packages/glusterfs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix CVE-2023-26253

Browse Source
This commit is contained in:
wguanghao 2023-03-09 09:41:14 +08:00
parent bf3235aa11
commit 451c6d4b33
2 changed files with 70 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

65
0002-fuse-Resolve-asan-bug-in-during-receive-event-notifi.patch Normal file
View File

@ -0,0 +1,65 @@
From 5f26bfb979af9051e07f35a01d749ba4977f4b1e Mon Sep 17 00:00:00 2001
From: mohit84 <moagrawa@redhat.com>
Date: Thu, 2 Mar 2023 02:58:57 +0530
Subject: [PATCH] fuse: Resolve asan bug in during receive event notification
(#4019)
The fuse xlator notify function tries to assign data object
to graph object without checking an event. In case of upcall
event data object represents upcall object so during access
of graph object the process is crashed for asan build.
Solution: Access the graph->id only while event is associated
specific to fuse xlator
Fixes: #3954
Change-Id: I6b2869256b26d22163879737dcf163510d1cd8bf
Signed-off-by: Mohit Agrawal <moagrawa@redhat.com>
---
xlators/mount/fuse/src/fuse-bridge.c | 13 ++++++++++---
1 file changed, 10 insertions(+), 3 deletions(-)
diff --git a/xlators/mount/fuse/src/fuse-bridge.c b/xlators/mount/fuse/src/fuse-bridge.c
index bd61421263..2dc9b4f429 100644
--- a/xlators/mount/fuse/src/fuse-bridge.c
+++ b/xlators/mount/fuse/src/fuse-bridge.c
@@ -6502,6 +6502,7 @@ notify(xlator_t *this, int32_t event, void *data, ...)
int32_t ret = 0;
fuse_private_t *private = NULL;
gf_boolean_t start_thread = _gf_false;
+ gf_boolean_t event_graph = _gf_true;
glusterfs_graph_t *graph = NULL;
struct pollfd pfd = {0};
@@ -6509,9 +6510,6 @@ notify(xlator_t *this, int32_t event, void *data, ...)
graph = data;
- gf_log("fuse", GF_LOG_DEBUG, "got event %d on graph %d", event,
- ((graph) ? graph->id : 0));
-
switch (event) {
case GF_EVENT_GRAPH_NEW:
break;
@@ -6597,9 +6595,18 @@ notify(xlator_t *this, int32_t event, void *data, ...)
}
default:
+ /* Set the event_graph to false so that event
+ debug msg would not try to access invalid graph->id
+ while data object is not matched to graph object
+ for ex in case of upcall event data object represents
+ gf_upcall object
+ */
+ event_graph = _gf_false;
break;
}
+ gf_log("fuse", GF_LOG_DEBUG, "got event %d on graph %d", event,
+ ((graph && event_graph) ? graph->id : -1));
return ret;
}
--
2.33.0

6
glusterfs.spec
View File

@ -224,7 +224,7 @@
Summary: Distributed File System Summary: Distributed File System
Name: glusterfs Name: glusterfs
Version: 10.3 Version: 10.3
Release: 1 Release: 2
License: GPLv3 or GPLv2+ or LGPLv3+ License: GPLv3 or GPLv2+ or LGPLv3+
URL: http://docs.gluster.org/ URL: http://docs.gluster.org/
%if ( 0%{_for_fedora_koji_builds} ) %if ( 0%{_for_fedora_koji_builds} )
@ -238,6 +238,7 @@ Source0: https://download.gluster.org/pub/gluster/glusterfs/10/%{versio
%endif %endif
Patch1: 0001-SC2081-can-t-match-globs-Use-or-grep.patch Patch1: 0001-SC2081-can-t-match-globs-Use-or-grep.patch
Patch2: 0002-fuse-Resolve-asan-bug-in-during-receive-event-notifi.patch
BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX) BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
BuildRequires: rpcgen gperftools-devel libunwind-devel BuildRequires: rpcgen gperftools-devel libunwind-devel
@ -1518,6 +1519,9 @@ exit 0
%endif %endif
%changelog %changelog
* Thu Mar 9 2023 wuguanghao <wuguanghao3@huawei.com> - 10.3-2
- fix CVE-2023-26253
* Mon Dec 5 2022 lihaoxiang <lihaoxiang9@huawei.com> - 10.3-1 * Mon Dec 5 2022 lihaoxiang <lihaoxiang9@huawei.com> - 10.3-1
- Update to glusterfs-10.3-1 - Update to glusterfs-10.3-1