glusterfs: Revert a CVE patch, CVE-2018-10924

The CVE issue exists in v3.12 series and above. Introduced by: [http://git.gluster.org/cgit/glusterfs.git/commit/? id=51dfc9c789b8405f595a337eade938aedcb449c4] More infomation, please see: [https://security-tracker.debian.org/tracker/CVE-2018-10924] The version v3.11.1 doesn't have the issue. So we should revert the CVE-2018-10924. Signed-off-by: Hongzhi.Song <hongzhi.song@windriver.com> Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
author: Hongzhi.Song <hongzhi.song@windriver.com> 2018-10-30 22:11:58 -0400
committer: Bruce Ashfield <bruce.ashfield@windriver.com> 2018-10-31 08:49:24 -0400
commit: 4262e890cacaa14ebe78086fbf774c8c2bda92f1 (patch)
tree: b4a03dea5e3b73cde4ba355ae455225a8b6dc7d1
parent: 3fce8e6cb68bbb4933d60442f62d2f70ddc6a0fc (diff)
download: meta-cloud-services-4262e890cacaa14ebe78086fbf774c8c2bda92f1.tar.gz
2 files changed, 0 insertions, 136 deletions
diff --git a/recipes-extended/glusterfs/files/0005-cluster-afr-Fix-dict-leak-in-pre-op.patch b/recipes-extended/glusterfs/files/0005-cluster-afr-Fix-dict-leak-in-pre-op.patch
deleted file mode 100644
index d218a22..0000000
--- a/recipes-extended/glusterfs/files/0005-cluster-afr-Fix-dict-leak-in-pre-op.patch
+++ /dev/null
@@ -1,135 +0,0 @@
-From f4dddd7727988b8077b2da577e195621d5bac9c7 Mon Sep 17 00:00:00 2001
-From: Chen Qi <Qi.Chen@windriver.com>
-Date: Tue, 25 Sep 2018 15:23:10 +0800
-Subject: [PATCH 5/7] cluster/afr: Fix dict-leak in pre-op
-At the time of pre-op, pre_op_xdata is populted with the xattrs we get from the
-disk and at the time of post-op it gets over-written without unreffing the
-previous value stored leading to a leak.
-This is a regression we missed in
-https://review.gluster.org/#/q/ba149bac92d169ae2256dbc75202dc9e5d06538e
-BUG: 1550078
-Change-Id: I0456f9ad6f77ce6248b747964a037193af3a3da7
-Signed-off-by: Pranith Kumar K <pkarampu@redhat.com>
-Upstream-Status: Backport
-Fix CVE-2018-10924
-Modified for this old glusterfs version.
-Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
---
- xlators/cluster/afr/src/afr-common.c      | 14 +++++++-------
- xlators/cluster/afr/src/afr-transaction.c | 20 ++++++++++----------
- xlators/cluster/afr/src/afr.h             |  4 ++--
- 3 files changed, 19 insertions(+), 19 deletions(-)
-diff --git a/xlators/cluster/afr/src/afr-common.c b/xlators/cluster/afr/src/afr-common.c
-index 0643204..85150a0 100644
--- a/xlators/cluster/afr/src/afr-common.c
-+++ b/xlators/cluster/afr/src/afr-common.c
-@@ -1673,13 +1673,13 @@ afr_local_transaction_cleanup (afr_local_t *local, xlator_t *this)
-         GF_FREE (local->transaction.pre_op);
- 
-         GF_FREE (local->transaction.pre_op_sources);
-        if (local->transaction.pre_op_xdata) {
-+        if (local->transaction.changelog_xdata) {
-                 for (i = 0; i < priv->child_count; i++) {
-                        if (!local->transaction.pre_op_xdata[i])
-+                        if (!local->transaction.changelog_xdata[i])
-                                 continue;
-                        dict_unref (local->transaction.pre_op_xdata[i]);
-+                        dict_unref (local->transaction.changelog_xdata[i]);
-                 }
-                GF_FREE (local->transaction.pre_op_xdata);
-+                GF_FREE (local->transaction.changelog_xdata);
-         }
- 
-         GF_FREE (local->transaction.eager_lock);
-@@ -5396,10 +5396,10 @@ afr_transaction_local_init (afr_local_t *local, xlator_t *this)
-                 goto out;
- 
-         if (priv->arbiter_count == 1) {
-                local->transaction.pre_op_xdata =
-                        GF_CALLOC (sizeof (*local->transaction.pre_op_xdata),
-+                local->transaction.changelog_xdata =
-+                        GF_CALLOC (sizeof (*local->transaction.changelog_xdata),
-                                    priv->child_count, gf_afr_mt_dict_t);
-                if (!local->transaction.pre_op_xdata)
-+                if (!local->transaction.changelog_xdata)
-                         goto out;
- 
-                 local->transaction.pre_op_sources =
-diff --git a/xlators/cluster/afr/src/afr-transaction.c b/xlators/cluster/afr/src/afr-transaction.c
-index 35621d9..c9a4474 100644
--- a/xlators/cluster/afr/src/afr-transaction.c
-+++ b/xlators/cluster/afr/src/afr-transaction.c
-@@ -276,9 +276,9 @@ afr_compute_pre_op_sources (call_frame_t *frame, xlator_t *this)
-         matrix = ALLOC_MATRIX (priv->child_count, int);
- 
-         for (i = 0; i < priv->child_count; i++) {
-                if (!local->transaction.pre_op_xdata[i])
-+                if (!local->transaction.changelog_xdata[i])
-                         continue;
-                xdata = local->transaction.pre_op_xdata[i];
-+                xdata = local->transaction.changelog_xdata[i];
-                 afr_selfheal_fill_matrix (this, matrix, i, idx, xdata);
-         }
- 
-@@ -295,13 +295,6 @@ afr_compute_pre_op_sources (call_frame_t *frame, xlator_t *this)
-                 for (j = 0; j < priv->child_count; j++)
-                         if (matrix[i][j] != 0)
-                                 local->transaction.pre_op_sources[j] = 0;
-
-        /*We don't need the xattrs any more. */
-        for (i = 0; i < priv->child_count; i++)
-                if (local->transaction.pre_op_xdata[i]) {
-                        dict_unref (local->transaction.pre_op_xdata[i]);
-                        local->transaction.pre_op_xdata[i] = NULL;
-                }
- }
- 
- gf_boolean_t
-@@ -1175,7 +1168,7 @@ afr_changelog_cbk (call_frame_t *frame, void *cookie, xlator_t *this,
- 
-         if (priv->arbiter_count == 1 && !op_ret) {
-                 if (xattr)
-                        local->transaction.pre_op_xdata[child_index] =
-+                        local->transaction.changelog_xdata[child_index] =
-                                                                dict_ref (xattr);
-         }
- 
-@@ -1608,6 +1601,13 @@ afr_changelog_do (call_frame_t *frame, xlator_t *this, dict_t *xattr,
-        local = frame->local;
-        priv = this->private;
- 
-+        for (i = 0; i < priv->child_count; i++) {
-+                if (local->transaction.changelog_xdata[i]) {
-+                        dict_unref (local->transaction.changelog_xdata[i]);
-+                        local->transaction.changelog_xdata[i] = NULL;
-+                }
-+        }
-+
-         ret = afr_changelog_prepare (this, frame, &call_count, changelog_resume,
-                                      op, &xdata, &newloc_xdata);
- 
-diff --git a/xlators/cluster/afr/src/afr.h b/xlators/cluster/afr/src/afr.h
-index cf736ed..2854153 100644
--- a/xlators/cluster/afr/src/afr.h
-+++ b/xlators/cluster/afr/src/afr.h
-@@ -737,8 +737,8 @@ typedef struct _afr_local {
- 
-                 unsigned char   *pre_op;
- 
-                /* For arbiter configuration only. */
-                dict_t **pre_op_xdata;
-+                /* Changelog xattr dict for [f]xattrop*/
-+                dict_t **changelog_xdata;
-                 unsigned char *pre_op_sources;
- 
-                /* @failed_subvols: subvolumes on which a pre-op or a
-- 
-2.7.4
diff --git a/recipes-extended/glusterfs/glusterfs.inc b/recipes-extended/glusterfs/glusterfs.inc
index 8243f28..f7d3cc3 100644
--- a/recipes-extended/glusterfs/glusterfs.inc
+++ b/recipes-extended/glusterfs/glusterfs.inc
@@ -27,7 +27,6 @@ SRC_URI += "file://glusterd.init \
            file://0002-posix-disable-open-read-write-on-special-files.patch \
            file://0003-server-protocol-don-t-allow-.-path-in-name.patch \
            file://0004-io-stats-dump-io-stats-info-in-var-run-gluster.patch \
-            file://0005-cluster-afr-Fix-dict-leak-in-pre-op.patch \
            file://0006-posix-remove-not-supported-get-set-content.patch \
            file://0007-protocol-don-t-use-alloca.patch \
           "
author	Hongzhi.Song <hongzhi.song@windriver.com>	2018-10-30 22:11:58 -0400
committer	Bruce Ashfield <bruce.ashfield@windriver.com>	2018-10-31 08:49:24 -0400
commit	4262e890cacaa14ebe78086fbf774c8c2bda92f1 (patch)
tree	b4a03dea5e3b73cde4ba355ae455225a8b6dc7d1
parent	3fce8e6cb68bbb4933d60442f62d2f70ddc6a0fc (diff)
download	meta-cloud-services-4262e890cacaa14ebe78086fbf774c8c2bda92f1.tar.gz

diff --git a/recipes-extended/glusterfs/files/0005-cluster-afr-Fix-dict-leak-in-pre-op.patch b/recipes-extended/glusterfs/files/0005-cluster-afr-Fix-dict-leak-in-pre-op.patch deleted file mode 100644 index d218a22..0000000 --- a/recipes-extended/glusterfs/files/0005-cluster-afr-Fix-dict-leak-in-pre-op.patch +++ /dev/null
@@ -1,135 +0,0 @@
1	From f4dddd7727988b8077b2da577e195621d5bac9c7 Mon Sep 17 00:00:00 2001
2	From: Chen Qi <Qi.Chen@windriver.com>
3	Date: Tue, 25 Sep 2018 15:23:10 +0800
4	Subject: [PATCH 5/7] cluster/afr: Fix dict-leak in pre-op
5
6	At the time of pre-op, pre_op_xdata is populted with the xattrs we get from the
7	disk and at the time of post-op it gets over-written without unreffing the
8	previous value stored leading to a leak.
9	This is a regression we missed in
10	https://review.gluster.org/#/q/ba149bac92d169ae2256dbc75202dc9e5d06538e
11
12	BUG: 1550078
13	Change-Id: I0456f9ad6f77ce6248b747964a037193af3a3da7
14	Signed-off-by: Pranith Kumar K <pkarampu@redhat.com>
15
16	Upstream-Status: Backport
17
18	Fix CVE-2018-10924
19
20	Modified for this old glusterfs version.
21
22	Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
23	---
24	xlators/cluster/afr/src/afr-common.c \| 14 +++++++-------
25	xlators/cluster/afr/src/afr-transaction.c \| 20 ++++++++++----------
26	xlators/cluster/afr/src/afr.h \| 4 ++--
27	3 files changed, 19 insertions(+), 19 deletions(-)
28
29	diff --git a/xlators/cluster/afr/src/afr-common.c b/xlators/cluster/afr/src/afr-common.c
30	index 0643204..85150a0 100644
31	--- a/xlators/cluster/afr/src/afr-common.c
32	+++ b/xlators/cluster/afr/src/afr-common.c
33	@@ -1673,13 +1673,13 @@ afr_local_transaction_cleanup (afr_local_t local, xlator_t this)
34	GF_FREE (local->transaction.pre_op);
35
36	GF_FREE (local->transaction.pre_op_sources);
37	- if (local->transaction.pre_op_xdata) {
38	+ if (local->transaction.changelog_xdata) {
39	for (i = 0; i < priv->child_count; i++) {
40	- if (!local->transaction.pre_op_xdata[i])
41	+ if (!local->transaction.changelog_xdata[i])
42	continue;
43	- dict_unref (local->transaction.pre_op_xdata[i]);
44	+ dict_unref (local->transaction.changelog_xdata[i]);
45	}
46	- GF_FREE (local->transaction.pre_op_xdata);
47	+ GF_FREE (local->transaction.changelog_xdata);
48	}
49
50	GF_FREE (local->transaction.eager_lock);
51	@@ -5396,10 +5396,10 @@ afr_transaction_local_init (afr_local_t local, xlator_t this)
52	goto out;
53
54	if (priv->arbiter_count == 1) {
55	- local->transaction.pre_op_xdata =
56	- GF_CALLOC (sizeof (*local->transaction.pre_op_xdata),
57	+ local->transaction.changelog_xdata =
58	+ GF_CALLOC (sizeof (*local->transaction.changelog_xdata),
59	priv->child_count, gf_afr_mt_dict_t);
60	- if (!local->transaction.pre_op_xdata)
61	+ if (!local->transaction.changelog_xdata)
62	goto out;
63
64	local->transaction.pre_op_sources =
65	diff --git a/xlators/cluster/afr/src/afr-transaction.c b/xlators/cluster/afr/src/afr-transaction.c
66	index 35621d9..c9a4474 100644
67	--- a/xlators/cluster/afr/src/afr-transaction.c
68	+++ b/xlators/cluster/afr/src/afr-transaction.c
69	@@ -276,9 +276,9 @@ afr_compute_pre_op_sources (call_frame_t frame, xlator_t this)
70	matrix = ALLOC_MATRIX (priv->child_count, int);
71
72	for (i = 0; i < priv->child_count; i++) {
73	- if (!local->transaction.pre_op_xdata[i])
74	+ if (!local->transaction.changelog_xdata[i])
75	continue;
76	- xdata = local->transaction.pre_op_xdata[i];
77	+ xdata = local->transaction.changelog_xdata[i];
78	afr_selfheal_fill_matrix (this, matrix, i, idx, xdata);
79	}
80
81	@@ -295,13 +295,6 @@ afr_compute_pre_op_sources (call_frame_t frame, xlator_t this)
82	for (j = 0; j < priv->child_count; j++)
83	if (matrix[i][j] != 0)
84	local->transaction.pre_op_sources[j] = 0;
85	-
86	- /We don't need the xattrs any more. /
87	- for (i = 0; i < priv->child_count; i++)
88	- if (local->transaction.pre_op_xdata[i]) {
89	- dict_unref (local->transaction.pre_op_xdata[i]);
90	- local->transaction.pre_op_xdata[i] = NULL;
91	- }
92	}
93
94	gf_boolean_t
95	@@ -1175,7 +1168,7 @@ afr_changelog_cbk (call_frame_t frame, void cookie, xlator_t *this,
96
97	if (priv->arbiter_count == 1 && !op_ret) {
98	if (xattr)
99	- local->transaction.pre_op_xdata[child_index] =
100	+ local->transaction.changelog_xdata[child_index] =
101	dict_ref (xattr);
102	}
103
104	@@ -1608,6 +1601,13 @@ afr_changelog_do (call_frame_t frame, xlator_t this, dict_t *xattr,
105	local = frame->local;
106	priv = this->private;
107
108	+ for (i = 0; i < priv->child_count; i++) {
109	+ if (local->transaction.changelog_xdata[i]) {
110	+ dict_unref (local->transaction.changelog_xdata[i]);
111	+ local->transaction.changelog_xdata[i] = NULL;
112	+ }
113	+ }
114	+
115	ret = afr_changelog_prepare (this, frame, &call_count, changelog_resume,
116	op, &xdata, &newloc_xdata);
117
118	diff --git a/xlators/cluster/afr/src/afr.h b/xlators/cluster/afr/src/afr.h
119	index cf736ed..2854153 100644
120	--- a/xlators/cluster/afr/src/afr.h
121	+++ b/xlators/cluster/afr/src/afr.h
122	@@ -737,8 +737,8 @@ typedef struct _afr_local {
123
124	unsigned char *pre_op;
125
126	- /* For arbiter configuration only. */
127	- dict_t **pre_op_xdata;
128	+ /* Changelog xattr dict for [f]xattrop*/
129	+ dict_t **changelog_xdata;
130	unsigned char *pre_op_sources;
131
132	/* @failed_subvols: subvolumes on which a pre-op or a
133	--
134	2.7.4
135


diff --git a/recipes-extended/glusterfs/glusterfs.inc b/recipes-extended/glusterfs/glusterfs.inc index 8243f28..f7d3cc3 100644 --- a/recipes-extended/glusterfs/glusterfs.inc +++ b/recipes-extended/glusterfs/glusterfs.inc
@@ -27,7 +27,6 @@ SRC_URI += "file://glusterd.init \
27	file://0002-posix-disable-open-read-write-on-special-files.patch \	27	file://0002-posix-disable-open-read-write-on-special-files.patch \
28	file://0003-server-protocol-don-t-allow-.-path-in-name.patch \	28	file://0003-server-protocol-don-t-allow-.-path-in-name.patch \
29	file://0004-io-stats-dump-io-stats-info-in-var-run-gluster.patch \	29	file://0004-io-stats-dump-io-stats-info-in-var-run-gluster.patch \
30	file://0005-cluster-afr-Fix-dict-leak-in-pre-op.patch \
31	file://0006-posix-remove-not-supported-get-set-content.patch \	30	file://0006-posix-remove-not-supported-get-set-content.patch \
32	file://0007-protocol-don-t-use-alloca.patch \	31	file://0007-protocol-don-t-use-alloca.patch \
33	"	32	"