backport patches from epoch2

Signed-off-by: Wenchao Hao <haowenchao@huawei.com>
2020-11-12 17:28:13 +08:00 · 2020-11-12 17:28:13 +08:00 · e04742a163
commit e04742a163
parent 275d7b2a47
6 changed files with 332 additions and 1 deletions
--- a/0027-use-openssl-for-random-data-generation.patch
+++ b/0027-use-openssl-for-random-data-generation.patch
@ -0,0 +1,68 @@
 From 9457552a6543fe739a1f090bb657e634a70ffafe Mon Sep 17 00:00:00 2001
 From: David Disseldorp <ddiss@suse.de>
 Date: Wed, 22 Jul 2020 15:45:47 +0200
 Subject: [PATCH 1/8] use openssl for random data generation
 48a4e5b475836bcb952fb53a8bde45bdf68fe38f added an openssl dependency, so
 use it for obtaining random buffers via RAND_bytes().
 Suggested-by: Marcus Meissner <meissner@suse.de>
 Signed-off-by: David Disseldorp <ddiss@suse.de>
 ---
 usr/auth.c | 19 ++++++++++++++++---
 1 file changed, 16 insertions(+), 3 deletions(-)
 diff --git a/usr/auth.c b/usr/auth.c
 index a222c53..a1d99e9 100644
 --- a/usr/auth.c
 +++ b/usr/auth.c
@@ -43,6 +43,7 @@ static const char acl_authmethod_set_chap_alg_list[] = "CHAP";
 static const char acl_reject_option_name[] = "Reject";
 #include <openssl/evp.h>
 +#include <openssl/rand.h>
 static int auth_hash_init(EVP_MD_CTX **context, int chap_alg);
 static void auth_hash_update(EVP_MD_CTX *context, unsigned char *md, unsigned int);
 static unsigned int auth_hash_final(unsigned char *, EVP_MD_CTX *context);
@@ -1008,6 +1009,7 @@ acl_rmt_auth(struct iscsi_acl *client)
 	enum auth_dbg_status dbg_status;
 	const char *chap_rsp_key_val;
 	const char *chap_username_key_val;
 +	int ssl_ret = 0;
 	switch (client->rmt_state) {
 	case AUTH_RMT_STATE_SEND_ALG:
@@ -1023,7 +1025,13 @@ acl_rmt_auth(struct iscsi_acl *client)
 			client->rmt_state = AUTH_RMT_STATE_DONE;
 			break;
 		}
 -		get_random_bytes(id_data, 1);
 +
 +		ssl_ret = RAND_bytes(id_data, sizeof(id_data));
 +		if (ssl_ret != 1) {
 +			client->rmt_state = AUTH_RMT_STATE_ERROR;
 +			client->dbg_status = AUTH_DBG_STATUS_AUTH_FAIL;
 +			break;
 +		}
 		client->send_chap_identifier = id_data[0];
 		snprintf(client->scratch_key_value, AUTH_STR_MAX_LEN, "%lu",
 			 (unsigned long)client->send_chap_identifier);
@@ -1032,8 +1040,13 @@ acl_rmt_auth(struct iscsi_acl *client)
 				  client->scratch_key_value);
 		client->send_chap_challenge.length = client->chap_challenge_len;
 -		get_random_bytes(client->send_chap_challenge.large_binary,
 -				 client->send_chap_challenge.length);
 +		ssl_ret = RAND_bytes(client->send_chap_challenge.large_binary,
 +				     client->send_chap_challenge.length);
 +		if (ssl_ret != 1) {
 +			client->rmt_state = AUTH_RMT_STATE_ERROR;
 +			client->dbg_status = AUTH_DBG_STATUS_AUTH_FAIL;
 +			break;
 +		}
 		acl_set_key_value(&client->send_key_block,
 				  AUTH_KEY_TYPE_CHAP_CHALLENGE, "");
 -- 
 1.8.3.1
--- a/0028-drop-unused-get_random_bytes.patch
+++ b/0028-drop-unused-get_random_bytes.patch
@ -0,0 +1,71 @@
 From cc51cace064c4a3c459f3c9085006dfb62747525 Mon Sep 17 00:00:00 2001
 From: David Disseldorp <ddiss@suse.de>
 Date: Wed, 22 Jul 2020 15:58:19 +0200
 Subject: [PATCH 2/8] drop unused get_random_bytes()
 openssl's RAND_bytes() is now used instead, so this can be dropped.
 Suggested-by: Marcus Meissner <meissner@suse.de>
 Signed-off-by: David Disseldorp <ddiss@suse.de>
 ---
 usr/auth.c | 37 -------------------------------------
 1 file changed, 37 deletions(-)
 diff --git a/usr/auth.c b/usr/auth.c
 index a1d99e9..2f7506f 100644
 --- a/usr/auth.c
 +++ b/usr/auth.c
@@ -48,7 +48,6 @@ static int auth_hash_init(EVP_MD_CTX **context, int chap_alg);
 static void auth_hash_update(EVP_MD_CTX *context, unsigned char *md, unsigned int);
 static unsigned int auth_hash_final(unsigned char *, EVP_MD_CTX *context);
 -void get_random_bytes(unsigned char *data, unsigned int length);
 size_t strlcpy(char *, const char *, size_t);
 size_t strlcat(char *, const char *, size_t);
@@ -218,42 +217,6 @@ static unsigned int auth_hash_final(unsigned char *hash, EVP_MD_CTX *context) {
 	return md_len;
 }
 -void
 -get_random_bytes(unsigned char *data, unsigned int length)
 -{
 -
 -	long r;
 -        unsigned n;
 -	int fd, r_size = sizeof(r);
 -
 -	fd = open("/dev/urandom", O_RDONLY);
 -        while (length > 0) {
 -
 -		if (fd == -1 || read(fd, &r, r_size) != r_size)
 -			r = rand();
 -                r = r ^ (r >> 8);
 -                r = r ^ (r >> 4);
 -                n = r & 0x7;
 -
 -		if (fd == -1 || read(fd, &r, r_size) != r_size)
 -			r = rand();
 -                r = r ^ (r >> 8);
 -                r = r ^ (r >> 5);
 -                n = (n << 3) | (r & 0x7);
 -
 -		if (fd == -1 || read(fd, &r, r_size) != r_size)
 -			r = rand();
 -                r = r ^ (r >> 8);
 -                r = r ^ (r >> 5);
 -                n = (n << 2) | (r & 0x3);
 -
 -                *data++ = n;
 -                length--;
 -        }
 -	if (fd)
 -		close(fd);
 -}
 -
 static const char acl_none_option_name[] = "None";
 static int
 -- 
 1.8.3.1
--- a/0029-Preparing-for-version-2.1.2.patch
+++ b/0029-Preparing-for-version-2.1.2.patch
@ -0,0 +1,90 @@
 From 802688debcd88c48edabe86deb7e7ed47ebadc26 Mon Sep 17 00:00:00 2001
 From: Lee Duncan <lduncan@suse.com>
 Date: Fri, 24 Jul 2020 17:39:50 -0700
 Subject: [PATCH 3/8] Preparing for version 2.1.2
 ---
 Changelog                 | 43 +++++++++++++++++++++++++++++++++++++++++++
 libopeniscsiusr/version.h |  2 +-
 usr/version.h             |  2 +-
 3 files changed, 45 insertions(+), 2 deletions(-)
 diff --git a/Changelog b/Changelog
 index 9af7bf1..29133ee 100644
 --- a/Changelog
 +++ b/Changelog
@@ -1,3 +1,46 @@
 +open-iscsi-2.1.0 - open-iscsi-2.1.2
 +
 +Christian Glombek (1):
 +      Add iscsi-init.service
 +
 +David Disseldorp (2):
 +      use openssl for random data generation
 +      drop unused get_random_bytes()
 +
 +Lee Duncan (10):
 +      Fix iscsi.service so it handles restarts better
 +      Fix issue where "iscsi-iname -p" core dumps.
 +      Add Wants=remote-fs-pre.target for sequencing.
 +      Change include of <sys/poll.h> to <poll.h>
 +      Fix type mismatch under musl.
 +      More changes for musl.
 +      Ignore iface.example in iface match checks
 +      Fix issue with zero-length arrays at end of struct
 +      Fix a compiler complaint about writing one byte
 +      Fix compiler complaint about string copy in iscsiuio
 +
 +Luis.wu (1):
 +      Update iscsi-iname.c
 +
 +Rafael David Tinoco (1):
 +      Misspelled socket name might cause confusion to inexperienced user.
 +
 +Wu Bo (2):
 +      iscsi-iname: fix iscsi-iname -p access NULL pointer without given IQN prefix
 +      log:modify iSCSI shared memory permissions for logs
 +
 +fredvx (1):
 +      Fix SIGPIPE loop in signal handler
 +
 +gulams (1):
 +      Proper disconnect of TCP connection
 +
 +wubo009 (3):
 +      iscsi: Add break to while loop
 +      iscsi: fix fd leak
 +      iscsi/libopeniscsiusr:add libopeniscsiuser_node.h to HEADERS
 +
 +
 open-iscsi-2.1.0 - open-iscsi-2.1.1
 # output from "git shortlog --no-merges 2.1.0..HEAD"
 diff --git a/libopeniscsiusr/version.h b/libopeniscsiusr/version.h
 index 9be3905..97031b0 100644
 --- a/libopeniscsiusr/version.h
 +++ b/libopeniscsiusr/version.h
@@ -25,6 +25,6 @@
  * This may not be the same value as the kernel versions because
  * some other maintainer could merge a patch without going through us
  */
 -#define ISCSI_VERSION_STR	"2.1.1"
 +#define ISCSI_VERSION_STR	"2.1.2"
 #endif  /* End of __ISCSI_OPEN_USR_VERSION_H__ */
 diff --git a/usr/version.h b/usr/version.h
 index 4fa9179..115a11c 100644
 --- a/usr/version.h
 +++ b/usr/version.h
@@ -6,7 +6,7 @@
  * This may not be the same value as the kernel versions because
  * some other maintainer could merge a patch without going through us
  */
 -#define ISCSI_VERSION_STR	"2.1.1"
 +#define ISCSI_VERSION_STR	"2.1.2"
 #define ISCSI_VERSION_FILE	"/sys/module/scsi_transport_iscsi/version"
 #endif
 -- 
 1.8.3.1
--- a/0030-iscsid-Check-Invalid-Session-id-for-stop-connection.patch
+++ b/0030-iscsid-Check-Invalid-Session-id-for-stop-connection.patch
@ -0,0 +1,64 @@
 From 9ac758cc472d991d7eaa9a1da17279cbbdbc7ebf Mon Sep 17 00:00:00 2001
 From: gulams <64251312+gulams@users.noreply.github.com>
 Date: Thu, 3 Sep 2020 21:28:52 +0530
 Subject: [PATCH 5/8] iscsid: Check Invalid Session id for stop connection
 Description:
 If the initiator is rebooting then after the reboot, it will try to
 resync (recreate) the existing the connections by reading the sysfs.
 While initiator is doing this, i.e when the initiator tries to connect
 to the target but if the target service is not yet started, then the
 initiator connection will fail. The session id is also not yet assigned
 and it will be at its initial value 0xFFFFFFFF which is invalid. The
 session id is assigned a valid value only after a successful connection.
 Since the connection is failed, the initiator code will queue the
 connection for re-open. The connection state is still at
 ISCSI_CONN_STATE_XPT_WAIT as its very first login attemp after the
 reboot.
 Due to my Pull #206 request the code will invoke the stop connection to
 decrement the socket_fd reference count to properly close the connecion
 (details are in pull request #206). But since the session id is not
 valid, the stop connection will fail and the code will go ahead and
 queue the re-open without attempting the connect again. This is repeated
 till 120 seconds (stop connection failing and requeuing the reopen
 without invoking connect) and the connection will be shutdown resulting
 the storage unavailable.
 Fix:
 We need to check the validity of the session id before calling the stop
 connection. If the session id is valid then only invoke the stop
 connection. Due to this, the code will go ahead and attempt the connet
 call. If the target service comes up anytime in 120 seconds, then the
 connect will be successful and we will get connected to the target.
 ---
 usr/initiator.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)
 diff --git a/usr/initiator.c b/usr/initiator.c
 index 5f4bdca..684647c 100644
 --- a/usr/initiator.c
 +++ b/usr/initiator.c
@@ -692,6 +692,7 @@ static void iscsi_login_eh(struct iscsi_conn *conn, struct queue_task *qtask,
 			   int err)
 {
 	struct iscsi_session *session = conn->session;
 +	int stop_flag = 0;
 	log_debug(3, "iscsi_login_eh");
 	/*
@@ -711,7 +712,11 @@ static void iscsi_login_eh(struct iscsi_conn *conn, struct queue_task *qtask,
 			    !iscsi_retry_initial_login(conn))
 				session_conn_shutdown(conn, qtask, err);
 			else {
 -				session_conn_reopen(conn, qtask, STOP_CONN_TERM);
 +				stop_flag = (session->id < INVALID_SESSION_ID) ? STOP_CONN_TERM : 0;
 +				log_debug(6, "connection %p socket_fd: %d, "
 +					  "session id: %d stop_flag: %d\n",
 +					  conn, conn->socket_fd, session->id, stop_flag);
 +				session_conn_reopen(conn, qtask, stop_flag);
 			}
 			break;
 		case R_STAGE_SESSION_REDIRECT:
 -- 
 1.8.3.1
--- a/0031-iscsiadm-buffer-overflow-regression-when-discovering.patch
+++ b/0031-iscsiadm-buffer-overflow-regression-when-discovering.patch
@ -0,0 +1,28 @@
 From 0c032f5f4f826199868099f0af10c4a913209573 Mon Sep 17 00:00:00 2001
 From: Chris Leech <cleech@redhat.com>
 Date: Mon, 14 Sep 2020 14:09:56 -0700
 Subject: [PATCH 6/8] iscsiadm buffer overflow regression when discovering many
 targets at once
 int_list type didn't zero the output string, so as the rec struct was reused
 repeatedly during discovery it would keep growing with repeated values
 triggering a strcat buffer overflow
 ---
 usr/idbm.c | 1 +
 1 file changed, 1 insertion(+)
 diff --git a/usr/idbm.c b/usr/idbm.c
 index 6309be0..42c2699 100644
 --- a/usr/idbm.c
 +++ b/usr/idbm.c
@@ -169,6 +169,7 @@ static struct idbm *db;
 #define __recinfo_int_list(_key,_info,_rec,_name,_show,_tbl,_n,_mod) do { \
 	_info[_n].type = TYPE_INT_LIST; \
 	strlcpy(_info[_n].name, _key, NAME_MAXVAL); \
 +	_info[_n].value[0] = '\0'; \
 	for (unsigned long _i = 0; _i < ARRAY_LEN(_rec->_name); _i++) {	\
 		if (_rec->_name[_i] != (unsigned)~0) {			\
 			for (unsigned long _j = 0; _j < ARRAY_LEN(_tbl); _j++) {	\
 -- 
 1.8.3.1
--- a/open-iscsi.spec
+++ b/open-iscsi.spec
@ -4,7 +4,7 @@
 Name:    open-iscsi
 Version: 2.1.1
-Release: 3
+Release: 4
 Summary: ISCSI software initiator daemon and utility programs
 License: GPLv2+ and BSD
 URL:     http://www.open-iscsi.org
@ -35,6 +35,11 @@ Patch23: 0023-Proper-disconnect-of-TCP-connection.patch
 Patch24: 0024-Add-iscsi-init.service.patch
 Patch25: 0025-Fix-issue-with-zero-length-arrays-at-end-of-struct.patch
 Patch26: 0026-Fix-a-compiler-complaint-about-writing-one-byte.patch
 Patch27: 0027-use-openssl-for-random-data-generation.patch
 Patch28: 0028-drop-unused-get_random_bytes.patch
 Patch29: 0029-Preparing-for-version-2.1.2.patch
 Patch30: 0030-iscsid-Check-Invalid-Session-id-for-stop-connection.patch
 Patch31: 0031-iscsiadm-buffer-overflow-regression-when-discovering.patch
 BuildRequires: flex bison doxygen kmod-devel systemd-units gcc git isns-utils-devel systemd-devel
 BuildRequires: autoconf automake libtool libmount-devel openssl-devel pkg-config gdb
@ -167,6 +172,11 @@ fi
 %{_mandir}/man8/*
 %changelog
 * Thu Nov 12 2020 haowenchao <haowenchao@huawei.com> - 2.1.1-4
 - backport patches from epoch2 including following changes:
  get_random_bytes is replaced by RAND_bytes so it is removed
  fix buffer overflow when discovering
 * Sat Oct 31 2020 haowenchao <haowenchao@huawei.com> - 2.1.1-3
 - backport patches from epoch1