fix potential memory corruption

2024-06-21 10:01:15 +08:00 · 2024-06-21 10:01:15 +08:00 · 7c0994cc23
commit 7c0994cc23
parent 942522a122
2 changed files with 63 additions and 1 deletions
--- a/fix-potential-memory-corruption.patch
+++ b/fix-potential-memory-corruption.patch
@ -0,0 +1,57 @@
+From 4ff4e8169c5f73e37a17df482916752bc0b17d1f Mon Sep 17 00:00:00 2001
+From: dormando <dormando@rydia.net>
+Date: Thu, 21 Mar 2024 12:41:01 -0700
+Subject: [PATCH] crawler: fix potential memory corruption
+
+if the client closes during the finalization stages of the dump we can
+crash attempting to write a final END/EN to the client buffer.
+
+---
+ crawler.c | 17 +++++++++++------
+ 1 file changed, 11 insertions(+), 6 deletions(-)
+
+diff --git a/crawler.c b/crawler.c
+index e360081..a56538b 100644
+--- a/crawler.c
+++ b/crawler.c
+@@ -291,9 +291,11 @@ static void crawler_metadump_eval(crawler_module_t *cm, item *it, uint32_t hv, i
+ 
+ static void crawler_metadump_finalize(crawler_module_t *cm) {
+     if (cm->c.c != NULL) {
+-        lru_crawler_write(&cm->c); // empty the write buffer
+-        memcpy(cm->c.buf, "END\r\n", 5);
+-        cm->c.bufused += 5;
+        // flush any pending data.
+        if (lru_crawler_write(&cm->c) == 0) {
+            memcpy(cm->c.buf, "END\r\n", 5);
+            cm->c.bufused += 5;
+        }
+     }
+ }
+ 
+@@ -328,9 +330,11 @@ static void crawler_mgdump_eval(crawler_module_t *cm, item *it, uint32_t hv, int
+ 
+ static void crawler_mgdump_finalize(crawler_module_t *cm) {
+     if (cm->c.c != NULL) {
+-        lru_crawler_write(&cm->c); // empty the write buffer
+-        memcpy(cm->c.buf, "EN\r\n", 4);
+-        cm->c.bufused += 4;
+        // flush any pending data.
+        if (lru_crawler_write(&cm->c) == 0) {
+            memcpy(cm->c.buf, "EN\r\n", 4);
+            cm->c.bufused += 4;
+        }
+     }
+ }
+ 
+@@ -350,6 +354,7 @@ static int lru_crawler_write(crawler_client_t *c) {
+ 
+         if (ret < 0) {
+             // fatal.
+            lru_crawler_close_client(c);
+             return -1;
+         }
+ 
+-- 
+2.27.0
+
--- a/memcached.spec
+++ b/memcached.spec
@ -7,7 +7,7 @@

 Name:          memcached
 Version:       1.6.22
-Release:       2
+Release:       3
 Epoch:         0
 Summary:       A high-performance, distributed memory object caching system
 License:       BSD-3-Clause
@ -18,6 +18,7 @@ Source2:       memcached.sysconfig

 Patch0001:     memcached-unit.patch
 Patch0002:     fix-leak-in-config-reload.patch
+Patch0003:     fix-potential-memory-corruption.patch

 BuildRequires: systemd perl-generators perl(Test::More) perl(Test::Harness)
 BuildRequires: selinux-policy-devel libevent-devel make gcc
@ -64,6 +65,7 @@ optimised for use with this version of memcached.
 %setup -q -b 1
 %patch1 -p1 -b .unit
 %patch2 -p1 -b .reload
+%patch3 -p1 -b .corruption

 %build
 %configure \
@ -146,6 +148,9 @@ fi
 %{_mandir}/man1/memcached.1*

 %changelog
+* Fri Jun 21 2024 yanshuai <yanshuai01@kylinos.cn> - 0:1.6.22-3
+- crawler: fix potential memory corruption
+
 * Thu Jun 06 2024 yanshuai <yanshuai01@kylinos.cn> - 0:1.6.22-2
 - proxy: fix leak in config reload