diff options
| author | Chen Qi <Qi.Chen@windriver.com> | 2018-09-26 10:36:25 +0800 |
|---|---|---|
| committer | Bruce Ashfield <bruce.ashfield@windriver.com> | 2018-09-30 21:34:09 -0400 |
| commit | 69f0c7cf74a9af4c5a0a3ead2d608dd155e159ce (patch) | |
| tree | 9044cae684c80378164790beb56ba791f3ef7948 | |
| parent | 5793d336ae63744d573821aba2f2b22000aae0c1 (diff) | |
| download | meta-cloud-services-69f0c7cf74a9af4c5a0a3ead2d608dd155e159ce.tar.gz | |
glusterfs: fix CVE-2018-10911
Backport patch to fix the following CVE.
CVE: CVE-2018-10911
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
| -rw-r--r-- | recipes-extended/glusterfs/files/0001-dict-handle-negative-key-value-length-while-unserial.patch | 39 | ||||
| -rw-r--r-- | recipes-extended/glusterfs/glusterfs.inc | 1 |
2 files changed, 40 insertions, 0 deletions
diff --git a/recipes-extended/glusterfs/files/0001-dict-handle-negative-key-value-length-while-unserial.patch b/recipes-extended/glusterfs/files/0001-dict-handle-negative-key-value-length-while-unserial.patch new file mode 100644 index 0000000..cb3400b --- /dev/null +++ b/recipes-extended/glusterfs/files/0001-dict-handle-negative-key-value-length-while-unserial.patch | |||
| @@ -0,0 +1,39 @@ | |||
| 1 | From 428ee988df7d6cbe6e18becffcee5cdfb0fa9d17 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Amar Tumballi <amarts@redhat.com> | ||
| 3 | Date: Tue, 24 Jul 2018 13:25:12 +0530 | ||
| 4 | Subject: [PATCH 1/7] dict: handle negative key/value length while unserialize | ||
| 5 | |||
| 6 | Fixes: bz#1625089 | ||
| 7 | Change-Id: Ie56df0da46c242846a1ba51ccb9e011af118b119 | ||
| 8 | Signed-off-by: Amar Tumballi <amarts@redhat.com> | ||
| 9 | |||
| 10 | Upstream-Status: Backport | ||
| 11 | |||
| 12 | Fix CVE-2018-10911 | ||
| 13 | |||
| 14 | Signed-off-by: Chen Qi <Qi.Chen@windriver.com> | ||
| 15 | --- | ||
| 16 | libglusterfs/src/dict.c | 7 +++++++ | ||
| 17 | 1 file changed, 7 insertions(+) | ||
| 18 | |||
| 19 | diff --git a/libglusterfs/src/dict.c b/libglusterfs/src/dict.c | ||
| 20 | index 839b426..ac0a677 100644 | ||
| 21 | --- a/libglusterfs/src/dict.c | ||
| 22 | +++ b/libglusterfs/src/dict.c | ||
| 23 | @@ -2751,6 +2751,13 @@ dict_unserialize (char *orig_buf, int32_t size, dict_t **fill) | ||
| 24 | vallen = ntoh32 (hostord); | ||
| 25 | buf += DICT_DATA_HDR_VAL_LEN; | ||
| 26 | |||
| 27 | + if ((keylen < 0) || (vallen < 0)) { | ||
| 28 | + gf_msg_callingfn ("dict", GF_LOG_ERROR, 0, | ||
| 29 | + LG_MSG_UNDERSIZED_BUF, | ||
| 30 | + "undersized length passed " | ||
| 31 | + "key:%d val:%d", keylen, vallen); | ||
| 32 | + goto out; | ||
| 33 | + } | ||
| 34 | if ((buf + keylen) > (orig_buf + size)) { | ||
| 35 | gf_msg_callingfn ("dict", GF_LOG_ERROR, 0, | ||
| 36 | LG_MSG_UNDERSIZED_BUF, | ||
| 37 | -- | ||
| 38 | 2.7.4 | ||
| 39 | |||
diff --git a/recipes-extended/glusterfs/glusterfs.inc b/recipes-extended/glusterfs/glusterfs.inc index ab63a9a..ea5f2b7 100644 --- a/recipes-extended/glusterfs/glusterfs.inc +++ b/recipes-extended/glusterfs/glusterfs.inc | |||
| @@ -23,6 +23,7 @@ SRC_URI += "file://glusterd.init \ | |||
| 23 | file://0001-shared-storage-Prevent-mounting-shared-storage-from-.patch \ | 23 | file://0001-shared-storage-Prevent-mounting-shared-storage-from-.patch \ |
| 24 | file://0002-server-auth-add-option-for-strict-authentication.patch \ | 24 | file://0002-server-auth-add-option-for-strict-authentication.patch \ |
| 25 | file://0003-glusterfs-access-trusted-peer-group-via-remote-host-.patch \ | 25 | file://0003-glusterfs-access-trusted-peer-group-via-remote-host-.patch \ |
| 26 | file://0001-dict-handle-negative-key-value-length-while-unserial.patch \ | ||
| 26 | " | 27 | " |
| 27 | 28 | ||
| 28 | LICENSE = "(LGPLv3+ | GPLv2) & GPLv3+ & LGPLv3+ & GPLv2+ & LGPLv2+ & LGPLv2.1+ & Apache-2.0" | 29 | LICENSE = "(LGPLv3+ | GPLv2) & GPLv3+ & LGPLv3+ & GPLv2+ & LGPLv2+ & LGPLv2.1+ & Apache-2.0" |