diff options
Diffstat (limited to 'recipes-extended/glusterfs/files/0001-shared-storage-Prevent-mounting-shared-storage-from-.patch')
-rw-r--r-- | recipes-extended/glusterfs/files/0001-shared-storage-Prevent-mounting-shared-storage-from-.patch | 70 |
1 files changed, 0 insertions, 70 deletions
diff --git a/recipes-extended/glusterfs/files/0001-shared-storage-Prevent-mounting-shared-storage-from-.patch b/recipes-extended/glusterfs/files/0001-shared-storage-Prevent-mounting-shared-storage-from-.patch deleted file mode 100644 index 0e24c56..0000000 --- a/recipes-extended/glusterfs/files/0001-shared-storage-Prevent-mounting-shared-storage-from-.patch +++ /dev/null | |||
@@ -1,70 +0,0 @@ | |||
1 | From d1936056d77abcfda14386235a88ed553341a429 Mon Sep 17 00:00:00 2001 | ||
2 | From: Mohammed Rafi KC <rkavunga@redhat.com> | ||
3 | Date: Mon, 26 Mar 2018 20:27:34 +0530 | ||
4 | Subject: [PATCH 1/3] shared storage: Prevent mounting shared storage from | ||
5 | non-trusted client | ||
6 | |||
7 | gluster shared storage is a volume used for internal storage for | ||
8 | various features including ganesha, geo-rep, snapshot. | ||
9 | |||
10 | So this volume should not be exposed to the client, as it is | ||
11 | a special volume for internal use. | ||
12 | |||
13 | This fix wont't generate non trusted volfile for shared storage volume. | ||
14 | |||
15 | Change-Id: I8ffe30ae99ec05196d75466210b84db311611a4c | ||
16 | fixes: bz#1568844 | ||
17 | BUG: 1568844 | ||
18 | Signed-off-by: Mohammed Rafi KC <rkavunga@redhat.com> | ||
19 | |||
20 | Upstream-Status: Backport | ||
21 | Fix CVE-2018-1088 | ||
22 | |||
23 | Signed-off-by: Chen Qi <Qi.Chen@windriver.com> | ||
24 | |||
25 | --- | ||
26 | xlators/mgmt/glusterd/src/glusterd-volgen.c | 21 +++++++++++++++++++++ | ||
27 | 1 file changed, 21 insertions(+) | ||
28 | |||
29 | diff --git a/xlators/mgmt/glusterd/src/glusterd-volgen.c b/xlators/mgmt/glusterd/src/glusterd-volgen.c | ||
30 | index 0a0668e..308c41f 100644 | ||
31 | --- a/xlators/mgmt/glusterd/src/glusterd-volgen.c | ||
32 | +++ b/xlators/mgmt/glusterd/src/glusterd-volgen.c | ||
33 | @@ -5721,6 +5721,7 @@ generate_client_volfiles (glusterd_volinfo_t *volinfo, | ||
34 | int i = 0; | ||
35 | int ret = -1; | ||
36 | char filepath[PATH_MAX] = {0,}; | ||
37 | + char *volname = NULL; | ||
38 | char *types[] = {NULL, NULL, NULL}; | ||
39 | dict_t *dict = NULL; | ||
40 | xlator_t *this = NULL; | ||
41 | @@ -5728,6 +5729,26 @@ generate_client_volfiles (glusterd_volinfo_t *volinfo, | ||
42 | |||
43 | this = THIS; | ||
44 | |||
45 | + volname = volinfo->is_snap_volume ? | ||
46 | + volinfo->parent_volname : volinfo->volname; | ||
47 | + | ||
48 | + | ||
49 | + if (volname && !strcmp (volname, GLUSTER_SHARED_STORAGE) && | ||
50 | + client_type != GF_CLIENT_TRUSTED) { | ||
51 | + /* | ||
52 | + * shared storage volume cannot be mounted from non trusted | ||
53 | + * nodes. So we are not creating volfiles for non-trusted | ||
54 | + * clients for shared volumes as well as snapshot of shared | ||
55 | + * volumes. | ||
56 | + */ | ||
57 | + | ||
58 | + ret = 0; | ||
59 | + gf_msg_debug ("glusterd", 0, "Skipping the non-trusted volfile" | ||
60 | + "creation for shared storage volume. Volume %s", | ||
61 | + volname); | ||
62 | + goto out; | ||
63 | + } | ||
64 | + | ||
65 | enumerate_transport_reqs (volinfo->transport_type, types); | ||
66 | dict = dict_new (); | ||
67 | if (!dict) | ||
68 | -- | ||
69 | 2.7.4 | ||
70 | |||