diff options
Diffstat (limited to 'meta/recipes-core/systemd/systemd/CVE-2021-3997-2.patch')
-rw-r--r-- | meta/recipes-core/systemd/systemd/CVE-2021-3997-2.patch | 101 |
1 files changed, 101 insertions, 0 deletions
diff --git a/meta/recipes-core/systemd/systemd/CVE-2021-3997-2.patch b/meta/recipes-core/systemd/systemd/CVE-2021-3997-2.patch new file mode 100644 index 0000000000..066e10fbbc --- /dev/null +++ b/meta/recipes-core/systemd/systemd/CVE-2021-3997-2.patch | |||
@@ -0,0 +1,101 @@ | |||
1 | Backport of the following upstream commit: | ||
2 | From bd0127daaaae009ade053718f7d2f297aee4acaf Mon Sep 17 00:00:00 2001 | ||
3 | From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl> | ||
4 | Date: Tue, 23 Nov 2021 16:56:42 +0100 | ||
5 | Subject: [PATCH 2/3] shared/rm_rf: refactor rm_rf() to shorten code a bit | ||
6 | |||
7 | CVE: CVE-2021-3997 | ||
8 | Upstream-Status: Backport [http://archive.ubuntu.com/ubuntu/pool/main/s/systemd/systemd_245.4-4ubuntu3.15.debian.tar.xz] | ||
9 | Signed-off-by: Purushottam Choudhary <Purushottam.Choudhary@kpit.com> | ||
10 | --- | ||
11 | src/basic/rm-rf.c | 53 ++++++++++++++++++++-------------------------- | ||
12 | 1 file changed, 23 insertions(+), 30 deletions(-) | ||
13 | |||
14 | --- a/src/basic/rm-rf.c | ||
15 | +++ b/src/basic/rm-rf.c | ||
16 | @@ -159,7 +159,7 @@ | ||
17 | } | ||
18 | |||
19 | int rm_rf(const char *path, RemoveFlags flags) { | ||
20 | - int fd, r; | ||
21 | + int fd, r, q = 0; | ||
22 | |||
23 | assert(path); | ||
24 | |||
25 | @@ -191,49 +191,47 @@ | ||
26 | } | ||
27 | |||
28 | fd = open(path, O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC|O_NOFOLLOW|O_NOATIME); | ||
29 | - if (fd < 0) { | ||
30 | + if (fd >= 0) { | ||
31 | + /* We have a dir */ | ||
32 | + r = rm_rf_children(fd, flags, NULL); | ||
33 | + | ||
34 | + if (FLAGS_SET(flags, REMOVE_ROOT)) { | ||
35 | + q = rmdir(path); | ||
36 | + if (q < 0) | ||
37 | + q = -errno; | ||
38 | + } | ||
39 | + } else { | ||
40 | if (FLAGS_SET(flags, REMOVE_MISSING_OK) && errno == ENOENT) | ||
41 | return 0; | ||
42 | |||
43 | if (!IN_SET(errno, ENOTDIR, ELOOP)) | ||
44 | return -errno; | ||
45 | |||
46 | - if (FLAGS_SET(flags, REMOVE_ONLY_DIRECTORIES)) | ||
47 | + if (FLAGS_SET(flags, REMOVE_ONLY_DIRECTORIES) || !FLAGS_SET(flags, REMOVE_ROOT)) | ||
48 | return 0; | ||
49 | |||
50 | - if (FLAGS_SET(flags, REMOVE_ROOT)) { | ||
51 | - | ||
52 | - if (!FLAGS_SET(flags, REMOVE_PHYSICAL)) { | ||
53 | - struct statfs s; | ||
54 | - | ||
55 | - if (statfs(path, &s) < 0) | ||
56 | - return -errno; | ||
57 | - if (is_physical_fs(&s)) | ||
58 | - return log_error_errno(SYNTHETIC_ERRNO(EPERM), | ||
59 | - "Attempted to remove files from a disk file system under \"%s\", refusing.", | ||
60 | - path); | ||
61 | - } | ||
62 | - | ||
63 | - if (unlink(path) < 0) { | ||
64 | - if (FLAGS_SET(flags, REMOVE_MISSING_OK) && errno == ENOENT) | ||
65 | - return 0; | ||
66 | + if (!FLAGS_SET(flags, REMOVE_PHYSICAL)) { | ||
67 | + struct statfs s; | ||
68 | |||
69 | + if (statfs(path, &s) < 0) | ||
70 | return -errno; | ||
71 | - } | ||
72 | + if (is_physical_fs(&s)) | ||
73 | + return log_error_errno(SYNTHETIC_ERRNO(EPERM), | ||
74 | + "Attempted to remove files from a disk file system under \"%s\", refusing.", | ||
75 | + path); | ||
76 | } | ||
77 | |||
78 | - return 0; | ||
79 | + r = 0; | ||
80 | + q = unlink(path); | ||
81 | + if (q < 0) | ||
82 | + q = -errno; | ||
83 | } | ||
84 | |||
85 | - r = rm_rf_children(fd, flags, NULL); | ||
86 | - | ||
87 | - if (FLAGS_SET(flags, REMOVE_ROOT) && | ||
88 | - rmdir(path) < 0 && | ||
89 | - r >= 0 && | ||
90 | - (!FLAGS_SET(flags, REMOVE_MISSING_OK) || errno != ENOENT)) | ||
91 | - r = -errno; | ||
92 | - | ||
93 | - return r; | ||
94 | + if (r < 0) | ||
95 | + return r; | ||
96 | + if (q < 0 && (q != -ENOENT || !FLAGS_SET(flags, REMOVE_MISSING_OK))) | ||
97 | + return q; | ||
98 | + return 0; | ||
99 | } | ||
100 | |||
101 | int rm_rf_child(int fd, const char *name, RemoveFlags flags) { | ||