diff options
-rw-r--r-- | recipes-extended/glusterfs/files/CVE-2023-26253.patch | 76 | ||||
-rw-r--r-- | recipes-extended/glusterfs/glusterfs.inc | 1 |
2 files changed, 77 insertions, 0 deletions
diff --git a/recipes-extended/glusterfs/files/CVE-2023-26253.patch b/recipes-extended/glusterfs/files/CVE-2023-26253.patch new file mode 100644 index 0000000..828c162 --- /dev/null +++ b/recipes-extended/glusterfs/files/CVE-2023-26253.patch | |||
@@ -0,0 +1,76 @@ | |||
1 | commit 0cbf51a9827af0e3a35f5cfa823bfa39740bbc58 | ||
2 | Author: mohit84 <moagrawa@redhat.com> | ||
3 | Date: Thu Mar 30 13:02:19 2023 +0530 | ||
4 | Subject: [PATCH] fuse: Resolve asan bug in during receive event notification | ||
5 | (#4024) | ||
6 | |||
7 | The fuse xlator notify function tries to assign data object to graph | ||
8 | object without checking an event. In case of upcall event data object | ||
9 | represents upcall object so during access of graph object the process | ||
10 | crashed for asan build. | ||
11 | |||
12 | Solution: Access the graph->id only while an event is associated | ||
13 | specifically to fuse xlator | ||
14 | |||
15 | > Fixes: #3954 | ||
16 | > Change-Id: I6b2869256b26d22163879737dcf163510d1cd8bf | ||
17 | > Signed-off-by: Mohit Agrawal moagrawa@redhat.com | ||
18 | > (Reviewed on upstream link #4019) | ||
19 | |||
20 | Fixes: #3954 | ||
21 | Change-Id: I6b2869256b26d22163879737dcf163510d1cd8bf | ||
22 | |||
23 | CVE: CVE-2023-26253 | ||
24 | |||
25 | Upstream-Status: Backport [https://github.com/gluster/glusterfs/commit/0cbf51a9827af0e3a35f5cfa823bfa39740bbc58] | ||
26 | |||
27 | Signed-off-by: Soumya <soumya.sambu@windriver.com> | ||
28 | --- | ||
29 | xlators/mount/fuse/src/fuse-bridge.c | 14 +++++++++++--- | ||
30 | 1 file changed, 11 insertions(+), 3 deletions(-) | ||
31 | |||
32 | diff --git a/xlators/mount/fuse/src/fuse-bridge.c b/xlators/mount/fuse/src/fuse-bridge.c | ||
33 | index c3945d7..0c01a43 100644 | ||
34 | --- a/xlators/mount/fuse/src/fuse-bridge.c | ||
35 | +++ b/xlators/mount/fuse/src/fuse-bridge.c | ||
36 | @@ -6198,6 +6198,7 @@ notify(xlator_t *this, int32_t event, void *data, ...) | ||
37 | int32_t ret = 0; | ||
38 | fuse_private_t *private = NULL; | ||
39 | gf_boolean_t start_thread = _gf_false; | ||
40 | + gf_boolean_t event_graph = _gf_true; | ||
41 | glusterfs_graph_t *graph = NULL; | ||
42 | |||
43 | private | ||
44 | @@ -6205,9 +6206,6 @@ notify(xlator_t *this, int32_t event, void *data, ...) | ||
45 | |||
46 | graph = data; | ||
47 | |||
48 | - gf_log("fuse", GF_LOG_DEBUG, "got event %d on graph %d", event, | ||
49 | - ((graph) ? graph->id : 0)); | ||
50 | - | ||
51 | switch (event) { | ||
52 | case GF_EVENT_GRAPH_NEW: | ||
53 | break; | ||
54 | @@ -6271,9 +6269,19 @@ notify(xlator_t *this, int32_t event, void *data, ...) | ||
55 | } | ||
56 | |||
57 | default: | ||
58 | + /* Set the event_graph to false so that event | ||
59 | + debug msg would not try to access invalid graph->id | ||
60 | + while data object is not matched to graph object | ||
61 | + for ex in case of upcall event data object represents | ||
62 | + gf_upcall object | ||
63 | + */ | ||
64 | + event_graph = _gf_false; | ||
65 | break; | ||
66 | } | ||
67 | |||
68 | + gf_log("fuse", GF_LOG_DEBUG, "got event %d on graph %d", event, | ||
69 | + ((graph && event_graph) ? graph->id : -1)); | ||
70 | + | ||
71 | return ret; | ||
72 | } | ||
73 | |||
74 | -- | ||
75 | 2.35.5 | ||
76 | |||
diff --git a/recipes-extended/glusterfs/glusterfs.inc b/recipes-extended/glusterfs/glusterfs.inc index baa8962..e5bedca 100644 --- a/recipes-extended/glusterfs/glusterfs.inc +++ b/recipes-extended/glusterfs/glusterfs.inc | |||
@@ -20,6 +20,7 @@ SRC_URI += "file://glusterd.init \ | |||
20 | file://glusterd-change-port-range.patch \ | 20 | file://glusterd-change-port-range.patch \ |
21 | file://configure.ac-allow-PYTHON-values-to-be-passed-via-en.patch \ | 21 | file://configure.ac-allow-PYTHON-values-to-be-passed-via-en.patch \ |
22 | file://0001-cli-duplicate-defns-of-cli_default_conn_timeout-and-.patch \ | 22 | file://0001-cli-duplicate-defns-of-cli_default_conn_timeout-and-.patch \ |
23 | file://CVE-2023-26253.patch \ | ||
23 | " | 24 | " |
24 | 25 | ||
25 | LICENSE = "(LGPL-3.0-or-later | GPL-2.0-only) & GPL-3.0-or-later & LGPL-3.0-or-later & GPL-2.0-or-later & LGPL-2.0-or-later & LGPL-2.1-or-later & Apache-2.0" | 26 | LICENSE = "(LGPL-3.0-or-later | GPL-2.0-only) & GPL-3.0-or-later & LGPL-3.0-or-later & GPL-2.0-or-later & LGPL-2.0-or-later & LGPL-2.1-or-later & Apache-2.0" |