diff --git a/backport-fix-possible-NULL-dereference-in-fec_mode_walk.patch b/backport-fix-possible-NULL-dereference-in-fec_mode_walk.patch new file mode 100644 index 0000000000000000000000000000000000000000..dc3f4f7ed7e2e416e947982332f7c838efd90cc3 --- /dev/null +++ b/backport-fix-possible-NULL-dereference-in-fec_mode_walk.patch @@ -0,0 +1,39 @@ +From 33fffbbdc12d71b3bb23acd04b97ce1b485f3c60 Mon Sep 17 00:00:00 2001 +From: AntonMoryakov +Date: Sun, 18 May 2025 16:18:18 +0300 +Subject: fec: fix possible NULL dereference in fec_mode_walk() + +Static analyzer (Svace) reported a possible null pointer dereference +in fec_mode_walk(), where the 'name' pointer is passed to print_string() +without checking for NULL. + +Although some callers check the return value of get_string(), others +(e.g., walk_bitset()) do not. This patch adds an early NULL check +to avoid dereferencing a null pointer. + +This resolves: +DEREF_OF_NULL.EX.COND: json_print.c:142 via fec.c + +Found by Svace static analysis tool. + +Signed-off-by: Anton Moryakov +--- + netlink/fec.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/netlink/fec.c b/netlink/fec.c +index 6027dc0..ed100d7 100644 +--- a/netlink/fec.c ++++ b/netlink/fec.c +@@ -27,6 +27,8 @@ fec_mode_walk(unsigned int idx, const char *name, bool val, void *data) + + if (!val) + return; ++ if (!name) ++ return; + if (empty) + *empty = false; + +-- +2.23.0 + diff --git a/backport-fix-potential-NULL-dereference-in-print_rss_hkey.patch b/backport-fix-potential-NULL-dereference-in-print_rss_hkey.patch new file mode 100644 index 0000000000000000000000000000000000000000..8a2ae73fe0d26f5d6979690c9105043a7938ca31 --- /dev/null +++ b/backport-fix-potential-NULL-dereference-in-print_rss_hkey.patch @@ -0,0 +1,42 @@ +From f111e854d99e3284893ef59efcfb6e5a5857d396 Mon Sep 17 00:00:00 2001 +From: AntonMoryakov +Date: Sun, 18 May 2025 16:08:28 +0300 +Subject: common: fix potential NULL dereference in print_rss_hkey() + +Static analyzer (Svace) reported a possible null pointer dereference +in print_rss_hkey(). Specifically, when the 'hkey' pointer is NULL, +the function continues execution after printing an error message, +leading to dereferencing hkey[i]. + +This patch adds an early return after the NULL check to prevent +execution from continuing in such cases. + +This resolves: +DEREF_AFTER_NULL: common.c:209 + +Found by Svace static analysis tool. + +Signed-off-by: Anton Moryakov +--- + common.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/common.c b/common.c +index b8fd4d5..86b6a93 100644 +--- a/common.c ++++ b/common.c +@@ -199,8 +199,10 @@ void print_rss_hkey(u8 *hkey, u32 hkey_size) + u32 i; + + printf("RSS hash key:\n"); +- if (!hkey_size || !hkey) ++ if (!hkey_size || !hkey) { + printf("Operation not supported\n"); ++ return; ++ } + + for (i = 0; i < hkey_size; i++) { + if (i == (hkey_size - 1)) +-- +2.23.0 + diff --git a/ethtool.spec b/ethtool.spec index dcc65a4bee6e7b78130eceabba8965a0255bd344..486ad3e1ab82449a63a8ec2a6e75ef2e6966145b 100644 --- a/ethtool.spec +++ b/ethtool.spec @@ -1,7 +1,7 @@ Name: ethtool Epoch: 2 Version: 6.6 -Release: 3 +Release: 7 Summary: Settings tool for Ethernet NICs License: GPL-2.0-only AND GPL-2.0-or-later URL: https://www.kernel.org/pub/software/network/ethtool @@ -13,6 +13,8 @@ Patch2: backport-net-ethtool-Add-default-branch-to-sff8636_show_all_i.pa Patch3: backport-qsfp-Better-handling-of-Page-03h-netlink-read-failur.patch Patch4: backport-module-eeprom-treat-zero-arguments-like-any-other-ar.patch Patch5: backport-qsf-Better-handling-of-Page-A2h-netlink-read-failure.patch +Patch6: backport-fix-possible-NULL-dereference-in-fec_mode_walk.patch +Patch7: backport-fix-potential-NULL-dereference-in-print_rss_hkey.patch BuildRequires: gcc BuildRequires: libmnl-devel @@ -60,6 +62,12 @@ make check %{_mandir}/man8/%{name}.8* %changelog +* Tue Aug 12 2025 yanglu - 2:6.6-7 +- Type:bugfix +- Id:NA +- SUG:NA +- DESC:fix potential NULL dereference in print_rss_hkey and fec_mode_walk + * Wed Jul 30 2025 andy - 2:6.6-3 - Type:requirement - Id:NA