File _service:obs_scm:backport-fix-crashes-in-case-o... of Package libnl3

File _service:obs_scm:backport-fix-crashes-in-case-of-ENOMEM.patch of Package libnl3

From 49c20efaa783449dca424cc50e4ee4b2fc5351cc Mon Sep 17 00:00:00 2001
From: Thomas Haller <thaller@redhat.com>
Date: Mon, 27 Nov 2023 21:15:06 +0100
Subject: [PATCH] xfrm: fix crashes in case of ENOMEM

Conflict:The pre-optimization patch 9e7b5c8 is not integrated. As a result, context adaptation occurs.
Reference:https://github.com/thom311/libnl/commit/49c20efaa783449dca424cc50e4ee4b2fc5351cc

---
 lib/xfrm/ae.c | 11 +++++++--
 lib/xfrm/sa.c | 64 ++++++++++++++++++++++++++++++++++++++++-----------
 lib/xfrm/sp.c | 40 +++++++++++++++++++++++++-------
 3 files changed, 91 insertions(+), 24 deletions(-)

diff --git a/lib/xfrm/ae.c b/lib/xfrm/ae.c
index 69c8e7e..44c43ed 100644
--- a/lib/xfrm/ae.c
+++ b/lib/xfrm/ae.c
@@ -506,11 +506,18 @@ int xfrmnl_ae_parse(struct nlmsghdr *n, struct xfrmnl_ae **result)
 	if (err < 0)
 		goto errout;
 
-	ae->sa_id.daddr = nl_addr_build(ae_id->sa_id.family, &ae_id->sa_id.daddr, sizeof (ae_id->sa_id.daddr));
+	if (!(ae->sa_id.daddr = nl_addr_build(ae_id->sa_id.family, &ae_id->sa_id.daddr,
+					       sizeof (ae_id->sa_id.daddr)))) {
+		err = -NLE_NOMEM;
+		goto errout;
+	}
 	ae->sa_id.family= ae_id->sa_id.family;
 	ae->sa_id.spi   = ntohl(ae_id->sa_id.spi);
 	ae->sa_id.proto = ae_id->sa_id.proto;
-	ae->saddr       = nl_addr_build(ae_id->sa_id.family, &ae_id->saddr, sizeof (ae_id->saddr));
+	if (!(ae->saddr = nl_addr_build(ae_id->sa_id.family, &ae_id->saddr, sizeof (ae_id->saddr)))) {
+		err = -NLE_NOMEM;
+		goto errout;
+	}
 	ae->reqid       = ae_id->reqid;
 	ae->flags       = ae_id->flags;
 	ae->ce_mask |= (XFRM_AE_ATTR_DADDR | XFRM_AE_ATTR_FAMILY | XFRM_AE_ATTR_SPI |
diff --git a/lib/xfrm/sa.c b/lib/xfrm/sa.c
index 90b6335..ea0d333 100644
--- a/lib/xfrm/sa.c
+++ b/lib/xfrm/sa.c
@@ -718,9 +718,15 @@ int xfrmnl_sa_parse(struct nlmsghdr *n, struct xfrmnl_sa **result)
 		goto errout;
 
 	if (sa_info->sel.family == AF_INET)
-		addr    = nl_addr_build (sa_info->sel.family, &sa_info->sel.daddr.a4, sizeof (sa_info->sel.daddr.a4));
+		if (!(addr = nl_addr_build (sa_info->sel.family, &sa_info->sel.daddr.a4, sizeof (sa_info->sel.daddr.a4)))) {
+			err = -NLE_NOMEM;
+			goto errout;
+		}
 	else
-		addr    = nl_addr_build (sa_info->sel.family, &sa_info->sel.daddr.a6, sizeof (sa_info->sel.daddr.a6));
+		if (!(addr = nl_addr_build (sa_info->sel.family, &sa_info->sel.daddr.a6, sizeof (sa_info->sel.daddr.a6)))) {
+			err = -NLE_NOMEM;
+			goto errout;
+		}
 	nl_addr_set_prefixlen (addr, sa_info->sel.prefixlen_d);
 	xfrmnl_sel_set_daddr (sa->sel, addr);
 	/* Drop the reference count from the above set operation */
@@ -728,9 +734,15 @@ int xfrmnl_sa_parse(struct nlmsghdr *n, struct xfrmnl_sa **result)
 	xfrmnl_sel_set_prefixlen_d (sa->sel, sa_info->sel.prefixlen_d);
 
 	if (sa_info->sel.family == AF_INET)
-		addr    = nl_addr_build (sa_info->sel.family, &sa_info->sel.saddr.a4, sizeof (sa_info->sel.saddr.a4));
+		if (!(addr = nl_addr_build (sa_info->sel.family, &sa_info->sel.saddr.a4, sizeof (sa_info->sel.saddr.a4)))) {
+			err = -NLE_NOMEM;
+			goto errout;
+		}
 	else
-		addr    = nl_addr_build (sa_info->sel.family, &sa_info->sel.saddr.a6, sizeof (sa_info->sel.saddr.a6));
+		if (!(addr = nl_addr_build (sa_info->sel.family, &sa_info->sel.saddr.a6, sizeof (sa_info->sel.saddr.a6)))) {
+			err = -NLE_NOMEM;
+                        goto errout;
+                }
 	nl_addr_set_prefixlen (addr, sa_info->sel.prefixlen_s);
 	xfrmnl_sel_set_saddr (sa->sel, addr);
 	/* Drop the reference count from the above set operation */
@@ -748,17 +760,29 @@ int xfrmnl_sa_parse(struct nlmsghdr *n, struct xfrmnl_sa **result)
 	sa->ce_mask             |= XFRM_SA_ATTR_SEL;
 
 	if (sa_info->family == AF_INET)
-		sa->id.daddr        = nl_addr_build (sa_info->family, &sa_info->id.daddr.a4, sizeof (sa_info->id.daddr.a4));
+		if (!(sa->id.daddr = nl_addr_build (sa_info->family, &sa_info->id.daddr.a4, sizeof (sa_info->id.daddr.a4)))) {
+			err = -NLE_NOMEM;
+			goto errout;
+		}
 	else
-		sa->id.daddr        = nl_addr_build (sa_info->family, &sa_info->id.daddr.a6, sizeof (sa_info->id.daddr.a6));
+		if (!(sa->id.daddr = nl_addr_build (sa_info->family, &sa_info->id.daddr.a6, sizeof (sa_info->id.daddr.a6)))) {
+			err = -NLE_NOMEM;
+			goto errout;
+		}	
 	sa->id.spi              = ntohl(sa_info->id.spi);
 	sa->id.proto            = sa_info->id.proto;
 	sa->ce_mask             |= (XFRM_SA_ATTR_DADDR | XFRM_SA_ATTR_SPI | XFRM_SA_ATTR_PROTO);
 
 	if (sa_info->family == AF_INET)
-		sa->saddr           = nl_addr_build (sa_info->family, &sa_info->saddr.a4, sizeof (sa_info->saddr.a4));
+		if (!(sa->saddr = nl_addr_build (sa_info->family, &sa_info->saddr.a4, sizeof (sa_info->saddr.a4)))) {
+			err = -NLE_NOMEM;
+			goto errout;
+		}	
 	else
-		sa->saddr           = nl_addr_build (sa_info->family, &sa_info->saddr.a6, sizeof (sa_info->saddr.a6));
+		if (!(sa->saddr = nl_addr_build (sa_info->family, &sa_info->saddr.a6, sizeof (sa_info->saddr.a6)))) {
+			err = -NLE_NOMEM;
+			goto errout;
+		}
 	sa->ce_mask             |= XFRM_SA_ATTR_SADDR;
 
 	sa->lft->soft_byte_limit    =   sa_info->lft.soft_byte_limit;
@@ -866,9 +890,15 @@ int xfrmnl_sa_parse(struct nlmsghdr *n, struct xfrmnl_sa **result)
 		sa->encap->encap_sport  =   ntohs(encap->encap_sport);
 		sa->encap->encap_dport  =   ntohs(encap->encap_dport);
 		if (sa_info->family == AF_INET)
-			sa->encap->encap_oa =   nl_addr_build (sa_info->family, &encap->encap_oa.a4, sizeof (encap->encap_oa.a4));
+			if (!(sa->encap->encap_oa = nl_addr_build (sa_info->family, &encap->encap_oa.a4, sizeof (encap->encap_oa.a4)))) {
+				err = -NLE_NOMEM;
+				goto errout;
+			}		
 		else
-			sa->encap->encap_oa =   nl_addr_build (sa_info->family, &encap->encap_oa.a6, sizeof (encap->encap_oa.a6));
+			if (!(sa->encap->encap_oa = nl_addr_build (sa_info->family, &encap->encap_oa.a6, sizeof (encap->encap_oa.a6)))) {
+				err = -NLE_NOMEM;
+				goto errout;
+			}
 		sa->ce_mask     |= XFRM_SA_ATTR_ENCAP;
 	}
 
@@ -880,13 +910,19 @@ int xfrmnl_sa_parse(struct nlmsghdr *n, struct xfrmnl_sa **result)
 	if (tb[XFRMA_COADDR]) {
 		if (sa_info->family == AF_INET)
 		{
-			sa->coaddr  = nl_addr_build(sa_info->family, nla_data(tb[XFRMA_COADDR]),
-			                            sizeof (uint32_t));
+			if (!(sa->coaddr = nl_addr_build(
+					sa_info->family, nla_data(tb[XFRMA_COADDR]), sizeof (uint32_t)))) {
+				err = -NLE_NOMEM;
+				goto errout;
+			}	
 		}
 		else
 		{
-			sa->coaddr  = nl_addr_build(sa_info->family, nla_data(tb[XFRMA_COADDR]),
-			                            sizeof (uint32_t) * 4);
+			if (!(sa->coaddr = nl_addr_build(
+					sa_info->family, nla_data(tb[XFRMA_COADDR]), sizeof (uint32_t) * 4))) {
+				err = -NLE_NOMEM;
+				goto errout;
+			}
 		}
 		sa->ce_mask         |= XFRM_SA_ATTR_COADDR;
 	}
diff --git a/lib/xfrm/sp.c b/lib/xfrm/sp.c
index d3d9778..38002da 100644
--- a/lib/xfrm/sp.c
+++ b/lib/xfrm/sp.c
@@ -558,9 +558,15 @@ int xfrmnl_sp_parse(struct nlmsghdr *n, struct xfrmnl_sp **result)
 	}
 
 	if (sp_info->sel.family == AF_INET)
-		addr    = nl_addr_build (sp_info->sel.family, &sp_info->sel.daddr.a4, sizeof (sp_info->sel.daddr.a4));
+		if (!(addr = nl_addr_build (sp_info->sel.family, &sp_info->sel.daddr.a4, sizeof (sp_info->sel.daddr.a4)))) {
+			err = -NLE_NOMEM;
+			goto errout;
+		}
 	else
-		addr    = nl_addr_build (sp_info->sel.family, &sp_info->sel.daddr.a6, sizeof (sp_info->sel.daddr.a6));
+		if (!(addr = nl_addr_build (sp_info->sel.family, &sp_info->sel.daddr.a6, sizeof (sp_info->sel.daddr.a6)))) {
+			err = -NLE_NOMEM;
+			goto errout;
+		}
 	nl_addr_set_prefixlen (addr, sp_info->sel.prefixlen_d);
 	xfrmnl_sel_set_daddr (sp->sel, addr);
 	/* Drop the reference count from the above set operation */
@@ -568,9 +574,15 @@ int xfrmnl_sp_parse(struct nlmsghdr *n, struct xfrmnl_sp **result)
 	xfrmnl_sel_set_prefixlen_d (sp->sel, sp_info->sel.prefixlen_d);
 
 	if (sp_info->sel.family == AF_INET)
-		addr    = nl_addr_build (sp_info->sel.family, &sp_info->sel.saddr.a4, sizeof (sp_info->sel.saddr.a4));
+		if (!(addr = nl_addr_build (sp_info->sel.family, &sp_info->sel.saddr.a4, sizeof (sp_info->sel.saddr.a4)))) {
+			err = -NLE_NOMEM;
+			goto errout;
+		}
 	else
-		addr    = nl_addr_build (sp_info->sel.family, &sp_info->sel.saddr.a6, sizeof (sp_info->sel.saddr.a6));
+		if (!(addr = nl_addr_build (sp_info->sel.family, &sp_info->sel.saddr.a6, sizeof (sp_info->sel.saddr.a6)))) {
+			err = -NLE_NOMEM;
+			goto errout;
+		}
 	nl_addr_set_prefixlen (addr, sp_info->sel.prefixlen_s);
 	xfrmnl_sel_set_saddr (sp->sel, addr);
 	/* Drop the reference count from the above set operation */
@@ -647,9 +659,15 @@ int xfrmnl_sp_parse(struct nlmsghdr *n, struct xfrmnl_sp **result)
 			}
 
 			if (tmpl->family == AF_INET)
-				addr = nl_addr_build(tmpl->family, &tmpl->id.daddr.a4, sizeof (tmpl->id.daddr.a4));
+				if (!(addr = nl_addr_build(tmpl->family, &tmpl->id.daddr.a4, sizeof (tmpl->id.daddr.a4)))) {
+					err = -NLE_NOMEM;
+					goto errout;
+				}
 			else
-				addr = nl_addr_build(tmpl->family, &tmpl->id.daddr.a6, sizeof (tmpl->id.daddr.a6));
+				if (!(addr = nl_addr_build(tmpl->family, &tmpl->id.daddr.a6, sizeof (tmpl->id.daddr.a6)))) {
+					err = -NLE_NOMEM;
+					goto errout;
+				}
 			xfrmnl_user_tmpl_set_daddr (sputmpl, addr);
 			/* Drop the reference count from the above set operation */
 			nl_addr_put(addr);
@@ -658,9 +676,15 @@ int xfrmnl_sp_parse(struct nlmsghdr *n, struct xfrmnl_sp **result)
 			xfrmnl_user_tmpl_set_family (sputmpl, tmpl->family);
 
 			if (tmpl->family == AF_INET)
-				addr = nl_addr_build(tmpl->family, &tmpl->saddr.a4, sizeof (tmpl->saddr.a4));
+				if (!(addr = nl_addr_build(tmpl->family, &tmpl->saddr.a4, sizeof (tmpl->saddr.a4)))) {
+					err = -NLE_NOMEM;
+					goto errout;
+				}
 			else
-				addr = nl_addr_build(tmpl->family, &tmpl->saddr.a6, sizeof (tmpl->saddr.a6));
+				if (!(addr = nl_addr_build(tmpl->family, &tmpl->saddr.a6, sizeof (tmpl->saddr.a6)))) {
+					err = -NLE_NOMEM;
+					goto errout;
+				}	
 			xfrmnl_user_tmpl_set_saddr (sputmpl, addr);
 			/* Drop the reference count from the above set operation */
 			nl_addr_put(addr);
-- 
2.33.0