packages/booth
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: packages:7d442638cfd5dedf022659a1cec281610c8c4d51
Branches Tags
packages:main
..
compare: packages:346579e4d2a3ecb30f349f3e023fcf3b88066537
Branches Tags
packages:main

No commits in common. "7d442638cfd5dedf022659a1cec281610c8c4d51" and "346579e4d2a3ecb30f349f3e023fcf3b88066537" have entirely different histories.
7d442638cf ... 346579e4d2

6 changed files with 2 additions and 343 deletions
Show Stats Expand all files Collapse all files

33
Remove-const-warning.patch
View File

@ -1,33 +0,0 @@
From b448d6b97aefdce92d92c574e71a40111d9957aa Mon Sep 17 00:00:00 2001
From: bizhiyuan <bizhiyuan@kylinos.cn>
Date: Tue, 20 Feb 2024 15:52:19 +0800
Subject: [PATCH] Remove const warning
---
src/pacemaker.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/src/pacemaker.c b/src/pacemaker.c
index 4d8f2b5..5c4c1de 100644
--- a/src/pacemaker.c
+++ b/src/pacemaker.c
@@ -434,7 +434,6 @@ static int parse_ticket_state(struct ticket_config *tk, FILE *p)
GString *input = NULL;
char line[CHUNK_SIZE];
xmlDocPtr doc = NULL;
- xmlErrorPtr errptr;
int opts = XML_PARSE_COMPACT | XML_PARSE_NONET;
/* skip first two lines of output */
@@ -459,7 +458,7 @@ static int parse_ticket_state(struct ticket_config *tk, FILE *p)
doc = xmlReadDoc((const xmlChar *) input->str, NULL, NULL, opts);
if (doc == NULL) {
- errptr = xmlGetLastError();
+ const xmlError *errptr = xmlGetLastError();
if (errptr) {
tk_log_error("crm_ticket xml parse failed (domain=%d, level=%d, code=%d): %s",
errptr->domain, errptr->level,
--
2.25.1

80
backport-CVE-2024-3049.patch
View File

@ -1,80 +0,0 @@
From 98b4284d1701f2efec278b51f151314148bfe70e Mon Sep 17 00:00:00 2001
From: Jan Friesse <jfriesse@redhat.com>
Date: Wed, 21 Feb 2024 18:12:28 +0100
Subject: [PATCH] auth: Check result of gcrypt gcry_md_get_algo_dlen
When unknown hash is passed to gcry_md_get_algo_dlen 0 is returned. This
value is then used for memcmp so wrong hmac might be accepted as
correct.
Signed-off-by: Jan Friesse <jfriesse@redhat.com>
---
src/attr.c | 2 +-
src/auth.c | 16 +++++++++++++---
2 files changed, 14 insertions(+), 4 deletions(-)
diff --git a/src/attr.c b/src/attr.c
index 44061e3..bc154f0 100644
--- a/src/attr.c
+++ b/src/attr.c
@@ -142,7 +142,7 @@ static int read_server_reply(
return -2;
}
len = ntohl(header->length);
- rv = tpt->recv(site, msg+len, len-sizeof(*header));
+ rv = tpt->recv(site, msg+sizeof(*header), len-sizeof(*header));
if (rv < 0) {
return -1;
}
diff --git a/src/auth.c b/src/auth.c
index 8f86b9a..a3b3d20 100644
--- a/src/auth.c
+++ b/src/auth.c
@@ -28,6 +28,11 @@ int calc_hmac(const void *data, size_t datalen,
{
static gcry_md_hd_t digest;
gcry_error_t err;
+ int hlen;
+
+ hlen = gcry_md_get_algo_dlen(hid);
+ if (!hlen)
+ return -1;
if (!digest) {
err = gcry_md_open(&digest, hid, GCRY_MD_FLAG_HMAC);
@@ -42,7 +47,7 @@ int calc_hmac(const void *data, size_t datalen,
}
}
gcry_md_write(digest, data, datalen);
- memcpy(result, gcry_md_read(digest, 0), gcry_md_get_algo_dlen(hid));
+ memcpy(result, gcry_md_read(digest, 0), hlen);
gcry_md_reset(digest);
return 0;
}
@@ -54,15 +59,20 @@ int verify_hmac(const void *data, size_t datalen,
{
unsigned char *our_hmac;
int rc;
+ int hlen;
+
+ hlen = gcry_md_get_algo_dlen(hid);
+ if (!hlen)
+ return -1;
- our_hmac = malloc(gcry_md_get_algo_dlen(hid));
+ our_hmac = malloc(hlen);
if (!our_hmac)
return -1;
rc = calc_hmac(data, datalen, hid, our_hmac, key, keylen);
if (rc)
goto out_free;
- rc = memcmp(our_hmac, hmac, gcry_md_get_algo_dlen(hid));
+ rc = memcmp(our_hmac, hmac, hlen);
out_free:
if (our_hmac)
--
2.23.0

28
booth.spec
View File

@ -24,7 +24,7 @@
%bcond_with run_build_tests %bcond_with run_build_tests
%bcond_with include_unit_test %bcond_with include_unit_test
%global release 6 %global release 1
## User and group to use for nonprivileged services (should be in sync with pacemaker) ## User and group to use for nonprivileged services (should be in sync with pacemaker)
%global uname hacluster %global uname hacluster
@ -48,12 +48,6 @@ Summary: Ticket Manager for Multi-site Clusters
License: GPL-2.0-or-later License: GPL-2.0-or-later
Url: https://github.com/%{github_owner}/%{name} Url: https://github.com/%{github_owner}/%{name}
Source0: https://github.com/%{github_owner}/%{name}/releases/download/v%{version}/%{name}-%{version}.tar.gz Source0: https://github.com/%{github_owner}/%{name}/releases/download/v%{version}/%{name}-%{version}.tar.gz
Patch0: Remove-const-warning.patch
Patch1: pacemaker-Don-t-add-explicit-error-prefix-in-log.patch
Patch2: pacemaker-Use-long-format-for-crm_ticket-v.patch
Patch3: pacemaker-Check-snprintf-return-values.patch
Patch3000: backport-CVE-2024-3049.patch
# direct build process dependencies # direct build process dependencies
BuildRequires: autoconf BuildRequires: autoconf
@ -184,7 +178,7 @@ Automated tests for running Booth, ticket manager for multi-site clusters.
# BUILD # # BUILD #
%prep %prep
%autosetup -n %{name}-%{version} -S git_am -p 1 %autosetup -n %{name}-%{version} -S git_am
%build %build
./autogen.sh ./autogen.sh
@ -302,24 +296,6 @@ VERBOSE=1 make check
%{_usr}/lib/ocf/resource.d/booth/sharedrsc %{_usr}/lib/ocf/resource.d/booth/sharedrsc
%changelog %changelog
* Tue Jun 11 2024 xuchenchen <xuchenchen@kylinos.cn> -1.1-6
- Type:CVES
- ID:CVE-2024-3049
- SUG:NA
- DESC:fix CVE-2024-3049
* Sun Apr 28 2024 bizhiyuan <bizhiyuan@kylinos.cn> - 1.1-5
- pacemaker Check snprintf return values
* Thu Feb 29 2024 bizhiyuan <bizhiyuan@kylinos.cn> - 1.1-4
- pacemaker: Use long format for crm_ticket -v
* Thu Feb 29 2024 bizhiyuan <bizhiyuan@kylinos.cn> - 1.1-3
- pacemaker: Don't add explicit error prefix in log
* Tue Feb 20 2024 bizhiyuan <bizhiyuan@kylinos.cn> - 1.1-2
- pacemaker: Remove const warning
* Fri Nov 17 2023 bizhiyuan <bizhiyuan@kylinos.cn> - 1.1-1 * Fri Nov 17 2023 bizhiyuan <bizhiyuan@kylinos.cn> - 1.1-1
- Update to version 1.1 - Update to version 1.1

124
pacemaker-Check-snprintf-return-values.patch
View File

@ -1,124 +0,0 @@
From 7e33a45d6898e06119dbe9dfd487f6c4923b48cb Mon Sep 17 00:00:00 2001
From: Jan Friesse <jfriesse@redhat.com>
Date: Tue, 14 Nov 2023 17:21:49 +0100
Subject: [PATCH 2/7] pacemaker: Check snprintf return values
crm_ticket command string is stored into static buffer and not checked
so it can be truncated without notice.
Solution would be to use dynamic buffer, but for now at least check
snprintf return value and return error when string was truncated.
Signed-off-by: Jan Friesse <jfriesse@redhat.com>
---
src/pacemaker.c | 39 ++++++++++++++++++++++++++++++++++-----
1 file changed, 34 insertions(+), 5 deletions(-)
diff --git a/src/pacemaker.c b/src/pacemaker.c
index 8ad3c69..80aa1a3 100644
--- a/src/pacemaker.c
+++ b/src/pacemaker.c
@@ -128,7 +128,7 @@ static int pcmk_write_ticket_atomic(struct ticket_config *tk, int grant)
/* The long format (--attr-value=) for attribute value is used instead of "-v",
* so that NO_ONE (which is -1) isn't seen as another option. */
- snprintf(cmd, COMMAND_MAX,
+ rv = snprintf(cmd, COMMAND_MAX,
"crm_ticket -t '%s' "
"%s --force "
"-S owner --attr-value=%" PRIi32 " "
@@ -142,6 +142,10 @@ static int pcmk_write_ticket_atomic(struct ticket_config *tk, int grant)
(int64_t)wall_ts(&tk->term_expires),
(int64_t)tk->current_term);
+ if (rv < 0 || rv >= COMMAND_MAX) {
+ log_error("pcmk_write_ticket_atomic: cannot format crm_ticket cmdline (probably too long)");
+ return -1;
+ }
rv = system(cmd);
log_debug("command: '%s' was executed", cmd);
if (rv != 0)
@@ -230,20 +234,34 @@ static int crm_ticket_set_int(const struct ticket_config *tk, const char *attr,
static int pcmk_set_attr(struct ticket_config *tk, const char *attr, const char *val)
{
char cmd[COMMAND_MAX];
+ int rv;
- snprintf(cmd, COMMAND_MAX,
+ rv = snprintf(cmd, COMMAND_MAX,
"crm_ticket -t '%s' -S '%s' --attr-value='%s'",
tk->name, attr, val);
+
+ if (rv < 0 || rv >= COMMAND_MAX) {
+ log_error("pcmk_set_attr: cannot format crm_ticket cmdline (probably too long)");
+ return -1;
+ }
+
return _run_crm_ticket(cmd);
}
static int pcmk_del_attr(struct ticket_config *tk, const char *attr)
{
char cmd[COMMAND_MAX];
+ int rv;
- snprintf(cmd, COMMAND_MAX,
+ rv = snprintf(cmd, COMMAND_MAX,
"crm_ticket -t '%s' -D '%s'",
tk->name, attr);
+
+ if (rv < 0 || rv >= COMMAND_MAX) {
+ log_error("pcmk_del_attr: cannot format crm_ticket cmdline (probably too long)");
+ return -1;
+ }
+
return _run_crm_ticket(cmd);
}
@@ -352,13 +370,18 @@ static int pcmk_get_attr(struct ticket_config *tk, const char *attr, const char
char cmd[COMMAND_MAX];
char line[BOOTH_ATTRVAL_LEN+1];
int rv = 0, pipe_rv;
+ int res;
FILE *p;
*vp = NULL;
- snprintf(cmd, COMMAND_MAX,
+ res = snprintf(cmd, COMMAND_MAX,
"crm_ticket -t '%s' -G '%s' --quiet",
tk->name, attr);
+ if (res < 0 || res >= COMMAND_MAX) {
+ log_error("pcmk_get_attr: cannot format crm_ticket cmdline (probably too long)");
+ return -1;
+ }
p = popen(cmd, "r");
if (p == NULL) {
@@ -483,16 +506,22 @@ static int pcmk_load_ticket(struct ticket_config *tk)
{
char cmd[COMMAND_MAX];
int rv = 0, pipe_rv;
+ int res;
FILE *p;
/* This here gets run during startup; testing that here means that
* normal operation won't be interrupted with that test. */
test_atomicity();
- snprintf(cmd, COMMAND_MAX,
+ res = snprintf(cmd, COMMAND_MAX,
"crm_ticket -t '%s' -q",
tk->name);
+ if (res < 0 || res >= COMMAND_MAX) {
+ log_error("pcmk_load_ticket: cannot format crm_ticket cmdline (probably too long)");
+ return -1;
+ }
+
p = popen(cmd, "r");
if (p == NULL) {
pipe_rv = errno;
--
2.33.0

26
pacemaker-Don-t-add-explicit-error-prefix-in-log.patch
View File

@ -1,26 +0,0 @@
From 26c9509bb96dbabf6bb4155f403944c7c5308cd4 Mon Sep 17 00:00:00 2001
From: Jan Friesse <jfriesse@redhat.com>
Date: Tue, 24 Oct 2023 16:40:54 +0200
Subject: [PATCH 1/4] pacemaker: Don't add explicit error prefix in log
Signed-off-by: Jan Friesse <jfriesse@redhat.com>
---
src/pacemaker.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/pacemaker.c b/src/pacemaker.c
index 5c4c1de..cef8c41 100644
--- a/src/pacemaker.c
+++ b/src/pacemaker.c
@@ -145,7 +145,7 @@ static int pcmk_write_ticket_atomic(struct ticket_config *tk, int grant)
rv = system(cmd);
log_debug("command: '%s' was executed", cmd);
if (rv != 0)
- log_error("error: \"%s\" failed, %s", cmd, interpret_rv(rv));
+ log_error("\"%s\" failed, %s", cmd, interpret_rv(rv));
return rv;
}
--
2.25.1

54
pacemaker-Use-long-format-for-crm_ticket-v.patch
View File

@ -1,54 +0,0 @@
From d649490dfb30e89dd725d200283f0b9848d24f61 Mon Sep 17 00:00:00 2001
From: rpm-build <rpm-build>
Date: Thu, 29 Feb 2024 16:42:28 +0800
Subject: [PATCH] pacemaker: Use long format for crm_ticket -v
---
src/pacemaker.c | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
diff --git a/src/pacemaker.c b/src/pacemaker.c
index cef8c41..8ad3c69 100644
--- a/src/pacemaker.c
+++ b/src/pacemaker.c
@@ -46,7 +46,7 @@ enum atomic_ticket_supported atomicity = UNKNOWN;
-#define COMMAND_MAX 1024
+#define COMMAND_MAX 2048
/** Determines whether the installed crm_ticket can do atomic ticket grants,
@@ -126,14 +126,14 @@ static int pcmk_write_ticket_atomic(struct ticket_config *tk, int grant)
int rv;
- /* The values are appended to "-v", so that NO_ONE
- * (which is -1) isn't seen as another option. */
+ /* The long format (--attr-value=) for attribute value is used instead of "-v",
+ * so that NO_ONE (which is -1) isn't seen as another option. */
snprintf(cmd, COMMAND_MAX,
"crm_ticket -t '%s' "
"%s --force "
- "-S owner -v%" PRIi32 " "
- "-S expires -v%" PRIi64 " "
- "-S term -v%" PRIi64,
+ "-S owner --attr-value=%" PRIi32 " "
+ "-S expires --attr-value=%" PRIi64 " "
+ "-S term --attr-value=%" PRIi64,
tk->name,
(grant > 0 ? "-g" :
grant < 0 ? "-r" :
@@ -232,7 +232,7 @@ static int pcmk_set_attr(struct ticket_config *tk, const char *attr, const char
char cmd[COMMAND_MAX];
snprintf(cmd, COMMAND_MAX,
- "crm_ticket -t '%s' -S '%s' -v '%s'",
+ "crm_ticket -t '%s' -S '%s' --attr-value='%s'",
tk->name, attr, val);
return _run_crm_ticket(cmd);
}
--
2.25.1