glusterfs: backport patch to fix a few CVEs

Backport a patch to fix the following CVEs. CVE: CVE-2018-10926 CVE: CVE-2018-10927 CVE: CVE-2018-10928 CVE: CVE-2018-10929 CVE: CVE-2018-10930 Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
author: Chen Qi <Qi.Chen@windriver.com> 2018-09-26 10:36:27 +0800
committer: Bruce Ashfield <bruce.ashfield@windriver.com> 2018-09-30 21:34:09 -0400
commit: 39e99a2096711591da2ee3379841108173c92d35 (patch)
tree: 9af7d8be795fe9e268770ef4f992b7ee0f99ad89
parent: 50e525538a193c5eb09da61fd78a7d77291ec0c2 (diff)
download: meta-cloud-services-39e99a2096711591da2ee3379841108173c92d35.tar.gz
2 files changed, 74 insertions, 0 deletions
diff --git a/recipes-extended/glusterfs/files/0003-server-protocol-don-t-allow-.-path-in-name.patch b/recipes-extended/glusterfs/files/0003-server-protocol-don-t-allow-.-path-in-name.patch
new file mode 100644
index 0000000..e6ef9e3
--- /dev/null
+++ b/recipes-extended/glusterfs/files/0003-server-protocol-don-t-allow-.-path-in-name.patch
@@ -0,0 +1,73 @@
+From b89658672d137ef56bd0694457b9125bf7d45ba4 Mon Sep 17 00:00:00 2001
+From: Amar Tumballi <amarts@redhat.com>
+Date: Thu, 9 Aug 2018 13:00:01 +0530
+Subject: [PATCH 3/7] server-protocol: don't allow '../' path in 'name'
+This will prevent any arbitrary file creation through glusterfs
+by modifying the client bits.
+Also check for the similar flaw inside posix too, so we prevent any
+changes in layers in-between.
+Fixes: bz#1625095
+Signed-off-by: Amar Tumballi <amarts@redhat.com>
+Change-Id: Id9fe0ef6e86459e8ed85ab947d977f058c5ae06e
+Upstream-Status: Backport
+Fix CVE-2018-10926
+Fix CVE-2018-10927
+Fix CVE-2018-10928
+Fix CVE-2018-10929
+Fix CVE-2018-10930
+Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
+---
+ xlators/protocol/server/src/server-resolve.c | 12 ++++++++++++
+ xlators/storage/posix/src/posix-handle.h     |  6 ++++++
+ 2 files changed, 18 insertions(+)
+diff --git a/xlators/protocol/server/src/server-resolve.c b/xlators/protocol/server/src/server-resolve.c
+index d0126aa..aa35685 100644
+--- a/xlators/protocol/server/src/server-resolve.c
+++ b/xlators/protocol/server/src/server-resolve.c
+@@ -294,6 +294,18 @@ resolve_entry_simple (call_frame_t *frame)
+         /* expected @parent was found from the inode cache */
+         gf_uuid_copy (state->loc_now->pargfid, resolve->pargfid);
+         state->loc_now->parent = inode_ref (parent);
+
+        if (strstr (resolve->bname, "../")) {
+                /* Resolving outside the parent's tree is not allowed */
+                gf_msg (this->name, GF_LOG_ERROR, EPERM,
+                        PS_MSG_GFID_RESOLVE_FAILED,
+                        "%s: path sent by client not allowed",
+                        resolve->bname);
+                resolve->op_ret   = -1;
+                resolve->op_errno = EPERM;
+                ret = 1;
+                goto out;
+        }
+         state->loc_now->name = resolve->bname;
+ 
+         inode = inode_grep (state->itable, parent, resolve->bname);
+diff --git a/xlators/storage/posix/src/posix-handle.h b/xlators/storage/posix/src/posix-handle.h
+index 9af6a7a..6e7a8d2 100644
+--- a/xlators/storage/posix/src/posix-handle.h
+++ b/xlators/storage/posix/src/posix-handle.h
+@@ -217,6 +217,12 @@
+                 break;                                                  \
+         }                                                               \
+                                                                         \
+        if (strstr (loc->name, "../")) {                                \
+                gf_msg (this->name, GF_LOG_ERROR, 0, P_MSG_ENTRY_HANDLE_CREATE, \
+                        "'../' in name not allowed: (%s)", loc->name); \
+                op_ret = -1;                                            \
+                break;                                                  \
+        }                                                               \
+         if (LOC_HAS_ABSPATH (loc)) {                                    \
+                 MAKE_REAL_PATH (entp, this, loc->path);                 \
+                 __parp = strdupa (entp);                                \
+-- 
+2.7.4
diff --git a/recipes-extended/glusterfs/glusterfs.inc b/recipes-extended/glusterfs/glusterfs.inc
index e332872..9a92c30 100644
--- a/recipes-extended/glusterfs/glusterfs.inc
+++ b/recipes-extended/glusterfs/glusterfs.inc
@@ -25,6 +25,7 @@ SRC_URI += "file://glusterd.init \
            file://0003-glusterfs-access-trusted-peer-group-via-remote-host-.patch \
            file://0001-dict-handle-negative-key-value-length-while-unserial.patch \
            file://0002-posix-disable-open-read-write-on-special-files.patch \
+            file://0003-server-protocol-don-t-allow-.-path-in-name.patch \
           "
 LICENSE = "(LGPLv3+ | GPLv2) & GPLv3+ & LGPLv3+ & GPLv2+ & LGPLv2+ & LGPLv2.1+ & Apache-2.0"
author	Chen Qi <Qi.Chen@windriver.com>	2018-09-26 10:36:27 +0800
committer	Bruce Ashfield <bruce.ashfield@windriver.com>	2018-09-30 21:34:09 -0400
commit	39e99a2096711591da2ee3379841108173c92d35 (patch)
tree	9af7d8be795fe9e268770ef4f992b7ee0f99ad89
parent	50e525538a193c5eb09da61fd78a7d77291ec0c2 (diff)
download	meta-cloud-services-39e99a2096711591da2ee3379841108173c92d35.tar.gz

diff --git a/recipes-extended/glusterfs/files/0003-server-protocol-don-t-allow-.-path-in-name.patch b/recipes-extended/glusterfs/files/0003-server-protocol-don-t-allow-.-path-in-name.patch new file mode 100644 index 0000000..e6ef9e3 --- /dev/null +++ b/recipes-extended/glusterfs/files/0003-server-protocol-don-t-allow-.-path-in-name.patch
@@ -0,0 +1,73 @@
		1	From b89658672d137ef56bd0694457b9125bf7d45ba4 Mon Sep 17 00:00:00 2001
		2	From: Amar Tumballi <amarts@redhat.com>
		3	Date: Thu, 9 Aug 2018 13:00:01 +0530
		4	Subject: [PATCH 3/7] server-protocol: don't allow '../' path in 'name'
		5
		6	This will prevent any arbitrary file creation through glusterfs
		7	by modifying the client bits.
		8
		9	Also check for the similar flaw inside posix too, so we prevent any
		10	changes in layers in-between.
		11
		12	Fixes: bz#1625095
		13
		14	Signed-off-by: Amar Tumballi <amarts@redhat.com>
		15	Change-Id: Id9fe0ef6e86459e8ed85ab947d977f058c5ae06e
		16
		17	Upstream-Status: Backport
		18
		19	Fix CVE-2018-10926
		20	Fix CVE-2018-10927
		21	Fix CVE-2018-10928
		22	Fix CVE-2018-10929
		23	Fix CVE-2018-10930
		24
		25	Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
		26	---
		27	xlators/protocol/server/src/server-resolve.c \| 12 ++++++++++++
		28	xlators/storage/posix/src/posix-handle.h \| 6 ++++++
		29	2 files changed, 18 insertions(+)
		30
		31	diff --git a/xlators/protocol/server/src/server-resolve.c b/xlators/protocol/server/src/server-resolve.c
		32	index d0126aa..aa35685 100644
		33	--- a/xlators/protocol/server/src/server-resolve.c
		34	+++ b/xlators/protocol/server/src/server-resolve.c
		35	@@ -294,6 +294,18 @@ resolve_entry_simple (call_frame_t *frame)
		36	/* expected @parent was found from the inode cache */
		37	gf_uuid_copy (state->loc_now->pargfid, resolve->pargfid);
		38	state->loc_now->parent = inode_ref (parent);
		39	+
		40	+ if (strstr (resolve->bname, "../")) {
		41	+ /* Resolving outside the parent's tree is not allowed */
		42	+ gf_msg (this->name, GF_LOG_ERROR, EPERM,
		43	+ PS_MSG_GFID_RESOLVE_FAILED,
		44	+ "%s: path sent by client not allowed",
		45	+ resolve->bname);
		46	+ resolve->op_ret = -1;
		47	+ resolve->op_errno = EPERM;
		48	+ ret = 1;
		49	+ goto out;
		50	+ }
		51	state->loc_now->name = resolve->bname;
		52
		53	inode = inode_grep (state->itable, parent, resolve->bname);
		54	diff --git a/xlators/storage/posix/src/posix-handle.h b/xlators/storage/posix/src/posix-handle.h
		55	index 9af6a7a..6e7a8d2 100644
		56	--- a/xlators/storage/posix/src/posix-handle.h
		57	+++ b/xlators/storage/posix/src/posix-handle.h
		58	@@ -217,6 +217,12 @@
		59	break; \
		60	} \
		61	\
		62	+ if (strstr (loc->name, "../")) { \
		63	+ gf_msg (this->name, GF_LOG_ERROR, 0, P_MSG_ENTRY_HANDLE_CREATE, \
		64	+ "'../' in name not allowed: (%s)", loc->name); \
		65	+ op_ret = -1; \
		66	+ break; \
		67	+ } \
		68	if (LOC_HAS_ABSPATH (loc)) { \
		69	MAKE_REAL_PATH (entp, this, loc->path); \
		70	__parp = strdupa (entp); \
		71	--
		72	2.7.4
		73


diff --git a/recipes-extended/glusterfs/glusterfs.inc b/recipes-extended/glusterfs/glusterfs.inc index e332872..9a92c30 100644 --- a/recipes-extended/glusterfs/glusterfs.inc +++ b/recipes-extended/glusterfs/glusterfs.inc
@@ -25,6 +25,7 @@ SRC_URI += "file://glusterd.init \
25	file://0003-glusterfs-access-trusted-peer-group-via-remote-host-.patch \	25	file://0003-glusterfs-access-trusted-peer-group-via-remote-host-.patch \
26	file://0001-dict-handle-negative-key-value-length-while-unserial.patch \	26	file://0001-dict-handle-negative-key-value-length-while-unserial.patch \
27	file://0002-posix-disable-open-read-write-on-special-files.patch \	27	file://0002-posix-disable-open-read-write-on-special-files.patch \
		28	file://0003-server-protocol-don-t-allow-.-path-in-name.patch \
28	"	29	"
29		30
30	LICENSE = "(LGPLv3+ \| GPLv2) & GPLv3+ & LGPLv3+ & GPLv2+ & LGPLv2+ & LGPLv2.1+ & Apache-2.0"	31	LICENSE = "(LGPLv3+ \| GPLv2) & GPLv3+ & LGPLv3+ & GPLv2+ & LGPLv2+ & LGPLv2.1+ & Apache-2.0"