glusterfs: fix CVE-2018-10923

Backport patch to fix the following CVE. CVE: CVE-2018-10923 Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
author: Chen Qi <Qi.Chen@windriver.com> 2018-09-26 10:36:26 +0800
committer: Bruce Ashfield <bruce.ashfield@windriver.com> 2018-09-30 21:34:09 -0400
commit: 50e525538a193c5eb09da61fd78a7d77291ec0c2 (patch)
tree: f1c99e15987f9cc87a37094ec3076068caaf544c
parent: 69f0c7cf74a9af4c5a0a3ead2d608dd155e159ce (diff)
download: meta-cloud-services-50e525538a193c5eb09da61fd78a7d77291ec0c2.tar.gz
2 files changed, 94 insertions, 0 deletions
diff --git a/recipes-extended/glusterfs/files/0002-posix-disable-open-read-write-on-special-files.patch b/recipes-extended/glusterfs/files/0002-posix-disable-open-read-write-on-special-files.patch
new file mode 100644
index 0000000..06cd06c
--- /dev/null
+++ b/recipes-extended/glusterfs/files/0002-posix-disable-open-read-write-on-special-files.patch
@@ -0,0 +1,93 @@
+From 08dc006aac79ee1d1f6a5b7044fc973df7f00ed6 Mon Sep 17 00:00:00 2001
+From: Chen Qi <Qi.Chen@windriver.com>
+Date: Tue, 25 Sep 2018 14:02:01 +0800
+Subject: [PATCH 2/7] posix: disable open/read/write on special files
+In the file system, the responsibility w.r.to the block and char device
+files is related to only support for 'creating' them (using mknod(2)).
+Once the device files are created, the read/write syscalls for the specific
+devices are handled by the device driver registered for the specific major
+number, and depending on the minor number, it knows where to read from.
+Hence, we are at risk of reading contents from devices which are handled
+by the host kernel on server nodes.
+By disabling open/read/write on the device file, we would be safe with
+the bypass one can achieve from client side (using gfapi)
+Fixes: bz#1625096
+Change-Id: I48c776b0af1cbd2a5240862826d3d8918601e47f
+Signed-off-by: Amar Tumballi <amarts@redhat.com>
+Upstream-Status: Backport
+Fix CVE-2018-10923
+Modified to suite the old version of glusterfs.
+Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
+---
+ xlators/storage/posix/src/posix.c | 33 +++++++++++++++++++++++++++++++++
+ 1 file changed, 33 insertions(+)
+diff --git a/xlators/storage/posix/src/posix.c b/xlators/storage/posix/src/posix.c
+index b1a529b..506ae91 100644
+--- a/xlators/storage/posix/src/posix.c
+++ b/xlators/storage/posix/src/posix.c
+@@ -3091,6 +3091,17 @@ posix_open (call_frame_t *frame, xlator_t *this,
+         priv = this->private;
+         VALIDATE_OR_GOTO (priv, out);
+ 
+        if (loc->inode &&
+            ((loc->inode->ia_type == IA_IFBLK) ||
+             (loc->inode->ia_type == IA_IFCHR))) {
+                gf_msg (this->name, GF_LOG_ERROR, EINVAL,
+                        P_MSG_INVALID_ARGUMENT,
+                        "open received on a block/char file (%s)",
+                        uuid_utoa (loc->inode->gfid));
+                op_errno = EINVAL;
+                goto out;
+        }
+
+         MAKE_INODE_HANDLE (real_path, this, loc, &stbuf);
+         if (!real_path) {
+                 op_ret = -1;
+@@ -3180,6 +3191,17 @@ posix_readv (call_frame_t *frame, xlator_t *this,
+         priv = this->private;
+         VALIDATE_OR_GOTO (priv, out);
+ 
+        if (fd->inode &&
+            ((fd->inode->ia_type == IA_IFBLK) ||
+             (fd->inode->ia_type == IA_IFCHR))) {
+                gf_msg (this->name, GF_LOG_ERROR, EINVAL,
+                        P_MSG_INVALID_ARGUMENT,
+                        "readv received on a block/char file (%s)",
+                        uuid_utoa (fd->inode->gfid));
+                op_errno = EINVAL;
+                goto out;
+        }
+
+         ret = posix_fd_ctx_get (fd, this, &pfd, &op_errno);
+         if (ret < 0) {
+                 gf_msg (this->name, GF_LOG_WARNING, op_errno, P_MSG_PFD_NULL,
+@@ -3415,6 +3437,17 @@ posix_writev (call_frame_t *frame, xlator_t *this, fd_t *fd,
+ 
+         VALIDATE_OR_GOTO (priv, out);
+ 
+        if (fd->inode &&
+            ((fd->inode->ia_type == IA_IFBLK) ||
+             (fd->inode->ia_type == IA_IFCHR))) {
+                gf_msg (this->name, GF_LOG_ERROR, EINVAL,
+                        P_MSG_INVALID_ARGUMENT,
+                        "writev received on a block/char file (%s)",
+                        uuid_utoa (fd->inode->gfid));
+                op_errno = EINVAL;
+                goto out;
+        }
+
+         ret = posix_fd_ctx_get (fd, this, &pfd, &op_errno);
+         if (ret < 0) {
+                 gf_msg (this->name, GF_LOG_WARNING, ret, P_MSG_PFD_NULL,
+-- 
+2.7.4
diff --git a/recipes-extended/glusterfs/glusterfs.inc b/recipes-extended/glusterfs/glusterfs.inc
index ea5f2b7..e332872 100644
--- a/recipes-extended/glusterfs/glusterfs.inc
+++ b/recipes-extended/glusterfs/glusterfs.inc
@@ -24,6 +24,7 @@ SRC_URI += "file://glusterd.init \
            file://0002-server-auth-add-option-for-strict-authentication.patch \
            file://0003-glusterfs-access-trusted-peer-group-via-remote-host-.patch \
            file://0001-dict-handle-negative-key-value-length-while-unserial.patch \
+            file://0002-posix-disable-open-read-write-on-special-files.patch \
           "
 LICENSE = "(LGPLv3+ | GPLv2) & GPLv3+ & LGPLv3+ & GPLv2+ & LGPLv2+ & LGPLv2.1+ & Apache-2.0"
author	Chen Qi <Qi.Chen@windriver.com>	2018-09-26 10:36:26 +0800
committer	Bruce Ashfield <bruce.ashfield@windriver.com>	2018-09-30 21:34:09 -0400
commit	50e525538a193c5eb09da61fd78a7d77291ec0c2 (patch)
tree	f1c99e15987f9cc87a37094ec3076068caaf544c
parent	69f0c7cf74a9af4c5a0a3ead2d608dd155e159ce (diff)
download	meta-cloud-services-50e525538a193c5eb09da61fd78a7d77291ec0c2.tar.gz

diff --git a/recipes-extended/glusterfs/files/0002-posix-disable-open-read-write-on-special-files.patch b/recipes-extended/glusterfs/files/0002-posix-disable-open-read-write-on-special-files.patch new file mode 100644 index 0000000..06cd06c --- /dev/null +++ b/recipes-extended/glusterfs/files/0002-posix-disable-open-read-write-on-special-files.patch
@@ -0,0 +1,93 @@
		1	From 08dc006aac79ee1d1f6a5b7044fc973df7f00ed6 Mon Sep 17 00:00:00 2001
		2	From: Chen Qi <Qi.Chen@windriver.com>
		3	Date: Tue, 25 Sep 2018 14:02:01 +0800
		4	Subject: [PATCH 2/7] posix: disable open/read/write on special files
		5
		6	In the file system, the responsibility w.r.to the block and char device
		7	files is related to only support for 'creating' them (using mknod(2)).
		8
		9	Once the device files are created, the read/write syscalls for the specific
		10	devices are handled by the device driver registered for the specific major
		11	number, and depending on the minor number, it knows where to read from.
		12	Hence, we are at risk of reading contents from devices which are handled
		13	by the host kernel on server nodes.
		14
		15	By disabling open/read/write on the device file, we would be safe with
		16	the bypass one can achieve from client side (using gfapi)
		17
		18	Fixes: bz#1625096
		19
		20	Change-Id: I48c776b0af1cbd2a5240862826d3d8918601e47f
		21	Signed-off-by: Amar Tumballi <amarts@redhat.com>
		22
		23	Upstream-Status: Backport
		24
		25	Fix CVE-2018-10923
		26	Modified to suite the old version of glusterfs.
		27
		28	Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
		29	---
		30	xlators/storage/posix/src/posix.c \| 33 +++++++++++++++++++++++++++++++++
		31	1 file changed, 33 insertions(+)
		32
		33	diff --git a/xlators/storage/posix/src/posix.c b/xlators/storage/posix/src/posix.c
		34	index b1a529b..506ae91 100644
		35	--- a/xlators/storage/posix/src/posix.c
		36	+++ b/xlators/storage/posix/src/posix.c
		37	@@ -3091,6 +3091,17 @@ posix_open (call_frame_t frame, xlator_t this,
		38	priv = this->private;
		39	VALIDATE_OR_GOTO (priv, out);
		40
		41	+ if (loc->inode &&
		42	+ ((loc->inode->ia_type == IA_IFBLK) \|\|
		43	+ (loc->inode->ia_type == IA_IFCHR))) {
		44	+ gf_msg (this->name, GF_LOG_ERROR, EINVAL,
		45	+ P_MSG_INVALID_ARGUMENT,
		46	+ "open received on a block/char file (%s)",
		47	+ uuid_utoa (loc->inode->gfid));
		48	+ op_errno = EINVAL;
		49	+ goto out;
		50	+ }
		51	+
		52	MAKE_INODE_HANDLE (real_path, this, loc, &stbuf);
		53	if (!real_path) {
		54	op_ret = -1;
		55	@@ -3180,6 +3191,17 @@ posix_readv (call_frame_t frame, xlator_t this,
		56	priv = this->private;
		57	VALIDATE_OR_GOTO (priv, out);
		58
		59	+ if (fd->inode &&
		60	+ ((fd->inode->ia_type == IA_IFBLK) \|\|
		61	+ (fd->inode->ia_type == IA_IFCHR))) {
		62	+ gf_msg (this->name, GF_LOG_ERROR, EINVAL,
		63	+ P_MSG_INVALID_ARGUMENT,
		64	+ "readv received on a block/char file (%s)",
		65	+ uuid_utoa (fd->inode->gfid));
		66	+ op_errno = EINVAL;
		67	+ goto out;
		68	+ }
		69	+
		70	ret = posix_fd_ctx_get (fd, this, &pfd, &op_errno);
		71	if (ret < 0) {
		72	gf_msg (this->name, GF_LOG_WARNING, op_errno, P_MSG_PFD_NULL,
		73	@@ -3415,6 +3437,17 @@ posix_writev (call_frame_t frame, xlator_t this, fd_t *fd,
		74
		75	VALIDATE_OR_GOTO (priv, out);
		76
		77	+ if (fd->inode &&
		78	+ ((fd->inode->ia_type == IA_IFBLK) \|\|
		79	+ (fd->inode->ia_type == IA_IFCHR))) {
		80	+ gf_msg (this->name, GF_LOG_ERROR, EINVAL,
		81	+ P_MSG_INVALID_ARGUMENT,
		82	+ "writev received on a block/char file (%s)",
		83	+ uuid_utoa (fd->inode->gfid));
		84	+ op_errno = EINVAL;
		85	+ goto out;
		86	+ }
		87	+
		88	ret = posix_fd_ctx_get (fd, this, &pfd, &op_errno);
		89	if (ret < 0) {
		90	gf_msg (this->name, GF_LOG_WARNING, ret, P_MSG_PFD_NULL,
		91	--
		92	2.7.4
		93


diff --git a/recipes-extended/glusterfs/glusterfs.inc b/recipes-extended/glusterfs/glusterfs.inc index ea5f2b7..e332872 100644 --- a/recipes-extended/glusterfs/glusterfs.inc +++ b/recipes-extended/glusterfs/glusterfs.inc
@@ -24,6 +24,7 @@ SRC_URI += "file://glusterd.init \
24	file://0002-server-auth-add-option-for-strict-authentication.patch \	24	file://0002-server-auth-add-option-for-strict-authentication.patch \
25	file://0003-glusterfs-access-trusted-peer-group-via-remote-host-.patch \	25	file://0003-glusterfs-access-trusted-peer-group-via-remote-host-.patch \
26	file://0001-dict-handle-negative-key-value-length-while-unserial.patch \	26	file://0001-dict-handle-negative-key-value-length-while-unserial.patch \
		27	file://0002-posix-disable-open-read-write-on-special-files.patch \
27	"	28	"
28		29
29	LICENSE = "(LGPLv3+ \| GPLv2) & GPLv3+ & LGPLv3+ & GPLv2+ & LGPLv2+ & LGPLv2.1+ & Apache-2.0"	30	LICENSE = "(LGPLv3+ \| GPLv2) & GPLv3+ & LGPLv3+ & GPLv2+ & LGPLv2+ & LGPLv2.1+ & Apache-2.0"