NetworkManager/NetworkManager-0.9.8.10-libnl-3.2.25.patch

From 8e4576b9fdb5c888d20a13aa2cc198df790dba54 Mon Sep 17 00:00:00 2001
From: Thomas Haller <thaller@redhat.com>
Date: Fri, 18 Jul 2014 13:34:33 +0200
Subject: netlink: fix crash in netlink-monitor validating netlink messages

The wrong callback data pointer was passed to the netlink message
validation function.

Since libnl commit 4dd5fdd0af2c0b7ffe1dbc49313f263dbb2e906f,
nl_socket_get_local_port() actually modifes the provided @sk
pointer. Hence, since libnl 3.2.25 NM will crash due to
this bug.

  #0  _nl_socket_generate_local_port_no_release (sk=0x715500) at socket.c:339
  #1  0x00007ffff76f3ad5 in nl_socket_get_local_port (sk=sk@entry=0x715500) at socket.c:369
  #2  0x000000000046b81a in event_msg_recv (msg=<optimized out>, arg=0x715500) at nm-netlink-monitor.c:204
  #3  0x00007ffff76f2604 in nl_cb_call (msg=0x71f240, type=5, cb=0x71f150) at ../include/netlink-private/netlink.h:141
  #4  recvmsgs (cb=0x71f150, sk=0x71f070) at nl.c:823
  #5  nl_recvmsgs_report (sk=sk@entry=0x71f070, cb=cb@entry=0x71f150) at nl.c:1003
  #6  0x00007ffff76f2bc9 in nl_recvmsgs (sk=sk@entry=0x71f070, cb=cb@entry=0x71f150) at nl.c:1027
  #7  0x00007ffff76ec6b8 in __cache_pickup (sk=sk@entry=0x71f070, cache=cache@entry=0x71f0c0, param=param@entry=0x7fffffffd3f0) at cache.c:701
  #8  0x00007ffff76ed0dd in nl_cache_pickup (sk=sk@entry=0x71f070, cache=cache@entry=0x71f0c0) at cache.c:753
  #9  0x00007ffff76ed2d8 in nl_cache_refill (sk=sk@entry=0x71f070, cache=cache@entry=0x71f0c0) at cache.c:983
  #10 0x00007ffff7b224db in rtnl_link_alloc_cache (sk=0x71f070, family=family@entry=0, result=result@entry=0x7154e0) at route/link.c:1029
  #11 0x000000000046c5f7 in sync_connection_setup (self=self@entry=0x715500, error=error@entry=0x7fffffffd4f8) at nm-netlink-monitor.c:412
  #12 0x000000000046c91f in nm_netlink_monitor_open_connection (self=0x715500, error=error@entry=0x7fffffffd4f8) at nm-netlink-monitor.c:447
  #13 0x000000000046cad7 in nm_netlink_monitor_get () at nm-netlink-monitor.c:840
  #14 0x00000000004558b9 in main (argc=1, argv=0x7fffffffd958) at main.c:527

Reported-by: Jan Engelhardt <jengelh@inai.de>
Fixes: 9fee99e1230580067efb33f3aaea0fddad5cfe66
Signed-off-by: Thomas Haller <thaller@redhat.com>

diff --git a/src/nm-netlink-monitor.c b/src/nm-netlink-monitor.c
index ba8053e..593dec9 100644
--- a/src/nm-netlink-monitor.c
+++ b/src/nm-netlink-monitor.c
@@ -285,7 +285,7 @@ nlh_setup (struct nl_sock *nlh,
 {
 	int err;
 
-	nl_socket_modify_cb (nlh, NL_CB_MSG_IN, NL_CB_CUSTOM, event_msg_recv, cb_data);
+	nl_socket_modify_cb (nlh, NL_CB_MSG_IN, NL_CB_CUSTOM, event_msg_recv, nlh);
 
 	if (valid_func)
 		nl_socket_modify_cb (nlh, NL_CB_VALID, NL_CB_CUSTOM, valid_func, cb_data);
-- 
cgit v0.10.2
added a patch to fix segfault with libnl 3.2.25 [release 0.9.8.10-3mamba;Sun Aug 24 2014] 2024-01-05 17:49:44 +01:00			`From 8e4576b9fdb5c888d20a13aa2cc198df790dba54 Mon Sep 17 00:00:00 2001`
			`From: Thomas Haller <thaller@redhat.com>`
			`Date: Fri, 18 Jul 2014 13:34:33 +0200`
			`Subject: netlink: fix crash in netlink-monitor validating netlink messages`

			`The wrong callback data pointer was passed to the netlink message`
			`validation function.`

			`Since libnl commit 4dd5fdd0af2c0b7ffe1dbc49313f263dbb2e906f,`
			`nl_socket_get_local_port() actually modifes the provided @sk`
			`pointer. Hence, since libnl 3.2.25 NM will crash due to`
			`this bug.`

			`#0 _nl_socket_generate_local_port_no_release (sk=0x715500) at socket.c:339`
			`#1 0x00007ffff76f3ad5 in nl_socket_get_local_port (sk=sk@entry=0x715500) at socket.c:369`
			`#2 0x000000000046b81a in event_msg_recv (msg=<optimized out>, arg=0x715500) at nm-netlink-monitor.c:204`
			`#3 0x00007ffff76f2604 in nl_cb_call (msg=0x71f240, type=5, cb=0x71f150) at ../include/netlink-private/netlink.h:141`
			`#4 recvmsgs (cb=0x71f150, sk=0x71f070) at nl.c:823`
			`#5 nl_recvmsgs_report (sk=sk@entry=0x71f070, cb=cb@entry=0x71f150) at nl.c:1003`
			`#6 0x00007ffff76f2bc9 in nl_recvmsgs (sk=sk@entry=0x71f070, cb=cb@entry=0x71f150) at nl.c:1027`
			`#7 0x00007ffff76ec6b8 in __cache_pickup (sk=sk@entry=0x71f070, cache=cache@entry=0x71f0c0, param=param@entry=0x7fffffffd3f0) at cache.c:701`
			`#8 0x00007ffff76ed0dd in nl_cache_pickup (sk=sk@entry=0x71f070, cache=cache@entry=0x71f0c0) at cache.c:753`
			`#9 0x00007ffff76ed2d8 in nl_cache_refill (sk=sk@entry=0x71f070, cache=cache@entry=0x71f0c0) at cache.c:983`
			`#10 0x00007ffff7b224db in rtnl_link_alloc_cache (sk=0x71f070, family=family@entry=0, result=result@entry=0x7154e0) at route/link.c:1029`
			`#11 0x000000000046c5f7 in sync_connection_setup (self=self@entry=0x715500, error=error@entry=0x7fffffffd4f8) at nm-netlink-monitor.c:412`
			`#12 0x000000000046c91f in nm_netlink_monitor_open_connection (self=0x715500, error=error@entry=0x7fffffffd4f8) at nm-netlink-monitor.c:447`
			`#13 0x000000000046cad7 in nm_netlink_monitor_get () at nm-netlink-monitor.c:840`
			`#14 0x00000000004558b9 in main (argc=1, argv=0x7fffffffd958) at main.c:527`

			`Reported-by: Jan Engelhardt <jengelh@inai.de>`
			`Fixes: 9fee99e1230580067efb33f3aaea0fddad5cfe66`
			`Signed-off-by: Thomas Haller <thaller@redhat.com>`

			`diff --git a/src/nm-netlink-monitor.c b/src/nm-netlink-monitor.c`
			`index ba8053e..593dec9 100644`
			`--- a/src/nm-netlink-monitor.c`
			`+++ b/src/nm-netlink-monitor.c`
			`@@ -285,7 +285,7 @@ nlh_setup (struct nl_sock *nlh,`
			`{`
			`int err;`

			`- nl_socket_modify_cb (nlh, NL_CB_MSG_IN, NL_CB_CUSTOM, event_msg_recv, cb_data);`
			`+ nl_socket_modify_cb (nlh, NL_CB_MSG_IN, NL_CB_CUSTOM, event_msg_recv, nlh);`

			`if (valid_func)`
			`nl_socket_modify_cb (nlh, NL_CB_VALID, NL_CB_CUSTOM, valid_func, cb_data);`
			`--`
			`cgit v0.10.2`