rpms/corosync
6
0
Fork 0
Code Issues Pull Requests Releases Activity

- Resolves: RHEL-122945

Browse Source 
Signed-off-by: Jan Friesse <jfriesse@redhat.com>
This commit is contained in:
Jan Friesse 2025-11-18 09:38:20 +01:00
parent 81ff37d70f
commit 5d60ff11df
6 changed files with 10 additions and 239 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -51,3 +51,4 @@ corosync-1.2.7.tar.gz
/corosync-3.1.7.tar.gz
/corosync-3.1.8.tar.gz
/corosync-3.1.9.tar.gz
/corosync-3.1.10.tar.gz

68
RHEL-84612-totemsrp-Check-size-of-orf_token-msg.patch
View File

@ -1,68 +0,0 @@
From 7839990f9cdf34e55435ed90109e82709032466a Mon Sep 17 00:00:00 2001
From: Jan Friesse <jfriesse@redhat.com>
Date: Mon, 24 Mar 2025 12:05:08 +0100
Subject: [PATCH] totemsrp: Check size of orf_token msg
orf_token message is stored into preallocated array on endian convert
so carefully crafted malicious message can lead to crash of corosync.
Solution is to check message size beforehand.
Signed-off-by: Jan Friesse <jfriesse@redhat.com>
Reviewed-by: Christine Caulfield <ccaulfie@redhat.com>
---
exec/totemsrp.c | 18 +++++++++++++++++-
1 file changed, 17 insertions(+), 1 deletion(-)
diff --git a/exec/totemsrp.c b/exec/totemsrp.c
index 962d0e2a..364528ce 100644
--- a/exec/totemsrp.c
+++ b/exec/totemsrp.c
@@ -3679,12 +3679,20 @@ static int check_orf_token_sanity(
const struct totemsrp_instance *instance,
const void *msg,
size_t msg_len,
+ size_t max_msg_len,
int endian_conversion_needed)
{
int rtr_entries;
const struct orf_token *token = (const struct orf_token *)msg;
size_t required_len;
+ if (msg_len > max_msg_len) {
+ log_printf (instance->totemsrp_log_level_security,
+ "Received orf_token message is too long... ignoring.");
+
+ return (-1);
+ }
+
if (msg_len < sizeof(struct orf_token)) {
log_printf (instance->totemsrp_log_level_security,
"Received orf_token message is too short... ignoring.");
@@ -3698,6 +3706,13 @@ static int check_orf_token_sanity(
rtr_entries = token->rtr_list_entries;
}
+ if (rtr_entries > RETRANSMIT_ENTRIES_MAX) {
+ log_printf (instance->totemsrp_log_level_security,
+ "Received orf_token message rtr_entries is corrupted... ignoring.");
+
+ return (-1);
+ }
+
required_len = sizeof(struct orf_token) + rtr_entries * sizeof(struct rtr_item);
if (msg_len < required_len) {
log_printf (instance->totemsrp_log_level_security,
@@ -3868,7 +3883,8 @@ static int message_handler_orf_token (
"Time since last token %0.4f ms", tv_diff / (float)QB_TIME_NS_IN_MSEC);
#endif
- if (check_orf_token_sanity(instance, msg, msg_len, endian_conversion_needed) == -1) {
+ if (check_orf_token_sanity(instance, msg, msg_len, sizeof(token_storage),
+ endian_conversion_needed) == -1) {
return (0);
}
--
2.47.0

113
RHEL-96073-1-exec-Add-support-for-env-STATE_DIRECTORY.patch
View File

@ -1,113 +0,0 @@
From: Jan Friesse <jfriesse@redhat.com>
Date: Wed, 11 Jun 2025 17:26:41 +0200
Subject: [PATCH 1/2] exec: Add support for env STATE_DIRECTORY
Image mode recommendation is to not ship /var/lib subdirectories if
possible and bootc lint produces warning if not. This was the case
also for Corosync.
Simplest possible solution seems to implement support for systemd
unit StateDirectory functionality and not ship /var/lib/corosync
in rpm.
So patch:
1. Adds support for reading the environment variable STATE_DIRECTORY
which is set by systemd and use it as a default value for
system.state_dir configuration option. This is generally useful
feature even for non-systemd builds.
2. Set StateDirectory in service file
3. Drop /var/lib/corosync directory from RPM for systemd builds
Signed-off-by: Jan Friesse <jfriesse@redhat.com>
Reviewed-by: Christine Caulfield <ccaulfie@redhat.com>
---
corosync.spec.in | 2 ++
exec/util.c | 19 +++++++++++++++----
init/corosync.service.in | 1 +
man/corosync.conf.5 | 4 ++--
4 files changed, 20 insertions(+), 6 deletions(-)
diff --git a/corosync.spec.in b/corosync.spec.in
index 80040a46..049c585a 100644
--- a/corosync.spec.in
+++ b/corosync.spec.in
@@ -207,7 +207,9 @@ fi
%{_initrddir}/corosync
%{_initrddir}/corosync-notifyd
%endif
+%if %{without systemd}
%dir %{_localstatedir}/lib/corosync
+%endif
%dir %{_localstatedir}/log/cluster
%{_mandir}/man7/corosync_overview.7*
%{_mandir}/man8/corosync.8*
diff --git a/exec/util.c b/exec/util.c
index 8988ab29..795ea5c5 100644
--- a/exec/util.c
+++ b/exec/util.c
@@ -174,13 +174,24 @@ int cs_name_tisEqual (cs_name_t *str1, char *str2) {
const char *get_state_dir(void)
{
static char path[PATH_MAX] = {'\0'};
- char *cmap_state_dir;
+ char *state_dir;
int res;
if (path[0] == '\0') {
- if (icmap_get_string("system.state_dir", &cmap_state_dir) == CS_OK) {
- res = snprintf(path, PATH_MAX, "%s", cmap_state_dir);
- free(cmap_state_dir);
+ if (icmap_get_string("system.state_dir", &state_dir) == CS_OK) {
+ res = snprintf(path, PATH_MAX, "%s", state_dir);
+ free(state_dir);
+ } else if ((state_dir = getenv("STATE_DIRECTORY")) != NULL) {
+ /*
+ * systemd allows multiple directory names that are
+ * passed to env variable separated by colon. Support for this feature
+ * is deliberately not implemented because corosync always
+ * uses just one state directory and it is unclear what behavior should
+ * be taken for multiple ones. If reasonable need for
+ * supporting multiple directories appear, it must be implemented also
+ * for cmap.
+ */
+ res = snprintf(path, PATH_MAX, "%s", state_dir);
} else {
res = snprintf(path, PATH_MAX, "%s/%s", LOCALSTATEDIR, "lib/corosync");
}
diff --git a/init/corosync.service.in b/init/corosync.service.in
index bd2a48a9..3e3efef8 100644
--- a/init/corosync.service.in
+++ b/init/corosync.service.in
@@ -9,6 +9,7 @@ After=network-online.target
EnvironmentFile=-@INITCONFIGDIR@/corosync
ExecStart=@SBINDIR@/corosync -f $COROSYNC_OPTIONS
ExecStop=@SBINDIR@/corosync-cfgtool -H --force
+StateDirectory=corosync
Type=notify
# In typical systemd deployments, both standard outputs are forwarded to
diff --git a/man/corosync.conf.5 b/man/corosync.conf.5
index 3510ab6b..3bcda7c7 100644
--- a/man/corosync.conf.5
+++ b/man/corosync.conf.5
@@ -32,7 +32,7 @@
.\" * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
.\" * THE POSSIBILITY OF SUCH DAMAGE.
.\" */
-.TH COROSYNC_CONF 5 2024-07-22 "corosync Man Page" "Corosync Cluster Engine Programmer's Manual"
+.TH COROSYNC_CONF 5 2025-06-12 "corosync Man Page" "Corosync Cluster Engine Programmer's Manual"
.SH NAME
corosync.conf - corosync executive configuration file
@@ -900,7 +900,7 @@ state_dir
Existing directory where corosync should chdir into. Corosync stores
important state files and blackboxes there.
-The default is /var/lib/corosync.
+The default is the value of the environment variable STATE_DIRECTORY or /var/lib/corosync.
.PP
Within the
--
2.43.5

50
RHEL-96073-2-init-Use-LogsDirectory-in-systemd-unit-file.patch
View File

@ -1,50 +0,0 @@
From 050933cf334ef4ac6a6b4a3988508ca181da34b0 Mon Sep 17 00:00:00 2001
From: Jan Friesse <jfriesse@redhat.com>
Date: Thu, 12 Jun 2025 09:40:45 +0200
Subject: [PATCH 2/2] init: Use LogsDirectory in systemd unit file
Similarly as StateDirectory, this is mainly for image mode.
/var/log/cluster shouldn't be included in rpm package, so
use LogsDirectory to make systemd create /var/log/cluster during
corosync startup.
No code change is needed, because logging to log file is fully
configured by user in config file so there is no default to read from
environment variable.
Signed-off-by: Jan Friesse <jfriesse@redhat.com>
Reviewed-by: Christine Caulfield <ccaulfie@redhat.com>
---
corosync.spec.in | 2 +-
init/corosync.service.in | 1 +
2 files changed, 2 insertions(+), 1 deletion(-)
diff --git a/corosync.spec.in b/corosync.spec.in
index 049c585a..7cb70114 100644
--- a/corosync.spec.in
+++ b/corosync.spec.in
@@ -209,8 +209,8 @@ fi
%endif
%if %{without systemd}
%dir %{_localstatedir}/lib/corosync
-%endif
%dir %{_localstatedir}/log/cluster
+%endif
%{_mandir}/man7/corosync_overview.7*
%{_mandir}/man8/corosync.8*
%{_mandir}/man8/corosync-blackbox.8*
diff --git a/init/corosync.service.in b/init/corosync.service.in
index 3e3efef8..89d67b5e 100644
--- a/init/corosync.service.in
+++ b/init/corosync.service.in
@@ -10,6 +10,7 @@ EnvironmentFile=-@INITCONFIGDIR@/corosync
ExecStart=@SBINDIR@/corosync -f $COROSYNC_OPTIONS
ExecStop=@SBINDIR@/corosync-cfgtool -H --force
StateDirectory=corosync
+LogsDirectory=cluster
Type=notify
# In typical systemd deployments, both standard outputs are forwarded to
--
2.43.5

15
corosync.spec
View File

@ -14,15 +14,11 @@
Name: corosync
Summary: The Corosync Cluster Engine and Application Programming Interfaces
Version: 3.1.9
Release: 2%{?dist}
Version: 3.1.10
Release: 1%{?dist}
License: BSD-3-Clause
URL: http://corosync.github.io/corosync/
Source0: http://build.clusterlabs.org/corosync/releases/%{name}-%{version}.tar.gz
Patch0: RHEL-84612-totemsrp-Check-size-of-orf_token-msg.patch
Patch1: RHEL-96073-1-exec-Add-support-for-env-STATE_DIRECTORY.patch
Patch2: RHEL-96073-2-init-Use-LogsDirectory-in-systemd-unit-file.patch
Source0: https://github.com/%{name}/%{name}/releases/download/v%{version}/%{name}-%{version}%{?gittarver}.tar.gz
# Runtime bits
# The automatic dependency overridden in favor of explicit version lock
@ -293,6 +289,11 @@ network splits)
%endif
%changelog
* Tue Nov 18 2025 Jan Friesse <jfriesse@redhat.com> - 3.1.10-1
- Resolves: RHEL-122945
- New upstream release (RHEL-122945)
* Mon Jun 16 2025 Jan Friesse <jfriesse@redhat.com> - 3.1.9-2
- Resolves: RHEL-96073

2
sources
View File

@ -1 +1 @@
SHA512 (corosync-3.1.9.tar.gz) = d5332c65535dd40e3bee48912ebf2e71c55380b3dba93c36ff8b74090edf3ec44b69685cd11fda3732e4b0dab0b2954f08be94d772fcff6aaf9a4a846ef2e4cc
SHA512 (corosync-3.1.10.tar.gz) = cf2014d15fdbd3495cfe64629255f7855a79651a595938dac7bc7ec67338d843079ae40cf1c15de23b50d85cb39b2c2e3e3448a9cc33759ad8988b8c85ce59d3