diff options
author | Chen Qi <Qi.Chen@windriver.com> | 2018-09-26 10:36:30 +0800 |
---|---|---|
committer | Bruce Ashfield <bruce.ashfield@windriver.com> | 2018-09-30 21:34:09 -0400 |
commit | 57e11a65b6ad83bde2ae57913ece940bb9b40a4e (patch) | |
tree | 79f4b7247e560b33290db828947f180d0695fe7c /recipes-extended | |
parent | b202f3824bdbf65b922d58e348972183e57f61fe (diff) | |
download | meta-cloud-services-57e11a65b6ad83bde2ae57913ece940bb9b40a4e.tar.gz |
glusterfs: fix Fix CVE-2018-10913 and CVE-2018-10914
Backport a patch to fix the following two CVEs.
CVE: CVE-2018-10913
CVE: CVE-2018-10914
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Diffstat (limited to 'recipes-extended')
-rw-r--r-- | recipes-extended/glusterfs/files/0006-posix-remove-not-supported-get-set-content.patch | 297 | ||||
-rw-r--r-- | recipes-extended/glusterfs/glusterfs.inc | 1 |
2 files changed, 298 insertions, 0 deletions
diff --git a/recipes-extended/glusterfs/files/0006-posix-remove-not-supported-get-set-content.patch b/recipes-extended/glusterfs/files/0006-posix-remove-not-supported-get-set-content.patch new file mode 100644 index 0000000..d35ec48 --- /dev/null +++ b/recipes-extended/glusterfs/files/0006-posix-remove-not-supported-get-set-content.patch | |||
@@ -0,0 +1,297 @@ | |||
1 | From 76ee41dcb37d3c864d9cb70f957034c246de43ab Mon Sep 17 00:00:00 2001 | ||
2 | From: Chen Qi <Qi.Chen@windriver.com> | ||
3 | Date: Tue, 25 Sep 2018 16:31:14 +0800 | ||
4 | Subject: [PATCH 6/7] posix: remove not supported get/set content | ||
5 | |||
6 | getting and setting a file's content using extended | ||
7 | attribute worked great as a GET/PUT alternative when | ||
8 | an object storage is supported on top of Gluster. But | ||
9 | it needs application changes, and also, it skips some | ||
10 | caching layers. It is not used over years, and not | ||
11 | supported any more. Remove the dead code. | ||
12 | |||
13 | Fixes: bz#1625102 | ||
14 | |||
15 | Change-Id: Ide3b3f1f644f6ca58558bbe45561f346f96b95b7 | ||
16 | Signed-off-by: Amar Tumballi <amarts@redhat.com> | ||
17 | |||
18 | Upstream-Status: Backport | ||
19 | |||
20 | Fix CVE-2018-10913 | ||
21 | Fix CVE-2018-10914 | ||
22 | |||
23 | Modified to suite this old version. | ||
24 | |||
25 | Signed-off-by: Chen Qi <Qi.Chen@windriver.com> | ||
26 | --- | ||
27 | libglusterfs/src/glusterfs.h | 6 -- | ||
28 | xlators/storage/posix/src/posix-helpers.c | 166 +----------------------------- | ||
29 | xlators/storage/posix/src/posix.c | 14 --- | ||
30 | xlators/storage/posix/src/posix.h | 4 - | ||
31 | 4 files changed, 1 insertion(+), 189 deletions(-) | ||
32 | |||
33 | diff --git a/libglusterfs/src/glusterfs.h b/libglusterfs/src/glusterfs.h | ||
34 | index 9047373..77cafcb 100644 | ||
35 | --- a/libglusterfs/src/glusterfs.h | ||
36 | +++ b/libglusterfs/src/glusterfs.h | ||
37 | @@ -152,9 +152,6 @@ | ||
38 | #define GLUSTERFS_INTERNAL_FOP_KEY "glusterfs-internal-fop" | ||
39 | #define DHT_CHANGELOG_RENAME_OP_KEY "changelog.rename-op" | ||
40 | |||
41 | -#define ZR_FILE_CONTENT_STR "glusterfs.file." | ||
42 | -#define ZR_FILE_CONTENT_STRLEN 15 | ||
43 | - | ||
44 | #define GLUSTERFS_WRITE_IS_APPEND "glusterfs.write-is-append" | ||
45 | #define GLUSTERFS_WRITE_UPDATE_ATOMIC "glusterfs.write-update-atomic" | ||
46 | #define GLUSTERFS_OPEN_FD_COUNT "glusterfs.open-fd-count" | ||
47 | @@ -220,9 +217,6 @@ | ||
48 | |||
49 | #define STARTING_EVENT_THREADS 1 | ||
50 | |||
51 | -#define ZR_FILE_CONTENT_REQUEST(key) (!strncmp(key, ZR_FILE_CONTENT_STR, \ | ||
52 | - ZR_FILE_CONTENT_STRLEN)) | ||
53 | - | ||
54 | #define DEFAULT_VAR_RUN_DIRECTORY DATADIR "/run/gluster" | ||
55 | #define DEFAULT_GLUSTERFSD_MISC_DIRETORY DATADIR "/lib/misc/glusterfsd" | ||
56 | #ifdef GF_LINUX_HOST_OS | ||
57 | diff --git a/xlators/storage/posix/src/posix-helpers.c b/xlators/storage/posix/src/posix-helpers.c | ||
58 | index 69f61bf..f849845 100644 | ||
59 | --- a/xlators/storage/posix/src/posix-helpers.c | ||
60 | +++ b/xlators/storage/posix/src/posix-helpers.c | ||
61 | @@ -890,166 +890,6 @@ out: | ||
62 | return ret; | ||
63 | } | ||
64 | |||
65 | - | ||
66 | -int | ||
67 | -posix_set_file_contents (xlator_t *this, const char *path, char *keyp, | ||
68 | - data_t *value, int flags) | ||
69 | -{ | ||
70 | - char * key = NULL; | ||
71 | - char real_path[PATH_MAX]; | ||
72 | - int32_t file_fd = -1; | ||
73 | - int op_ret = 0; | ||
74 | - int ret = -1; | ||
75 | - | ||
76 | - | ||
77 | - /* XXX: does not handle assigning GFID to created files */ | ||
78 | - return -1; | ||
79 | - | ||
80 | - key = &(keyp[15]); | ||
81 | - sprintf (real_path, "%s/%s", path, key); | ||
82 | - | ||
83 | - if (flags & XATTR_REPLACE) { | ||
84 | - /* if file exists, replace it | ||
85 | - * else, error out */ | ||
86 | - file_fd = open (real_path, O_TRUNC|O_WRONLY); | ||
87 | - | ||
88 | - if (file_fd == -1) { | ||
89 | - goto create; | ||
90 | - } | ||
91 | - | ||
92 | - if (value->len) { | ||
93 | - ret = sys_write (file_fd, value->data, value->len); | ||
94 | - if (ret == -1) { | ||
95 | - op_ret = -errno; | ||
96 | - gf_msg (this->name, GF_LOG_ERROR, errno, | ||
97 | - P_MSG_SET_FILE_CONTENTS, "write failed" | ||
98 | - "while doing setxattr for key %s on" | ||
99 | - "path%s", key, real_path); | ||
100 | - goto out; | ||
101 | - } | ||
102 | - | ||
103 | - ret = sys_close (file_fd); | ||
104 | - if (ret == -1) { | ||
105 | - op_ret = -errno; | ||
106 | - gf_msg (this->name, GF_LOG_ERROR, errno, | ||
107 | - P_MSG_SET_FILE_CONTENTS, | ||
108 | - "close failed on %s", | ||
109 | - real_path); | ||
110 | - goto out; | ||
111 | - } | ||
112 | - } | ||
113 | - | ||
114 | - create: /* we know file doesn't exist, create it */ | ||
115 | - | ||
116 | - file_fd = open (real_path, O_CREAT|O_WRONLY, 0644); | ||
117 | - | ||
118 | - if (file_fd == -1) { | ||
119 | - op_ret = -errno; | ||
120 | - gf_msg (this->name, GF_LOG_ERROR, errno, | ||
121 | - P_MSG_SET_FILE_CONTENTS, "failed to open file" | ||
122 | - "%s with O_CREAT", key); | ||
123 | - goto out; | ||
124 | - } | ||
125 | - | ||
126 | - ret = sys_write (file_fd, value->data, value->len); | ||
127 | - if (ret == -1) { | ||
128 | - op_ret = -errno; | ||
129 | - gf_msg (this->name, GF_LOG_ERROR, errno, | ||
130 | - P_MSG_SET_FILE_CONTENTS, "write failed on %s" | ||
131 | - "while setxattr with key %s", real_path, key); | ||
132 | - goto out; | ||
133 | - } | ||
134 | - | ||
135 | - ret = sys_close (file_fd); | ||
136 | - if (ret == -1) { | ||
137 | - op_ret = -errno; | ||
138 | - gf_msg (this->name, GF_LOG_ERROR, errno, | ||
139 | - P_MSG_SET_FILE_CONTENTS, "close failed on" | ||
140 | - " %s while setxattr with key %s", | ||
141 | - real_path, key); | ||
142 | - goto out; | ||
143 | - } | ||
144 | - } | ||
145 | - | ||
146 | -out: | ||
147 | - return op_ret; | ||
148 | -} | ||
149 | - | ||
150 | - | ||
151 | -int | ||
152 | -posix_get_file_contents (xlator_t *this, uuid_t pargfid, | ||
153 | - const char *name, char **contents) | ||
154 | -{ | ||
155 | - char *real_path = NULL; | ||
156 | - int32_t file_fd = -1; | ||
157 | - struct iatt stbuf = {0,}; | ||
158 | - int op_ret = 0; | ||
159 | - int ret = -1; | ||
160 | - | ||
161 | - | ||
162 | - MAKE_HANDLE_PATH (real_path, this, pargfid, name); | ||
163 | - if (!real_path) { | ||
164 | - op_ret = -ESTALE; | ||
165 | - gf_msg (this->name, GF_LOG_ERROR, ESTALE, | ||
166 | - P_MSG_XDATA_GETXATTR, | ||
167 | - "Failed to create handle path for %s/%s", | ||
168 | - uuid_utoa (pargfid), name); | ||
169 | - goto out; | ||
170 | - } | ||
171 | - | ||
172 | - op_ret = posix_istat (this, pargfid, name, &stbuf); | ||
173 | - if (op_ret == -1) { | ||
174 | - op_ret = -errno; | ||
175 | - gf_msg (this->name, GF_LOG_ERROR, errno, P_MSG_XDATA_GETXATTR, | ||
176 | - "lstat failed on %s", real_path); | ||
177 | - goto out; | ||
178 | - } | ||
179 | - | ||
180 | - file_fd = open (real_path, O_RDONLY); | ||
181 | - | ||
182 | - if (file_fd == -1) { | ||
183 | - op_ret = -errno; | ||
184 | - gf_msg (this->name, GF_LOG_ERROR, errno, P_MSG_XDATA_GETXATTR, | ||
185 | - "open failed on %s", real_path); | ||
186 | - goto out; | ||
187 | - } | ||
188 | - | ||
189 | - *contents = GF_CALLOC (stbuf.ia_size + 1, sizeof(char), | ||
190 | - gf_posix_mt_char); | ||
191 | - if (! *contents) { | ||
192 | - op_ret = -errno; | ||
193 | - goto out; | ||
194 | - } | ||
195 | - | ||
196 | - ret = sys_read (file_fd, *contents, stbuf.ia_size); | ||
197 | - if (ret <= 0) { | ||
198 | - op_ret = -1; | ||
199 | - gf_msg (this->name, GF_LOG_ERROR, errno, P_MSG_XDATA_GETXATTR, | ||
200 | - "read on %s failed", real_path); | ||
201 | - goto out; | ||
202 | - } | ||
203 | - | ||
204 | - *contents[stbuf.ia_size] = '\0'; | ||
205 | - | ||
206 | - op_ret = sys_close (file_fd); | ||
207 | - file_fd = -1; | ||
208 | - if (op_ret == -1) { | ||
209 | - op_ret = -errno; | ||
210 | - gf_msg (this->name, GF_LOG_ERROR, errno, P_MSG_XDATA_GETXATTR, | ||
211 | - "close on %s failed", real_path); | ||
212 | - goto out; | ||
213 | - } | ||
214 | - | ||
215 | -out: | ||
216 | - if (op_ret < 0) { | ||
217 | - GF_FREE (*contents); | ||
218 | - if (file_fd != -1) | ||
219 | - sys_close (file_fd); | ||
220 | - } | ||
221 | - | ||
222 | - return op_ret; | ||
223 | -} | ||
224 | - | ||
225 | #ifdef HAVE_SYS_ACL_H | ||
226 | int | ||
227 | posix_pacl_set (const char *path, const char *key, const char *acl_s) | ||
228 | @@ -1154,9 +994,6 @@ posix_handle_pair (xlator_t *this, const char *real_path, | ||
229 | if (XATTR_IS_PATHINFO (key)) { | ||
230 | ret = -EACCES; | ||
231 | goto out; | ||
232 | - } else if (ZR_FILE_CONTENT_REQUEST(key)) { | ||
233 | - ret = posix_set_file_contents (this, real_path, key, value, | ||
234 | - flags); | ||
235 | } else if (GF_POSIX_ACL_REQUEST (key)) { | ||
236 | if (stbuf && IS_DHT_LINKFILE_MODE (stbuf)) | ||
237 | goto out; | ||
238 | @@ -1609,8 +1446,7 @@ _handle_entry_create_keyvalue_pair (dict_t *d, char *k, data_t *v, | ||
239 | !strcmp ("gfid-req", k) || | ||
240 | !strcmp (POSIX_ACL_DEFAULT_XATTR, k) || | ||
241 | !strcmp (POSIX_ACL_ACCESS_XATTR, k) || | ||
242 | - posix_xattr_ignorable (k) || | ||
243 | - ZR_FILE_CONTENT_REQUEST(k)) { | ||
244 | + posix_xattr_ignorable (k)) { | ||
245 | return 0; | ||
246 | } | ||
247 | |||
248 | diff --git a/xlators/storage/posix/src/posix.c b/xlators/storage/posix/src/posix.c | ||
249 | index 506ae91..a69e8f6 100644 | ||
250 | --- a/xlators/storage/posix/src/posix.c | ||
251 | +++ b/xlators/storage/posix/src/posix.c | ||
252 | @@ -4427,7 +4427,6 @@ posix_getxattr (call_frame_t *frame, xlator_t *this, | ||
253 | char *value = NULL; | ||
254 | char *real_path = NULL; | ||
255 | dict_t *dict = NULL; | ||
256 | - char *file_contents = NULL; | ||
257 | int ret = -1; | ||
258 | char *path = NULL; | ||
259 | char *rpath = NULL; | ||
260 | @@ -4458,19 +4457,6 @@ posix_getxattr (call_frame_t *frame, xlator_t *this, | ||
261 | goto out; | ||
262 | } | ||
263 | |||
264 | - if (loc->inode && IA_ISDIR(loc->inode->ia_type) && name && | ||
265 | - ZR_FILE_CONTENT_REQUEST(name)) { | ||
266 | - ret = posix_get_file_contents (this, loc->gfid, &name[15], | ||
267 | - &file_contents); | ||
268 | - if (ret < 0) { | ||
269 | - op_errno = -ret; | ||
270 | - gf_msg (this->name, GF_LOG_ERROR, op_errno, | ||
271 | - P_MSG_FILE_FAILED, "getting file contents" | ||
272 | - "failed"); | ||
273 | - goto out; | ||
274 | - } | ||
275 | - } | ||
276 | - | ||
277 | dict = dict_new (); | ||
278 | if (!dict) { | ||
279 | op_errno = ENOMEM; | ||
280 | diff --git a/xlators/storage/posix/src/posix.h b/xlators/storage/posix/src/posix.h | ||
281 | index febd432..3d2566b 100644 | ||
282 | --- a/xlators/storage/posix/src/posix.h | ||
283 | +++ b/xlators/storage/posix/src/posix.h | ||
284 | @@ -250,10 +250,6 @@ int posix_handle_pair (xlator_t *this, const char *real_path, char *key, | ||
285 | int posix_fhandle_pair (xlator_t *this, int fd, char *key, data_t *value, | ||
286 | int flags, struct iatt *stbuf); | ||
287 | void posix_spawn_janitor_thread (xlator_t *this); | ||
288 | -int posix_get_file_contents (xlator_t *this, uuid_t pargfid, | ||
289 | - const char *name, char **contents); | ||
290 | -int posix_set_file_contents (xlator_t *this, const char *path, char *key, | ||
291 | - data_t *value, int flags); | ||
292 | int posix_acl_xattr_set (xlator_t *this, const char *path, dict_t *xattr_req); | ||
293 | int posix_gfid_heal (xlator_t *this, const char *path, loc_t *loc, dict_t *xattr_req); | ||
294 | int posix_entry_create_xattr_set (xlator_t *this, const char *path, | ||
295 | -- | ||
296 | 2.7.4 | ||
297 | |||
diff --git a/recipes-extended/glusterfs/glusterfs.inc b/recipes-extended/glusterfs/glusterfs.inc index 0ce2acd..525b905 100644 --- a/recipes-extended/glusterfs/glusterfs.inc +++ b/recipes-extended/glusterfs/glusterfs.inc | |||
@@ -28,6 +28,7 @@ SRC_URI += "file://glusterd.init \ | |||
28 | file://0003-server-protocol-don-t-allow-.-path-in-name.patch \ | 28 | file://0003-server-protocol-don-t-allow-.-path-in-name.patch \ |
29 | file://0004-io-stats-dump-io-stats-info-in-var-run-gluster.patch \ | 29 | file://0004-io-stats-dump-io-stats-info-in-var-run-gluster.patch \ |
30 | file://0005-cluster-afr-Fix-dict-leak-in-pre-op.patch \ | 30 | file://0005-cluster-afr-Fix-dict-leak-in-pre-op.patch \ |
31 | file://0006-posix-remove-not-supported-get-set-content.patch \ | ||
31 | " | 32 | " |
32 | 33 | ||
33 | LICENSE = "(LGPLv3+ | GPLv2) & GPLv3+ & LGPLv3+ & GPLv2+ & LGPLv2+ & LGPLv2.1+ & Apache-2.0" | 34 | LICENSE = "(LGPLv3+ | GPLv2) & GPLv3+ & LGPLv3+ & GPLv2+ & LGPLv2+ & LGPLv2.1+ & Apache-2.0" |