[meta-virtualization] [m-c-s][PATCH 1/7] glusterfs: fix CVE-2018-10911
Bruce Ashfield
bruce.ashfield at gmail.com
Sun Sep 30 18:32:13 PDT 2018
I almost always let patches sit for 3 or more days to allow people
time to comment.
This is now merged.
Bruce
On Fri, Sep 28, 2018 at 10:45 PM ChenQi <Qi.Chen at windriver.com> wrote:
>
> ping
>
> On 09/26/2018 10:36 AM, Chen Qi wrote:
> > Backport patch to fix the following CVE.
> >
> > CVE: CVE-2018-10911
> >
> > Signed-off-by: Chen Qi <Qi.Chen at windriver.com>
> > ---
> > ...-negative-key-value-length-while-unserial.patch | 39 ++++++++++++++++++++++
> > recipes-extended/glusterfs/glusterfs.inc | 1 +
> > 2 files changed, 40 insertions(+)
> > create mode 100644 recipes-extended/glusterfs/files/0001-dict-handle-negative-key-value-length-while-unserial.patch
> >
> > diff --git a/recipes-extended/glusterfs/files/0001-dict-handle-negative-key-value-length-while-unserial.patch b/recipes-extended/glusterfs/files/0001-dict-handle-negative-key-value-length-while-unserial.patch
> > new file mode 100644
> > index 0000000..cb3400b
> > --- /dev/null
> > +++ b/recipes-extended/glusterfs/files/0001-dict-handle-negative-key-value-length-while-unserial.patch
> > @@ -0,0 +1,39 @@
> > +From 428ee988df7d6cbe6e18becffcee5cdfb0fa9d17 Mon Sep 17 00:00:00 2001
> > +From: Amar Tumballi <amarts at redhat.com>
> > +Date: Tue, 24 Jul 2018 13:25:12 +0530
> > +Subject: [PATCH 1/7] dict: handle negative key/value length while unserialize
> > +
> > +Fixes: bz#1625089
> > +Change-Id: Ie56df0da46c242846a1ba51ccb9e011af118b119
> > +Signed-off-by: Amar Tumballi <amarts at redhat.com>
> > +
> > +Upstream-Status: Backport
> > +
> > +Fix CVE-2018-10911
> > +
> > +Signed-off-by: Chen Qi <Qi.Chen at windriver.com>
> > +---
> > + libglusterfs/src/dict.c | 7 +++++++
> > + 1 file changed, 7 insertions(+)
> > +
> > +diff --git a/libglusterfs/src/dict.c b/libglusterfs/src/dict.c
> > +index 839b426..ac0a677 100644
> > +--- a/libglusterfs/src/dict.c
> > ++++ b/libglusterfs/src/dict.c
> > +@@ -2751,6 +2751,13 @@ dict_unserialize (char *orig_buf, int32_t size, dict_t **fill)
> > + vallen = ntoh32 (hostord);
> > + buf += DICT_DATA_HDR_VAL_LEN;
> > +
> > ++ if ((keylen < 0) || (vallen < 0)) {
> > ++ gf_msg_callingfn ("dict", GF_LOG_ERROR, 0,
> > ++ LG_MSG_UNDERSIZED_BUF,
> > ++ "undersized length passed "
> > ++ "key:%d val:%d", keylen, vallen);
> > ++ goto out;
> > ++ }
> > + if ((buf + keylen) > (orig_buf + size)) {
> > + gf_msg_callingfn ("dict", GF_LOG_ERROR, 0,
> > + LG_MSG_UNDERSIZED_BUF,
> > +--
> > +2.7.4
> > +
> > diff --git a/recipes-extended/glusterfs/glusterfs.inc b/recipes-extended/glusterfs/glusterfs.inc
> > index ab63a9a..ea5f2b7 100644
> > --- a/recipes-extended/glusterfs/glusterfs.inc
> > +++ b/recipes-extended/glusterfs/glusterfs.inc
> > @@ -23,6 +23,7 @@ SRC_URI += "file://glusterd.init \
> > file://0001-shared-storage-Prevent-mounting-shared-storage-from-.patch \
> > file://0002-server-auth-add-option-for-strict-authentication.patch \
> > file://0003-glusterfs-access-trusted-peer-group-via-remote-host-.patch \
> > + file://0001-dict-handle-negative-key-value-length-while-unserial.patch \
> > "
> >
> > LICENSE = "(LGPLv3+ | GPLv2) & GPLv3+ & LGPLv3+ & GPLv2+ & LGPLv2+ & LGPLv2.1+ & Apache-2.0"
>
>
> --
> _______________________________________________
> meta-virtualization mailing list
> meta-virtualization at yoctoproject.org
> https://lists.yoctoproject.org/listinfo/meta-virtualization
--
"Thou shalt not follow the NULL pointer, for chaos and madness await
thee at its end"
More information about the meta-virtualization
mailing list