diff options
author | Chen Qi <Qi.Chen@windriver.com> | 2018-09-26 10:36:26 +0800 |
---|---|---|
committer | Bruce Ashfield <bruce.ashfield@windriver.com> | 2018-09-30 21:34:09 -0400 |
commit | 50e525538a193c5eb09da61fd78a7d77291ec0c2 (patch) | |
tree | f1c99e15987f9cc87a37094ec3076068caaf544c | |
parent | 69f0c7cf74a9af4c5a0a3ead2d608dd155e159ce (diff) | |
download | meta-cloud-services-50e525538a193c5eb09da61fd78a7d77291ec0c2.tar.gz |
glusterfs: fix CVE-2018-10923
Backport patch to fix the following CVE.
CVE: CVE-2018-10923
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
-rw-r--r-- | recipes-extended/glusterfs/files/0002-posix-disable-open-read-write-on-special-files.patch | 93 | ||||
-rw-r--r-- | recipes-extended/glusterfs/glusterfs.inc | 1 |
2 files changed, 94 insertions, 0 deletions
diff --git a/recipes-extended/glusterfs/files/0002-posix-disable-open-read-write-on-special-files.patch b/recipes-extended/glusterfs/files/0002-posix-disable-open-read-write-on-special-files.patch new file mode 100644 index 0000000..06cd06c --- /dev/null +++ b/recipes-extended/glusterfs/files/0002-posix-disable-open-read-write-on-special-files.patch | |||
@@ -0,0 +1,93 @@ | |||
1 | From 08dc006aac79ee1d1f6a5b7044fc973df7f00ed6 Mon Sep 17 00:00:00 2001 | ||
2 | From: Chen Qi <Qi.Chen@windriver.com> | ||
3 | Date: Tue, 25 Sep 2018 14:02:01 +0800 | ||
4 | Subject: [PATCH 2/7] posix: disable open/read/write on special files | ||
5 | |||
6 | In the file system, the responsibility w.r.to the block and char device | ||
7 | files is related to only support for 'creating' them (using mknod(2)). | ||
8 | |||
9 | Once the device files are created, the read/write syscalls for the specific | ||
10 | devices are handled by the device driver registered for the specific major | ||
11 | number, and depending on the minor number, it knows where to read from. | ||
12 | Hence, we are at risk of reading contents from devices which are handled | ||
13 | by the host kernel on server nodes. | ||
14 | |||
15 | By disabling open/read/write on the device file, we would be safe with | ||
16 | the bypass one can achieve from client side (using gfapi) | ||
17 | |||
18 | Fixes: bz#1625096 | ||
19 | |||
20 | Change-Id: I48c776b0af1cbd2a5240862826d3d8918601e47f | ||
21 | Signed-off-by: Amar Tumballi <amarts@redhat.com> | ||
22 | |||
23 | Upstream-Status: Backport | ||
24 | |||
25 | Fix CVE-2018-10923 | ||
26 | Modified to suite the old version of glusterfs. | ||
27 | |||
28 | Signed-off-by: Chen Qi <Qi.Chen@windriver.com> | ||
29 | --- | ||
30 | xlators/storage/posix/src/posix.c | 33 +++++++++++++++++++++++++++++++++ | ||
31 | 1 file changed, 33 insertions(+) | ||
32 | |||
33 | diff --git a/xlators/storage/posix/src/posix.c b/xlators/storage/posix/src/posix.c | ||
34 | index b1a529b..506ae91 100644 | ||
35 | --- a/xlators/storage/posix/src/posix.c | ||
36 | +++ b/xlators/storage/posix/src/posix.c | ||
37 | @@ -3091,6 +3091,17 @@ posix_open (call_frame_t *frame, xlator_t *this, | ||
38 | priv = this->private; | ||
39 | VALIDATE_OR_GOTO (priv, out); | ||
40 | |||
41 | + if (loc->inode && | ||
42 | + ((loc->inode->ia_type == IA_IFBLK) || | ||
43 | + (loc->inode->ia_type == IA_IFCHR))) { | ||
44 | + gf_msg (this->name, GF_LOG_ERROR, EINVAL, | ||
45 | + P_MSG_INVALID_ARGUMENT, | ||
46 | + "open received on a block/char file (%s)", | ||
47 | + uuid_utoa (loc->inode->gfid)); | ||
48 | + op_errno = EINVAL; | ||
49 | + goto out; | ||
50 | + } | ||
51 | + | ||
52 | MAKE_INODE_HANDLE (real_path, this, loc, &stbuf); | ||
53 | if (!real_path) { | ||
54 | op_ret = -1; | ||
55 | @@ -3180,6 +3191,17 @@ posix_readv (call_frame_t *frame, xlator_t *this, | ||
56 | priv = this->private; | ||
57 | VALIDATE_OR_GOTO (priv, out); | ||
58 | |||
59 | + if (fd->inode && | ||
60 | + ((fd->inode->ia_type == IA_IFBLK) || | ||
61 | + (fd->inode->ia_type == IA_IFCHR))) { | ||
62 | + gf_msg (this->name, GF_LOG_ERROR, EINVAL, | ||
63 | + P_MSG_INVALID_ARGUMENT, | ||
64 | + "readv received on a block/char file (%s)", | ||
65 | + uuid_utoa (fd->inode->gfid)); | ||
66 | + op_errno = EINVAL; | ||
67 | + goto out; | ||
68 | + } | ||
69 | + | ||
70 | ret = posix_fd_ctx_get (fd, this, &pfd, &op_errno); | ||
71 | if (ret < 0) { | ||
72 | gf_msg (this->name, GF_LOG_WARNING, op_errno, P_MSG_PFD_NULL, | ||
73 | @@ -3415,6 +3437,17 @@ posix_writev (call_frame_t *frame, xlator_t *this, fd_t *fd, | ||
74 | |||
75 | VALIDATE_OR_GOTO (priv, out); | ||
76 | |||
77 | + if (fd->inode && | ||
78 | + ((fd->inode->ia_type == IA_IFBLK) || | ||
79 | + (fd->inode->ia_type == IA_IFCHR))) { | ||
80 | + gf_msg (this->name, GF_LOG_ERROR, EINVAL, | ||
81 | + P_MSG_INVALID_ARGUMENT, | ||
82 | + "writev received on a block/char file (%s)", | ||
83 | + uuid_utoa (fd->inode->gfid)); | ||
84 | + op_errno = EINVAL; | ||
85 | + goto out; | ||
86 | + } | ||
87 | + | ||
88 | ret = posix_fd_ctx_get (fd, this, &pfd, &op_errno); | ||
89 | if (ret < 0) { | ||
90 | gf_msg (this->name, GF_LOG_WARNING, ret, P_MSG_PFD_NULL, | ||
91 | -- | ||
92 | 2.7.4 | ||
93 | |||
diff --git a/recipes-extended/glusterfs/glusterfs.inc b/recipes-extended/glusterfs/glusterfs.inc index ea5f2b7..e332872 100644 --- a/recipes-extended/glusterfs/glusterfs.inc +++ b/recipes-extended/glusterfs/glusterfs.inc | |||
@@ -24,6 +24,7 @@ SRC_URI += "file://glusterd.init \ | |||
24 | file://0002-server-auth-add-option-for-strict-authentication.patch \ | 24 | file://0002-server-auth-add-option-for-strict-authentication.patch \ |
25 | file://0003-glusterfs-access-trusted-peer-group-via-remote-host-.patch \ | 25 | file://0003-glusterfs-access-trusted-peer-group-via-remote-host-.patch \ |
26 | file://0001-dict-handle-negative-key-value-length-while-unserial.patch \ | 26 | file://0001-dict-handle-negative-key-value-length-while-unserial.patch \ |
27 | file://0002-posix-disable-open-read-write-on-special-files.patch \ | ||
27 | " | 28 | " |
28 | 29 | ||
29 | LICENSE = "(LGPLv3+ | GPLv2) & GPLv3+ & LGPLv3+ & GPLv2+ & LGPLv2+ & LGPLv2.1+ & Apache-2.0" | 30 | LICENSE = "(LGPLv3+ | GPLv2) & GPLv3+ & LGPLv3+ & GPLv2+ & LGPLv2+ & LGPLv2.1+ & Apache-2.0" |