[meta-virtualization] [PATCH] glusterfs: Revert a CVE patch, CVE-2018-10924

Hongzhi.Song hongzhi.song at windriver.com
Tue Oct 30 19:11:58 PDT 2018 

The CVE issue exists in v3.12 series and above.
Introduced by:
[http://git.gluster.org/cgit/glusterfs.git/commit/?
id=51dfc9c789b8405f595a337eade938aedcb449c4]

More infomation, please see:
[https://security-tracker.debian.org/tracker/CVE-2018-10924]

The version v3.11.1 doesn't have the issue.
So we should revert the CVE-2018-10924.

Signed-off-by: Hongzhi.Song <hongzhi.song at windriver.com>
---
 .../0005-cluster-afr-Fix-dict-leak-in-pre-op.patch | 135 ---------------------
 recipes-extended/glusterfs/glusterfs.inc           |   1 -
 2 files changed, 136 deletions(-)
 delete mode 100644 recipes-extended/glusterfs/files/0005-cluster-afr-Fix-dict-leak-in-pre-op.patch

diff --git a/recipes-extended/glusterfs/files/0005-cluster-afr-Fix-dict-leak-in-pre-op.patch b/recipes-extended/glusterfs/files/0005-cluster-afr-Fix-dict-leak-in-pre-op.patch
deleted file mode 100644
index d218a22..0000000
--- a/recipes-extended/glusterfs/files/0005-cluster-afr-Fix-dict-leak-in-pre-op.patch
+++ /dev/null
@@ -1,135 +0,0 @@
-From f4dddd7727988b8077b2da577e195621d5bac9c7 Mon Sep 17 00:00:00 2001
-From: Chen Qi <Qi.Chen at windriver.com>
-Date: Tue, 25 Sep 2018 15:23:10 +0800
-Subject: [PATCH 5/7] cluster/afr: Fix dict-leak in pre-op
-
-At the time of pre-op, pre_op_xdata is populted with the xattrs we get from the
-disk and at the time of post-op it gets over-written without unreffing the
-previous value stored leading to a leak.
-This is a regression we missed in
-https://review.gluster.org/#/q/ba149bac92d169ae2256dbc75202dc9e5d06538e
-
-BUG: 1550078
-Change-Id: I0456f9ad6f77ce6248b747964a037193af3a3da7
-Signed-off-by: Pranith Kumar K <pkarampu at redhat.com>
-
-Upstream-Status: Backport
-
-Fix CVE-2018-10924
-
-Modified for this old glusterfs version.
-
-Signed-off-by: Chen Qi <Qi.Chen at windriver.com>
----
- xlators/cluster/afr/src/afr-common.c      | 14 +++++++-------
- xlators/cluster/afr/src/afr-transaction.c | 20 ++++++++++----------
- xlators/cluster/afr/src/afr.h             |  4 ++--
- 3 files changed, 19 insertions(+), 19 deletions(-)
-
-diff --git a/xlators/cluster/afr/src/afr-common.c b/xlators/cluster/afr/src/afr-common.c
-index 0643204..85150a0 100644
---- a/xlators/cluster/afr/src/afr-common.c
-+++ b/xlators/cluster/afr/src/afr-common.c
-@@ -1673,13 +1673,13 @@ afr_local_transaction_cleanup (afr_local_t *local, xlator_t *this)
-         GF_FREE (local->transaction.pre_op);
- 
-         GF_FREE (local->transaction.pre_op_sources);
--        if (local->transaction.pre_op_xdata) {
-+        if (local->transaction.changelog_xdata) {
-                 for (i = 0; i < priv->child_count; i++) {
--                        if (!local->transaction.pre_op_xdata[i])
-+                        if (!local->transaction.changelog_xdata[i])
-                                 continue;
--                        dict_unref (local->transaction.pre_op_xdata[i]);
-+                        dict_unref (local->transaction.changelog_xdata[i]);
-                 }
--                GF_FREE (local->transaction.pre_op_xdata);
-+                GF_FREE (local->transaction.changelog_xdata);
-         }
- 
-         GF_FREE (local->transaction.eager_lock);
-@@ -5396,10 +5396,10 @@ afr_transaction_local_init (afr_local_t *local, xlator_t *this)
-                 goto out;
- 
-         if (priv->arbiter_count == 1) {
--                local->transaction.pre_op_xdata =
--                        GF_CALLOC (sizeof (*local->transaction.pre_op_xdata),
-+                local->transaction.changelog_xdata =
-+                        GF_CALLOC (sizeof (*local->transaction.changelog_xdata),
-                                    priv->child_count, gf_afr_mt_dict_t);
--                if (!local->transaction.pre_op_xdata)
-+                if (!local->transaction.changelog_xdata)
-                         goto out;
- 
-                 local->transaction.pre_op_sources =
-diff --git a/xlators/cluster/afr/src/afr-transaction.c b/xlators/cluster/afr/src/afr-transaction.c
-index 35621d9..c9a4474 100644
---- a/xlators/cluster/afr/src/afr-transaction.c
-+++ b/xlators/cluster/afr/src/afr-transaction.c
-@@ -276,9 +276,9 @@ afr_compute_pre_op_sources (call_frame_t *frame, xlator_t *this)
-         matrix = ALLOC_MATRIX (priv->child_count, int);
- 
-         for (i = 0; i < priv->child_count; i++) {
--                if (!local->transaction.pre_op_xdata[i])
-+                if (!local->transaction.changelog_xdata[i])
-                         continue;
--                xdata = local->transaction.pre_op_xdata[i];
-+                xdata = local->transaction.changelog_xdata[i];
-                 afr_selfheal_fill_matrix (this, matrix, i, idx, xdata);
-         }
- 
-@@ -295,13 +295,6 @@ afr_compute_pre_op_sources (call_frame_t *frame, xlator_t *this)
-                 for (j = 0; j < priv->child_count; j++)
-                         if (matrix[i][j] != 0)
-                                 local->transaction.pre_op_sources[j] = 0;
--
--        /*We don't need the xattrs any more. */
--        for (i = 0; i < priv->child_count; i++)
--                if (local->transaction.pre_op_xdata[i]) {
--                        dict_unref (local->transaction.pre_op_xdata[i]);
--                        local->transaction.pre_op_xdata[i] = NULL;
--                }
- }
- 
- gf_boolean_t
-@@ -1175,7 +1168,7 @@ afr_changelog_cbk (call_frame_t *frame, void *cookie, xlator_t *this,
- 
-         if (priv->arbiter_count == 1 && !op_ret) {
-                 if (xattr)
--                        local->transaction.pre_op_xdata[child_index] =
-+                        local->transaction.changelog_xdata[child_index] =
-                                                                dict_ref (xattr);
-         }
- 
-@@ -1608,6 +1601,13 @@ afr_changelog_do (call_frame_t *frame, xlator_t *this, dict_t *xattr,
- 	local = frame->local;
- 	priv = this->private;
- 
-+        for (i = 0; i < priv->child_count; i++) {
-+                if (local->transaction.changelog_xdata[i]) {
-+                        dict_unref (local->transaction.changelog_xdata[i]);
-+                        local->transaction.changelog_xdata[i] = NULL;
-+                }
-+        }
-+
-         ret = afr_changelog_prepare (this, frame, &call_count, changelog_resume,
-                                      op, &xdata, &newloc_xdata);
- 
-diff --git a/xlators/cluster/afr/src/afr.h b/xlators/cluster/afr/src/afr.h
-index cf736ed..2854153 100644
---- a/xlators/cluster/afr/src/afr.h
-+++ b/xlators/cluster/afr/src/afr.h
-@@ -737,8 +737,8 @@ typedef struct _afr_local {
- 
-                 unsigned char   *pre_op;
- 
--                /* For arbiter configuration only. */
--                dict_t **pre_op_xdata;
-+                /* Changelog xattr dict for [f]xattrop*/
-+                dict_t **changelog_xdata;
-                 unsigned char *pre_op_sources;
- 
- 		/* @failed_subvols: subvolumes on which a pre-op or a
--- 
-2.7.4
-
diff --git a/recipes-extended/glusterfs/glusterfs.inc b/recipes-extended/glusterfs/glusterfs.inc
index 8243f28..f7d3cc3 100644
--- a/recipes-extended/glusterfs/glusterfs.inc
+++ b/recipes-extended/glusterfs/glusterfs.inc
@@ -27,7 +27,6 @@ SRC_URI += "file://glusterd.init \
             file://0002-posix-disable-open-read-write-on-special-files.patch \
             file://0003-server-protocol-don-t-allow-.-path-in-name.patch \
             file://0004-io-stats-dump-io-stats-info-in-var-run-gluster.patch \
-            file://0005-cluster-afr-Fix-dict-leak-in-pre-op.patch \
             file://0006-posix-remove-not-supported-get-set-content.patch \
             file://0007-protocol-don-t-use-alloca.patch \
            "
-- 
2.8.1

More information about the meta-virtualization mailing list