diff options
Diffstat (limited to 'recipes-extended/glusterfs/files/0003-server-protocol-don-t-allow-.-path-in-name.patch')
-rw-r--r-- | recipes-extended/glusterfs/files/0003-server-protocol-don-t-allow-.-path-in-name.patch | 73 |
1 files changed, 73 insertions, 0 deletions
diff --git a/recipes-extended/glusterfs/files/0003-server-protocol-don-t-allow-.-path-in-name.patch b/recipes-extended/glusterfs/files/0003-server-protocol-don-t-allow-.-path-in-name.patch new file mode 100644 index 0000000..e6ef9e3 --- /dev/null +++ b/recipes-extended/glusterfs/files/0003-server-protocol-don-t-allow-.-path-in-name.patch | |||
@@ -0,0 +1,73 @@ | |||
1 | From b89658672d137ef56bd0694457b9125bf7d45ba4 Mon Sep 17 00:00:00 2001 | ||
2 | From: Amar Tumballi <amarts@redhat.com> | ||
3 | Date: Thu, 9 Aug 2018 13:00:01 +0530 | ||
4 | Subject: [PATCH 3/7] server-protocol: don't allow '../' path in 'name' | ||
5 | |||
6 | This will prevent any arbitrary file creation through glusterfs | ||
7 | by modifying the client bits. | ||
8 | |||
9 | Also check for the similar flaw inside posix too, so we prevent any | ||
10 | changes in layers in-between. | ||
11 | |||
12 | Fixes: bz#1625095 | ||
13 | |||
14 | Signed-off-by: Amar Tumballi <amarts@redhat.com> | ||
15 | Change-Id: Id9fe0ef6e86459e8ed85ab947d977f058c5ae06e | ||
16 | |||
17 | Upstream-Status: Backport | ||
18 | |||
19 | Fix CVE-2018-10926 | ||
20 | Fix CVE-2018-10927 | ||
21 | Fix CVE-2018-10928 | ||
22 | Fix CVE-2018-10929 | ||
23 | Fix CVE-2018-10930 | ||
24 | |||
25 | Signed-off-by: Chen Qi <Qi.Chen@windriver.com> | ||
26 | --- | ||
27 | xlators/protocol/server/src/server-resolve.c | 12 ++++++++++++ | ||
28 | xlators/storage/posix/src/posix-handle.h | 6 ++++++ | ||
29 | 2 files changed, 18 insertions(+) | ||
30 | |||
31 | diff --git a/xlators/protocol/server/src/server-resolve.c b/xlators/protocol/server/src/server-resolve.c | ||
32 | index d0126aa..aa35685 100644 | ||
33 | --- a/xlators/protocol/server/src/server-resolve.c | ||
34 | +++ b/xlators/protocol/server/src/server-resolve.c | ||
35 | @@ -294,6 +294,18 @@ resolve_entry_simple (call_frame_t *frame) | ||
36 | /* expected @parent was found from the inode cache */ | ||
37 | gf_uuid_copy (state->loc_now->pargfid, resolve->pargfid); | ||
38 | state->loc_now->parent = inode_ref (parent); | ||
39 | + | ||
40 | + if (strstr (resolve->bname, "../")) { | ||
41 | + /* Resolving outside the parent's tree is not allowed */ | ||
42 | + gf_msg (this->name, GF_LOG_ERROR, EPERM, | ||
43 | + PS_MSG_GFID_RESOLVE_FAILED, | ||
44 | + "%s: path sent by client not allowed", | ||
45 | + resolve->bname); | ||
46 | + resolve->op_ret = -1; | ||
47 | + resolve->op_errno = EPERM; | ||
48 | + ret = 1; | ||
49 | + goto out; | ||
50 | + } | ||
51 | state->loc_now->name = resolve->bname; | ||
52 | |||
53 | inode = inode_grep (state->itable, parent, resolve->bname); | ||
54 | diff --git a/xlators/storage/posix/src/posix-handle.h b/xlators/storage/posix/src/posix-handle.h | ||
55 | index 9af6a7a..6e7a8d2 100644 | ||
56 | --- a/xlators/storage/posix/src/posix-handle.h | ||
57 | +++ b/xlators/storage/posix/src/posix-handle.h | ||
58 | @@ -217,6 +217,12 @@ | ||
59 | break; \ | ||
60 | } \ | ||
61 | \ | ||
62 | + if (strstr (loc->name, "../")) { \ | ||
63 | + gf_msg (this->name, GF_LOG_ERROR, 0, P_MSG_ENTRY_HANDLE_CREATE, \ | ||
64 | + "'../' in name not allowed: (%s)", loc->name); \ | ||
65 | + op_ret = -1; \ | ||
66 | + break; \ | ||
67 | + } \ | ||
68 | if (LOC_HAS_ABSPATH (loc)) { \ | ||
69 | MAKE_REAL_PATH (entp, this, loc->path); \ | ||
70 | __parp = strdupa (entp); \ | ||
71 | -- | ||
72 | 2.7.4 | ||
73 | |||