glusterfs: fix CVE-2018-10904

Backport patch to fix the following CVE. CVE: CVE-2018-10904 Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
author: Chen Qi <Qi.Chen@windriver.com> 2018-09-26 10:36:28 +0800
committer: Bruce Ashfield <bruce.ashfield@windriver.com> 2018-09-30 21:34:09 -0400
commit: f6d23e4364a729006fd655c758e74f1c7e69cf94 (patch)
tree: db8a60207009623ebc7ef795bc6d0ab9765cb4d1 /recipes-extended/glusterfs
parent: 39e99a2096711591da2ee3379841108173c92d35 (diff)
download: meta-cloud-services-f6d23e4364a729006fd655c758e74f1c7e69cf94.tar.gz
2 files changed, 154 insertions, 0 deletions
diff --git a/recipes-extended/glusterfs/files/0004-io-stats-dump-io-stats-info-in-var-run-gluster.patch b/recipes-extended/glusterfs/files/0004-io-stats-dump-io-stats-info-in-var-run-gluster.patch
new file mode 100644
index 0000000..6fb261d
--- /dev/null
+++ b/recipes-extended/glusterfs/files/0004-io-stats-dump-io-stats-info-in-var-run-gluster.patch
@@ -0,0 +1,153 @@
+From 0f9c26d5e3a0d0480ff31a800ca8f31966da10ff Mon Sep 17 00:00:00 2001
+From: Amar Tumballi <amarts@redhat.com>
+Date: Tue, 24 Jul 2018 15:42:28 +0530
+Subject: [PATCH 4/7] io-stats: dump io-stats info in /var/run/gluster
+It wouldn't make sense to allow iostats file to be written in
+*any* directory. While the formating makes sure we try to append
+io-stats-name for the file, so overwriting existing file is slim,
+but in any case it makes sense to restrict dumping to one directory.
+Below are the sample commands, and files created for the corresponding
+values:
+ $ setfattr -n trusted.io-stats-dump -v file-for-dump $M0
+In this case, the file would be in /var/run/gluster/file-for-dump
+ $ setfattr -n trusted.io-stats-dump -v /dir1/dir2/file-for-dump $M0
+In this case, then the dump file is in /var/run/gluster/dir1-dir2-file-for-dump
+Note that the value passed for this virtual xattr would be treated as a
+file, and even if the value has '/' in it, it would be changed to '-'
+for sanity.
+Fixes: bz#1625106
+Change-Id: Id9ae6a40a190b8937c51662e6e1c2a0f6c86a0e0
+Signed-off-by: Amar Tumballi <amarts@redhat.com>
+Upstream-Status: Backport
+Fix CVE-2018-10904
+Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
+---
+ tests/bugs/core/io-stats-1322825.t    | 12 ++++++------
+ xlators/debug/io-stats/src/io-stats.c | 34 +++++++++++++++++++++++++---------
+ 2 files changed, 31 insertions(+), 15 deletions(-)
+diff --git a/tests/bugs/core/io-stats-1322825.t b/tests/bugs/core/io-stats-1322825.t
+index d232ecb..53f2d04 100755
+--- a/tests/bugs/core/io-stats-1322825.t
+++ b/tests/bugs/core/io-stats-1322825.t
+@@ -23,7 +23,7 @@ TEST $CLI volume profile $V0 start
+ TEST mkdir $M0/dir1
+ 
+ # Generate the stat dump across the io-stat instances
+-TEST setfattr -n trusted.io-stats-dump -v /tmp/io-stats-1322825 $M0
+TEST setfattr -n trusted.io-stats-dump -v io-stats-1322825 $M0
+ 
+ # Check if $M0 is clean w.r.t xattr information
+ # TODO: if there are better ways to check we really get no attr error, please
+@@ -42,12 +42,12 @@ ret=$(echo $?)
+ EXPECT 0 echo $ret
+ 
+ # Check if we have 5 io-stat files in /tmp
+-EXPECT 5 ls -1 /tmp/io-stats-1322825*
+EXPECT 5 ls -1 /var/run/gluster/io-stats-1322825*
+ # Cleanup the 5 generated files
+-rm -f /tmp/io-stats-1322825*
+rm -f /var/run/gluster/io-stats-1322825*
+ 
+ # Rinse and repeat above for a directory
+-TEST setfattr -n trusted.io-stats-dump -v /tmp/io-stats-1322825 $M0/dir1
+TEST setfattr -n trusted.io-stats-dump -v io-stats-1322825 $M0/dir1
+ getfattr -n trusted.io-stats-dump $B0/${V0}1/dir1 2>&1 | grep -qi "no such attribute"
+ ret=$(echo $?)
+ EXPECT 0 echo $ret
+@@ -61,7 +61,7 @@ getfattr -n trusted.io-stats-dump $B0/${V0}4/dir1 2>&1 | grep -qi "no such attri
+ ret=$(echo $?)
+ EXPECT 0 echo $ret
+ 
+-EXPECT 5 ls -1 /tmp/io-stats-1322825*
+-rm -f /tmp/io-stats-1322825*
+EXPECT 5 ls -1 /var/run/gluster/io-stats-1322825*
+rm -f /var/run/gluster/io-stats-1322825*
+ 
+ cleanup;
+diff --git a/xlators/debug/io-stats/src/io-stats.c b/xlators/debug/io-stats/src/io-stats.c
+index d9d1e1d..72fa39c 100644
+--- a/xlators/debug/io-stats/src/io-stats.c
+++ b/xlators/debug/io-stats/src/io-stats.c
+@@ -45,6 +45,8 @@
+ #define DEFAULT_GRP_BUF_SZ 16384
+ #define IOS_BLOCK_COUNT_SIZE 32
+ 
+#define IOS_STATS_DUMP_DIR DEFAULT_VAR_RUN_DIRECTORY
+
+ typedef enum {
+         IOS_STATS_TYPE_NONE,
+         IOS_STATS_TYPE_OPEN,
+@@ -2999,7 +3001,6 @@ io_stats_fsync (call_frame_t *frame, xlator_t *this,
+         return 0;
+ }
+ 
+-
+ int
+ conditional_dump (dict_t *dict, char *key, data_t *value, void *data)
+ {
+@@ -3012,9 +3013,10 @@ conditional_dump (dict_t *dict, char *key, data_t *value, void *data)
+         char                 *filename = NULL;
+         FILE                 *logfp = NULL;
+         struct ios_dump_args args = {0};
+-        int                   pid, namelen;
+        int                   pid, namelen, dirlen;
+         char                  dump_key[100];
+         char                 *slash_ptr = NULL;
+        char                 *path_in_value = NULL;
+ 
+         stub  = data;
+         this  = stub->this;
+@@ -3023,16 +3025,30 @@ conditional_dump (dict_t *dict, char *key, data_t *value, void *data)
+         name as well. This helps when there is more than a single io-stats
+         instance in the graph, or the client and server processes are running
+         on the same node */
+-        /* hmmm... no check for this */
+-        /* name format: <passed in path/filename>.<xlator name slashes to -> */
+-        namelen = value->len + strlen (this->name) + 2; /* '.' and '\0' */
+        /* For the sanity of where the file should be located, we should make
+           sure file is written only inside RUNDIR (ie, /var/run/gluster) */
+        /* TODO: provide an option to dump it to different directory of
+           choice, based on options */
+        /* name format: /var/run/gluster/<passed in path/filename>.<xlator name slashes to -> */
+
+        path_in_value = data_to_str (value);
+
+        if (strstr (path_in_value, "../")) {
+                gf_log (this->name, GF_LOG_ERROR,
+                        "%s: no \"../\" allowed in path", path_in_value);
+                return -1;
+        }
+        dirlen = strlen (IOS_STATS_DUMP_DIR);
+        namelen = (dirlen + value->len + strlen (this->name) + 3);
+        /* +3 for '/', '.' and '\0' added in snprintf below*/
+
+         filename = alloca0 (namelen);
+-        memcpy (filename, data_to_str (value), value->len);
+-        memcpy (filename + value->len, ".", 1);
+-        memcpy (filename + value->len + 1, this->name, strlen(this->name));
+
+        snprintf (filename, namelen, "%s/%s.%s", IOS_STATS_DUMP_DIR,
+                  path_in_value, this->name);
+ 
+         /* convert any slashes to '-' so that fopen works correctly */
+-        slash_ptr = strchr (filename + value->len + 1, '/');
+        slash_ptr = strchr (filename + dirlen + 1, '/');
+         while (slash_ptr) {
+                 *slash_ptr = '-';
+                 slash_ptr = strchr (slash_ptr, '/');
+-- 
+2.7.4
diff --git a/recipes-extended/glusterfs/glusterfs.inc b/recipes-extended/glusterfs/glusterfs.inc
index 9a92c30..ce18fed 100644
--- a/recipes-extended/glusterfs/glusterfs.inc
+++ b/recipes-extended/glusterfs/glusterfs.inc
@@ -26,6 +26,7 @@ SRC_URI += "file://glusterd.init \
            file://0001-dict-handle-negative-key-value-length-while-unserial.patch \
            file://0002-posix-disable-open-read-write-on-special-files.patch \
            file://0003-server-protocol-don-t-allow-.-path-in-name.patch \
+            file://0004-io-stats-dump-io-stats-info-in-var-run-gluster.patch \
           "
 LICENSE = "(LGPLv3+ | GPLv2) & GPLv3+ & LGPLv3+ & GPLv2+ & LGPLv2+ & LGPLv2.1+ & Apache-2.0"
author	Chen Qi <Qi.Chen@windriver.com>	2018-09-26 10:36:28 +0800
committer	Bruce Ashfield <bruce.ashfield@windriver.com>	2018-09-30 21:34:09 -0400
commit	f6d23e4364a729006fd655c758e74f1c7e69cf94 (patch)
tree	db8a60207009623ebc7ef795bc6d0ab9765cb4d1 /recipes-extended/glusterfs
parent	39e99a2096711591da2ee3379841108173c92d35 (diff)
download	meta-cloud-services-f6d23e4364a729006fd655c758e74f1c7e69cf94.tar.gz

diff --git a/recipes-extended/glusterfs/files/0004-io-stats-dump-io-stats-info-in-var-run-gluster.patch b/recipes-extended/glusterfs/files/0004-io-stats-dump-io-stats-info-in-var-run-gluster.patch new file mode 100644 index 0000000..6fb261d --- /dev/null +++ b/recipes-extended/glusterfs/files/0004-io-stats-dump-io-stats-info-in-var-run-gluster.patch
@@ -0,0 +1,153 @@
		1	From 0f9c26d5e3a0d0480ff31a800ca8f31966da10ff Mon Sep 17 00:00:00 2001
		2	From: Amar Tumballi <amarts@redhat.com>
		3	Date: Tue, 24 Jul 2018 15:42:28 +0530
		4	Subject: [PATCH 4/7] io-stats: dump io-stats info in /var/run/gluster
		5
		6	It wouldn't make sense to allow iostats file to be written in
		7	any directory. While the formating makes sure we try to append
		8	io-stats-name for the file, so overwriting existing file is slim,
		9	but in any case it makes sense to restrict dumping to one directory.
		10
		11	Below are the sample commands, and files created for the corresponding
		12	values:
		13
		14	$ setfattr -n trusted.io-stats-dump -v file-for-dump $M0
		15
		16	In this case, the file would be in /var/run/gluster/file-for-dump
		17
		18	$ setfattr -n trusted.io-stats-dump -v /dir1/dir2/file-for-dump $M0
		19
		20	In this case, then the dump file is in /var/run/gluster/dir1-dir2-file-for-dump
		21
		22	Note that the value passed for this virtual xattr would be treated as a
		23	file, and even if the value has '/' in it, it would be changed to '-'
		24	for sanity.
		25
		26	Fixes: bz#1625106
		27
		28	Change-Id: Id9ae6a40a190b8937c51662e6e1c2a0f6c86a0e0
		29	Signed-off-by: Amar Tumballi <amarts@redhat.com>
		30
		31	Upstream-Status: Backport
		32
		33	Fix CVE-2018-10904
		34
		35	Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
		36	---
		37	tests/bugs/core/io-stats-1322825.t \| 12 ++++++------
		38	xlators/debug/io-stats/src/io-stats.c \| 34 +++++++++++++++++++++++++---------
		39	2 files changed, 31 insertions(+), 15 deletions(-)
		40
		41	diff --git a/tests/bugs/core/io-stats-1322825.t b/tests/bugs/core/io-stats-1322825.t
		42	index d232ecb..53f2d04 100755
		43	--- a/tests/bugs/core/io-stats-1322825.t
		44	+++ b/tests/bugs/core/io-stats-1322825.t
		45	@@ -23,7 +23,7 @@ TEST $CLI volume profile $V0 start
		46	TEST mkdir $M0/dir1
		47
		48	# Generate the stat dump across the io-stat instances
		49	-TEST setfattr -n trusted.io-stats-dump -v /tmp/io-stats-1322825 $M0
		50	+TEST setfattr -n trusted.io-stats-dump -v io-stats-1322825 $M0
		51
		52	# Check if $M0 is clean w.r.t xattr information
		53	# TODO: if there are better ways to check we really get no attr error, please
		54	@@ -42,12 +42,12 @@ ret=$(echo $?)
		55	EXPECT 0 echo $ret
		56
		57	# Check if we have 5 io-stat files in /tmp
		58	-EXPECT 5 ls -1 /tmp/io-stats-1322825*
		59	+EXPECT 5 ls -1 /var/run/gluster/io-stats-1322825*
		60	# Cleanup the 5 generated files
		61	-rm -f /tmp/io-stats-1322825*
		62	+rm -f /var/run/gluster/io-stats-1322825*
		63
		64	# Rinse and repeat above for a directory
		65	-TEST setfattr -n trusted.io-stats-dump -v /tmp/io-stats-1322825 $M0/dir1
		66	+TEST setfattr -n trusted.io-stats-dump -v io-stats-1322825 $M0/dir1
		67	getfattr -n trusted.io-stats-dump $B0/${V0}1/dir1 2>&1 \| grep -qi "no such attribute"
		68	ret=$(echo $?)
		69	EXPECT 0 echo $ret
		70	@@ -61,7 +61,7 @@ getfattr -n trusted.io-stats-dump $B0/${V0}4/dir1 2>&1 \| grep -qi "no such attri
		71	ret=$(echo $?)
		72	EXPECT 0 echo $ret
		73
		74	-EXPECT 5 ls -1 /tmp/io-stats-1322825*
		75	-rm -f /tmp/io-stats-1322825*
		76	+EXPECT 5 ls -1 /var/run/gluster/io-stats-1322825*
		77	+rm -f /var/run/gluster/io-stats-1322825*
		78
		79	cleanup;
		80	diff --git a/xlators/debug/io-stats/src/io-stats.c b/xlators/debug/io-stats/src/io-stats.c
		81	index d9d1e1d..72fa39c 100644
		82	--- a/xlators/debug/io-stats/src/io-stats.c
		83	+++ b/xlators/debug/io-stats/src/io-stats.c
		84	@@ -45,6 +45,8 @@
		85	#define DEFAULT_GRP_BUF_SZ 16384
		86	#define IOS_BLOCK_COUNT_SIZE 32
		87
		88	+#define IOS_STATS_DUMP_DIR DEFAULT_VAR_RUN_DIRECTORY
		89	+
		90	typedef enum {
		91	IOS_STATS_TYPE_NONE,
		92	IOS_STATS_TYPE_OPEN,
		93	@@ -2999,7 +3001,6 @@ io_stats_fsync (call_frame_t frame, xlator_t this,
		94	return 0;
		95	}
		96
		97	-
		98	int
		99	conditional_dump (dict_t dict, char key, data_t value, void data)
		100	{
		101	@@ -3012,9 +3013,10 @@ conditional_dump (dict_t dict, char key, data_t value, void data)
		102	char *filename = NULL;
		103	FILE *logfp = NULL;
		104	struct ios_dump_args args = {0};
		105	- int pid, namelen;
		106	+ int pid, namelen, dirlen;
		107	char dump_key[100];
		108	char *slash_ptr = NULL;
		109	+ char *path_in_value = NULL;
		110
		111	stub = data;
		112	this = stub->this;
		113	@@ -3023,16 +3025,30 @@ conditional_dump (dict_t dict, char key, data_t value, void data)
		114	name as well. This helps when there is more than a single io-stats
		115	instance in the graph, or the client and server processes are running
		116	on the same node */
		117	- /* hmmm... no check for this */
		118	- /* name format: <passed in path/filename>.<xlator name slashes to -> */
		119	- namelen = value->len + strlen (this->name) + 2; /* '.' and '\0' */
		120	+ /* For the sanity of where the file should be located, we should make
		121	+ sure file is written only inside RUNDIR (ie, /var/run/gluster) */
		122	+ /* TODO: provide an option to dump it to different directory of
		123	+ choice, based on options */
		124	+ /* name format: /var/run/gluster/<passed in path/filename>.<xlator name slashes to -> */
		125	+
		126	+ path_in_value = data_to_str (value);
		127	+
		128	+ if (strstr (path_in_value, "../")) {
		129	+ gf_log (this->name, GF_LOG_ERROR,
		130	+ "%s: no \"../\" allowed in path", path_in_value);
		131	+ return -1;
		132	+ }
		133	+ dirlen = strlen (IOS_STATS_DUMP_DIR);
		134	+ namelen = (dirlen + value->len + strlen (this->name) + 3);
		135	+ /* +3 for '/', '.' and '\0' added in snprintf below*/
		136	+
		137	filename = alloca0 (namelen);
		138	- memcpy (filename, data_to_str (value), value->len);
		139	- memcpy (filename + value->len, ".", 1);
		140	- memcpy (filename + value->len + 1, this->name, strlen(this->name));
		141	+
		142	+ snprintf (filename, namelen, "%s/%s.%s", IOS_STATS_DUMP_DIR,
		143	+ path_in_value, this->name);
		144
		145	/* convert any slashes to '-' so that fopen works correctly */
		146	- slash_ptr = strchr (filename + value->len + 1, '/');
		147	+ slash_ptr = strchr (filename + dirlen + 1, '/');
		148	while (slash_ptr) {
		149	*slash_ptr = '-';
		150	slash_ptr = strchr (slash_ptr, '/');
		151	--
		152	2.7.4
		153


diff --git a/recipes-extended/glusterfs/glusterfs.inc b/recipes-extended/glusterfs/glusterfs.inc index 9a92c30..ce18fed 100644 --- a/recipes-extended/glusterfs/glusterfs.inc +++ b/recipes-extended/glusterfs/glusterfs.inc
@@ -26,6 +26,7 @@ SRC_URI += "file://glusterd.init \
26	file://0001-dict-handle-negative-key-value-length-while-unserial.patch \	26	file://0001-dict-handle-negative-key-value-length-while-unserial.patch \
27	file://0002-posix-disable-open-read-write-on-special-files.patch \	27	file://0002-posix-disable-open-read-write-on-special-files.patch \
28	file://0003-server-protocol-don-t-allow-.-path-in-name.patch \	28	file://0003-server-protocol-don-t-allow-.-path-in-name.patch \
		29	file://0004-io-stats-dump-io-stats-info-in-var-run-gluster.patch \
29	"	30	"
30		31
31	LICENSE = "(LGPLv3+ \| GPLv2) & GPLv3+ & LGPLv3+ & GPLv2+ & LGPLv2+ & LGPLv2.1+ & Apache-2.0"	32	LICENSE = "(LGPLv3+ \| GPLv2) & GPLv3+ & LGPLv3+ & GPLv2+ & LGPLv2+ & LGPLv2.1+ & Apache-2.0"