!146 [sync] PR-140: backport upstream patches

From: @openeuler-sync-bot Reviewed-by: @dillon_chen Signed-off-by: @dillon_chen
2024-06-20 03:52:50 +00:00 · 2024-06-20 03:52:50 +00:00 · 68444ad60c
commit 68444ad60c
parent 1829d8981c f639c27acd
4 changed files with 203 additions and 1 deletions
--- a/backport-RESPONDER-use-proper-context-for-getDomains.patch
+++ b/backport-RESPONDER-use-proper-context-for-getDomains.patch
@ -0,0 +1,55 @@
+From 18f378921ed95dfd6a5e373c87712f7935247d71 Mon Sep 17 00:00:00 2001
+From: Alexey Tikhonov <atikhono@redhat.com>
+Date: Fri, 26 Apr 2024 14:04:50 +0200
+Subject: [PATCH] RESPONDER: use proper context for getDomains()
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+ 
+Request was created on a long term responder context, but a callback
+for this request tries to access memory that is allocated on a short
+term client context. So if client disconnects before request is
+completed, then callback dereferences already freed memory.
+ 
+Resolves: https://github.com/SSSD/sssd/issues/7319
+ 
+Reviewed-by: Alejandro López <allopez@redhat.com>
+Reviewed-by: Pavel Březina <pbrezina@redhat.com>
+ 
+Reference:https://github.com/SSSD/sssd/commit/dc637c9730d0ba04a0d8aa2645ee537224cd4b19
+Conflict:NA
+ 
+---
+ src/responder/pac/pacsrv_cmd.c | 2 +-
+ src/responder/pam/pamsrv_cmd.c | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+ 
+diff --git a/src/responder/pac/pacsrv_cmd.c b/src/responder/pac/pacsrv_cmd.c
+index e3aab88..29d5574 100644
+--- a/src/responder/pac/pacsrv_cmd.c
+++ b/src/responder/pac/pacsrv_cmd.c
+@@ -146,7 +146,7 @@ static errno_t pac_add_pac_user(struct cli_ctx *cctx)
+     ret = responder_get_domain_by_id(cctx->rctx, pr_ctx->user_dom_sid_str,
+                                      &pr_ctx->dom);
+     if (ret == EAGAIN || ret == ENOENT) {
+-        req = sss_dp_get_domains_send(cctx->rctx, cctx->rctx, true,
+        req = sss_dp_get_domains_send(cctx, cctx->rctx, true,
+                                       pr_ctx->domain_name);
+         if (req == NULL) {
+             ret = ENOMEM;
+diff --git a/src/responder/pam/pamsrv_cmd.c b/src/responder/pam/pamsrv_cmd.c
+index 20c332b..1570304 100644
+--- a/src/responder/pam/pamsrv_cmd.c
+++ b/src/responder/pam/pamsrv_cmd.c
+@@ -1918,7 +1918,7 @@ static int pam_forwarder(struct cli_ctx *cctx, int pam_cmd)
+ 
+     ret = pam_forwarder_parse_data(cctx, pd);
+     if (ret == EAGAIN) {
+-        req = sss_dp_get_domains_send(cctx->rctx, cctx->rctx, true, pd->domain);
+        req = sss_dp_get_domains_send(cctx, cctx->rctx, true, pd->domain);
+         if (req == NULL) {
+             ret = ENOMEM;
+         } else {
+-- 
+2.33.0
+
--- a/backport-UTILS-inotify-avoid-potential-NULL-deref.patch
+++ b/backport-UTILS-inotify-avoid-potential-NULL-deref.patch
@ -0,0 +1,57 @@
+From d24073823fa7d82726f631628923e9a5378d529d Mon Sep 17 00:00:00 2001
+From: Alexey Tikhonov <atikhono@redhat.com>
+Date: Mon, 18 Mar 2024 12:15:21 +0100
+Subject: [PATCH] UTILS: inotify: avoid potential NULL deref
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+ 
+Fixes following error:
+```
+Error: STRING_NULL (CWE-170):
+sssd-2.9.1/src/util/inotify.c:298: string_null_source: Function ""read"" does not terminate string ""ev_buf"". [Note: The source code implementation of the function has been overridden by a builtin model.]
+sssd-2.9.1/src/util/inotify.c:316: var_assign_var: Assigning: ""ptr"" = ""ev_buf"". Both now point to the same unterminated string.
+sssd-2.9.1/src/util/inotify.c:320: var_assign_var: Assigning: ""in_event"" = ""ptr"". Both now point to the same unterminated string.
+sssd-2.9.1/src/util/inotify.c:327: string_null: Passing unterminated string ""in_event->name"" to ""process_dir_event"", which expects a null-terminated string.
+ #  325|
+ #  326|               if (snctx->wctx->dir_wd == in_event->wd) {
+ #  327|->                 ret = process_dir_event(snctx, in_event);
+ #  328|               } else if (snctx->wctx->file_wd == in_event->wd) {
+ #  329|                   ret = process_file_event(snctx, in_event);
+```
+  --  it might be unsafe to dereference `in_event->name`
+if `in_event->len == 0`
+ 
+Reviewed-by: Alejandro López <allopez@redhat.com>
+Reviewed-by: Sumit Bose <sbose@redhat.com>
+ 
+Reference:https://github.com/SSSD/sssd/commit/4085ee07926303aa26e46dfcc6dec87776432c62
+Conflict:NA
+ 
+---
+ src/util/inotify.c | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+ 
+diff --git a/src/util/inotify.c b/src/util/inotify.c
+index a3c33ed..8192cfd 100644
+--- a/src/util/inotify.c
+++ b/src/util/inotify.c
+@@ -233,9 +233,13 @@ static errno_t process_dir_event(struct snotify_ctx *snctx,
+ {
+     errno_t ret;
+ 
+    if (in_event->len == 0) {
+        DEBUG(SSSDBG_TRACE_FUNC, "Not interested in nameless event\n");
+        return EOK;
+    }
+
+     DEBUG(SSSDBG_TRACE_ALL, "inotify name: %s\n", in_event->name);
+-    if (in_event->len == 0 \
+-            || strcmp(in_event->name, snctx->base_name) != 0) {
+    if (strcmp(in_event->name, snctx->base_name) != 0) {
+         DEBUG(SSSDBG_TRACE_FUNC, "Not interested in %s\n", in_event->name);
+         return EOK;
+     }
+-- 
+2.33.0
+
--- a/backport-ad-refresh-root-domain-when-read-directly.patch
+++ b/backport-ad-refresh-root-domain-when-read-directly.patch
@ -0,0 +1,84 @@
+From 4d841bf2060717171fecad628480c8f2bc03760d Mon Sep 17 00:00:00 2001
+From: Sumit Bose <sbose@redhat.com>
+Date: Fri, 1 Mar 2024 10:50:07 +0100
+Subject: [PATCH] ad: refresh root domain when read directly
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+ 
+If the domain object of the forest root domain cannot be found in the
+LDAP tree of the local AD domain SSSD tries to read the request data
+from an LDAP server of the forest root domain directly. After reading
+this data the information is stored in the cache but currently the
+information about the domain store in memory is not updated with the
+additional data. As a result e.g. the domain SID is missing in this data
+and only becomes available after a restart where it is read from the
+cache.
+ 
+With this patch an unconditional refresh is triggered at the end of the
+fallback code path.
+ 
+Resolves: https://github.com/SSSD/sssd/issues/7250
+ 
+Reviewed-by: Dan Lavu <dlavu@redhat.com>
+Reviewed-by: Tomáš Halman <thalman@redhat.com>
+ 
+Reference:https://github.com/SSSD/sssd/commit/0de6c33047ac7a2b5316ec5ec936d6b675671c53
+Conflict:NA
+ 
+---
+ src/providers/ad/ad_subdomains.c | 10 +++++-----
+ 1 file changed, 5 insertions(+), 5 deletions(-)
+ 
+diff --git a/src/providers/ad/ad_subdomains.c b/src/providers/ad/ad_subdomains.c
+index 5bddf9b..e6745ce 100644
+--- a/src/providers/ad/ad_subdomains.c
+++ b/src/providers/ad/ad_subdomains.c
+@@ -1395,7 +1395,7 @@ struct ad_get_root_domain_state {
+ static void ad_get_root_domain_done(struct tevent_req *subreq);
+ static void ad_check_root_domain_done(struct tevent_req *subreq);
+ static errno_t
+-ad_get_root_domain_refresh(struct ad_get_root_domain_state *state);
+ad_get_root_domain_refresh(struct ad_get_root_domain_state *state, bool refresh);
+ 
+ struct tevent_req *
+ ad_check_domain_send(TALLOC_CTX *mem_ctx,
+@@ -1582,7 +1582,7 @@ static void ad_get_root_domain_done(struct tevent_req *subreq)
+         return;
+     }
+ 
+-    ret = ad_get_root_domain_refresh(state);
+    ret = ad_get_root_domain_refresh(state, false);
+     if (ret != EOK) {
+         DEBUG(SSSDBG_OP_FAILURE, "ad_get_root_domain_refresh() failed.\n");
+     }
+@@ -1682,7 +1682,7 @@ static void ad_check_root_domain_done(struct tevent_req *subreq)
+ 
+     state->reply_count = 1;
+ 
+-    ret = ad_get_root_domain_refresh(state);
+    ret = ad_get_root_domain_refresh(state, true);
+     if (ret != EOK) {
+         DEBUG(SSSDBG_OP_FAILURE, "ad_get_root_domain_refresh() failed.\n");
+     }
+@@ -1697,7 +1697,7 @@ done:
+ }
+ 
+ static errno_t
+-ad_get_root_domain_refresh(struct ad_get_root_domain_state *state)
+ad_get_root_domain_refresh(struct ad_get_root_domain_state *state, bool refresh)
+ {
+     struct sss_domain_info *root_domain;
+     bool has_changes;
+@@ -1713,7 +1713,7 @@ ad_get_root_domain_refresh(struct ad_get_root_domain_state *state)
+         goto done;
+     }
+ 
+-    if (has_changes) {
+    if (has_changes || refresh) {
+         ret = ad_subdom_reinit(state->sd_ctx);
+         if (ret != EOK) {
+             DEBUG(SSSDBG_OP_FAILURE, "Could not reinitialize subdomains\n");
+-- 
+2.33.0
+
--- a/sssd.spec
+++ b/sssd.spec
@ -8,13 +8,16 @@

 Name: sssd
 Version: 2.9.4
-Release: 5
+Release: 6
 Summary: System Security Services Daemon
 License: GPL-3.0-or-later
 URL: https://github.com/SSSD/sssd/
 Source0: https://github.com/SSSD/sssd/releases/download/2.9.4/sssd-2.9.4.tar.gz

 Patch0001: backport-CVE-2023-3758.patch
+Patch0002: backport-UTILS-inotify-avoid-potential-NULL-deref.patch
+Patch0003: backport-ad-refresh-root-domain-when-read-directly.patch
+Patch0004: backport-RESPONDER-use-proper-context-for-getDomains.patch

 Requires: sssd-ad = %{version}-%{release}
 Requires: sssd-common = %{version}-%{release}
@ -914,6 +917,9 @@ fi
 %systemd_postun_with_restart sssd.service

 %changelog
+* Tue Jun 18 2024 wangjiang <wangjiang37@h-partners.com> - 2.9.4-6
+- backport upstream patches
+
 * Tue May 21 2024 wangqingsan <wangqingsan@huawei.com> - 2.9.4-5
 - redefine chrpath_delete macro to delete runpath/rpath