr), MAC2STR(l2->san_mac_addr)); + ++ struct timeval timeout; ++ timeout.tv_sec = 10; ++ timeout.tv_usec = 0; ++ socklen_t len = sizeof(timeout); ++ setsockopt(l2->fd, SOL_SOCKET, SO_SNDTIMEO, &timeout, len); ++ + struct packet_mreq mr; + memset(&mr, 0, sizeof(mr)); + mr.mr_ifindex = l2->ifindex; +-- +2.33.0 + diff --git a/lldpad.spec b/lldpad.spec index e198ba1c5544d58f9170f2bb4fe6f89fef9801ff..643187d5c305470f6c20ab90c0dc9aef359e2e58 100644 --- a/lldpad.spec +++ b/lldpad.spec @@ -4,7 +4,7 @@ Name: lldpad Version: 1.1.0 -Release: 2 +Release: 3 Summary: Intel LLDP Agent License: GPLv2 URL: https://www.open-lldp.org @@ -17,6 +17,14 @@ Patch4: backport-macvtap-fix-error-condition.patch Patch5: backport-vdp22-convert-command-parsing-to-null-term.patch Patch6: backport-lldptool-fix-null-pointer-deference.patch +Patch6000: backport-agent-reset-frame-status-on-message-delete.patch +Patch6001: backport-tx-when-operating-in-rx-only-mode-don-t-send-a-port-.patch +Patch6002: backport-event_iface-only-set-rcv-buf-size-if-too-small.patch +Patch6003: backport-tx-rename-variable.patch +Patch6004: backport-Avoiding-null-pointer-dereference.patch +Patch9000: huawei-lldpad-stop-cause-coredump.patch +Patch9001: huawei-set-send-timeout-to-10s.patch + BuildRequires: automake autoconf libtool flex kernel-headers libconfig-devel BuildRequires: libnl3-devel readline-devel systemd @@ -90,6 +98,12 @@ make check %{_mandir}/man*/* %changelog +* Thu Oct 10 2024 yangchen - 1.1.0-3 +- Type:bugfix +- CVE:NA +- SUG:NA +- DESC:sync bugfix patches + * Wed Feb 21 2024 liubo335 - 1.1.0-2 - Type:requirements - Id:NA