packages/multipath-tools
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

CVE-2022-41974 modify the parameter sequence of mpathpersist

Browse Source 
and multipathd. It may cause command multipathd and mpathpersist
execute error.

Signed-off-by: gqmiao <miaoguanqin@huawei.com>
This commit is contained in:
gqmiao 2022-11-28 03:01:24 +00:00 committed by miaoguanqin
parent a3f331e9a5
commit 1945932368
2 changed files with 86 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

81
0023-multipathd-Fixed-multipathd-parameter-invoking-seque.patch Normal file
View File

@ -0,0 +1,81 @@
From b7eebd396261199cd9722a2cba14698446740f0d Mon Sep 17 00:00:00 2001
From: miaoguanqin <miaoguanqin@huawei.com>
Date: Thu, 17 Nov 2022 21:19:39 +0800
Subject: [PATCH] multipathd: Fixed multipathd parameter invoking sequence
changed problem in CVE-2022-41974.
Users may fail to execute command: multipathd and mpathpersist.
When we execute the command mpathpersist
mpathpersist --out --register --param-sark=123 --prout-type=5 /dev/mapper/mpathb
It return an error : Missing arguement. The preceding command calls the function
cli_setprkey, which is called by checking whether the handle values are consistent
with the command input. CVE-2022-41974 changed the handler value of function and
changed the mode of calculating handle. The handler value is not equal to the
command input, causing multipathd can not execute the true funcion. It could be
an same error for executing multipoathd by the old mode.
multipathd invokes the corresponding function based on the handle value.
CVE-2022-41964 changed the method of calculating handler value. Modify the handle
value so that the corresponding function can be correctly execute.
Signed-off-by: miaoguanqin <miaoguanqin@huawei.com>
Signed-off-by: lixiaokeng <lixiaokeng@huawei.com>
---
multipathd/callbacks.c | 18 +++++++++---------
multipathd/cli.h | 9 ++++++++-
2 files changed, 17 insertions(+), 10 deletions(-)
diff --git a/multipathd/callbacks.c b/multipathd/callbacks.c
index fb87b280..f32666be 100644
--- a/multipathd/callbacks.c
+++ b/multipathd/callbacks.c
@@ -57,16 +57,16 @@ void init_handler_callbacks(void)
set_handler_callback(VRB_RESTOREQ | Q1_MAPS, HANDLER(cli_restore_all_queueing));
set_unlocked_handler_callback(VRB_QUIT, HANDLER(cli_quit));
set_unlocked_handler_callback(VRB_SHUTDOWN, HANDLER(cli_shutdown));
- set_handler_callback(VRB_GETPRSTATUS | Q1_MAP, HANDLER(cli_getprstatus));
- set_handler_callback(VRB_SETPRSTATUS | Q1_MAP, HANDLER(cli_setprstatus));
- set_handler_callback(VRB_UNSETPRSTATUS | Q1_MAP, HANDLER(cli_unsetprstatus));
+ set_handler_callback(KEY_MAP | Q1_GETPRSTATUS, HANDLER(cli_getprstatus));
+ set_handler_callback(KEY_MAP | Q1_SETSTATUS, HANDLER(cli_setprstatus));
+ set_handler_callback(KEY_MAP | Q1_UNSETSTATUS, HANDLER(cli_unsetprstatus));
set_handler_callback(VRB_FORCEQ | Q1_DAEMON, HANDLER(cli_force_no_daemon_q));
set_handler_callback(VRB_RESTOREQ | Q1_DAEMON, HANDLER(cli_restore_no_daemon_q));
- set_handler_callback(VRB_GETPRKEY | Q1_MAP, HANDLER(cli_getprkey));
- set_handler_callback(VRB_SETPRKEY | Q1_MAP | Q2_KEY, HANDLER(cli_setprkey));
- set_handler_callback(VRB_UNSETPRKEY | Q1_MAP, HANDLER(cli_unsetprkey));
- set_handler_callback(VRB_SETMARGINAL | Q1_PATH, HANDLER(cli_set_marginal));
- set_handler_callback(VRB_UNSETMARGINAL | Q1_PATH, HANDLER(cli_unset_marginal));
- set_handler_callback(VRB_UNSETMARGINAL | Q1_MAP,
+ set_handler_callback(KEY_MAP | Q1_GETPRKEY, HANDLER(cli_getprkey));
+ set_handler_callback(KEY_MAP | Q1_SETKEY | Q2_KEY, HANDLER(cli_setprkey));
+ set_handler_callback(KEY_MAP | Q1_UNSETKEY, HANDLER(cli_unsetprkey));
+ set_handler_callback(KEY_PATH | Q1_SETMARGINAL, HANDLER(cli_set_marginal));
+ set_handler_callback(KEY_PATH | Q1_UNSETMARGINAL, HANDLER(cli_unset_marginal));
+ set_handler_callback(KEY_MAP | Q1_UNSETMARGINAL,
HANDLER(cli_unset_all_marginal));
}
diff --git a/multipathd/cli.h b/multipathd/cli.h
index c6b79c9d..08ee5c8d 100644
--- a/multipathd/cli.h
+++ b/multipathd/cli.h
@@ -80,7 +80,14 @@ enum {
Q1_ALL = KEY_ALL << 8,
Q1_DAEMON = KEY_DAEMON << 8,
Q1_STATUS = KEY_STATUS << 8,
-
+ Q1_SETKEY = VRB_SETPRKEY << 8,
+ Q1_UNSETKEY = VRB_UNSETPRKEY << 8,
+ Q1_SETSTATUS = VRB_SETPRSTATUS << 8,
+ Q1_UNSETSTATUS = VRB_UNSETPRSTATUS << 8,
+ Q1_GETPRSTATUS = VRB_GETPRSTATUS << 8,
+ Q1_GETPRKEY = VRB_GETPRKEY << 8,
+ Q1_SETMARGINAL = VRB_SETMARGINAL << 8,
+ Q1_UNSETMARGINAL = VRB_UNSETMARGINAL << 8,
/* byte 2: qualifier 2 */
Q2_FMT = KEY_FMT << 16,
Q2_RAW = KEY_RAW << 16,
--
2.33.0

6
multipath-tools.spec
View File

@ -1,7 +1,7 @@
#needsrootforbuild #needsrootforbuild
Name: multipath-tools Name: multipath-tools
Version: 0.8.7 Version: 0.8.7
Release: 6 Release: 7
Summary: Tools to manage multipath devices with the device-mapper Summary: Tools to manage multipath devices with the device-mapper
License: GPL-2.0-or-later and LGPL-2.0-only License: GPL-2.0-or-later and LGPL-2.0-only
URL: http://christophe.varoqui.free.fr/ URL: http://christophe.varoqui.free.fr/
@ -31,6 +31,7 @@ Patch19: 0019-multipathd-add-and-set-cli_handlers-in-a-single-step.patch
Patch20: 0020-multipathd-make-all-cli_handlers-static.patch Patch20: 0020-multipathd-make-all-cli_handlers-static.patch
Patch21: 0021-multipathd-Fix-command-completion-in-interactive-mod.patch Patch21: 0021-multipathd-Fix-command-completion-in-interactive-mod.patch
Patch22: 0022-multipathd-more-robust-command-parsing.patch Patch22: 0022-multipathd-more-robust-command-parsing.patch
Patch23: 0023-multipathd-Fixed-multipathd-parameter-invoking-seque.patch
BuildRequires: multipath-tools, libcmocka, libcmocka-devel BuildRequires: multipath-tools, libcmocka, libcmocka-devel
BuildRequires: gcc, libaio-devel, userspace-rcu-devel, device-mapper-devel >= 1.02.89 BuildRequires: gcc, libaio-devel, userspace-rcu-devel, device-mapper-devel >= 1.02.89
@ -178,6 +179,9 @@ fi
%changelog %changelog
* Mon Nov 28 2022 miaoguanqin <miaoguanqin@huawei.com> - 0.8.7-7
- CVE-2022-41974 cause mpathpersist and multipathd execute error
* Mon Oct 31 2022 wuguanghao <wuguanghao3@huawei.com> - 0.8.7-6 * Mon Oct 31 2022 wuguanghao <wuguanghao3@huawei.com> - 0.8.7-6
- fix CVE-2022-41974 - fix CVE-2022-41974