device-mapper-multipath-0.8.7-17

Add 0077-libmultipath-don-t-leak-memory-on-invalid-strings.patch Add 0078-libmutipath-validate-the-argument-count-of-config-st.patch Resolves: bz #2145225
2023-01-16 20:40:52 -06:00 · 2023-01-16 20:40:52 -06:00 · d6f96fcdd6
commit d6f96fcdd6
parent 34da695612
3 changed files with 238 additions and 1 deletions
--- a/0077-libmultipath-don-t-leak-memory-on-invalid-strings.patch
+++ b/0077-libmultipath-don-t-leak-memory-on-invalid-strings.patch
@ -0,0 +1,35 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Benjamin Marzinski <bmarzins@redhat.com>
+Date: Wed, 14 Dec 2022 15:38:19 -0600
+Subject: [PATCH] libmultipath: don't leak memory on invalid strings
+
+If set_path() or set_str_noslash() are called with a bad value, they
+ignore it and continue to use the old value. But they weren't freeing
+the bad value, causing a memory leak.
+
+Signed-off-by: Benjamin Marzinski <bmarzins@redhat.com>
+Reviewed-by: Martin Wilck <mwilck@suse.com>
+---
+ libmultipath/dict.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/libmultipath/dict.c b/libmultipath/dict.c
+index 46b9f225..861d1d17 100644
+--- a/libmultipath/dict.c
+++ b/libmultipath/dict.c
+@@ -156,6 +156,7 @@ set_path(vector strvec, void *ptr, const char *file, int line_nr)
+ 	if ((*str_ptr)[0] != '/'){
+ 		condlog(1, "%s line %d, %s is not an absolute path. Ignoring",
+ 			file, line_nr, *str_ptr);
+		free(*str_ptr);
+ 		*str_ptr = old_str;
+ 	} else
+ 		free(old_str);
+@@ -176,6 +177,7 @@ set_str_noslash(vector strvec, void *ptr, const char *file, int line_nr)
+ 	if (strchr(*str_ptr, '/')) {
+ 		condlog(1, "%s line %d, %s cannot contain a slash. Ignoring",
+ 			file, line_nr, *str_ptr);
+		free(*str_ptr);
+ 		*str_ptr = old_str;
+ 	} else
+ 		free(old_str);
--- a/0078-libmutipath-validate-the-argument-count-of-config-st.patch
+++ b/0078-libmutipath-validate-the-argument-count-of-config-st.patch
@ -0,0 +1,195 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Benjamin Marzinski <bmarzins@redhat.com>
+Date: Wed, 14 Dec 2022 15:38:20 -0600
+Subject: [PATCH] libmutipath: validate the argument count of config strings
+
+The features, path_selector, and hardware_handler config options pass
+their strings directly into the kernel.  If users omit the argument
+counts from these strings, or use the wrong value, the kernel's table
+parsing gets completely messed up, and the error messages it prints
+don't reflect what actully went wrong. To avoid messing up the
+kernel table parsing, verify that these strings correctly set the
+argument count to the number of arguments they have.
+
+Signed-off-by: Benjamin Marzinski <bmarzins@redhat.com>
+Reviewed-by: Martin Wilck <mwilck@suse.com>
+---
+ libmultipath/dict.c | 110 ++++++++++++++++++++++++++++++++++++++++----
+ 1 file changed, 101 insertions(+), 9 deletions(-)
+
+diff --git a/libmultipath/dict.c b/libmultipath/dict.c
+index 861d1d17..eb2f33a2 100644
+--- a/libmultipath/dict.c
+++ b/libmultipath/dict.c
+@@ -142,6 +142,58 @@ set_dir(vector strvec, void *ptr, const char *file, int line_nr)
+ 	return 0;
+ }
+ 
+static int
+set_arg_str(vector strvec, void *ptr, int count_idx, const char *file,
+	    int line_nr)
+{
+	char **str_ptr = (char **)ptr;
+	char *old_str = *str_ptr;
+	const char * const spaces = " \f\r\t\v";
+	char *p, *end;
+	int idx = -1;
+	long int count = -1;
+
+	*str_ptr = set_value(strvec);
+	if (!*str_ptr) {
+		free(old_str);
+		return 1;
+	}
+	p = *str_ptr;
+	while (*p != '\0') {
+		p += strspn(p, spaces);
+		if (*p == '\0')
+			break;
+		idx += 1;
+		if (idx == count_idx) {
+			errno = 0;
+			count = strtol(p, &end, 10);
+			if (errno == ERANGE || end == p ||
+			    !(isspace(*end) || *end == '\0')) {
+				count = -1;
+				break;
+			}
+		}
+		p += strcspn(p, spaces);
+	}
+	if (count < 0) {
+		condlog(1, "%s line %d, missing argument count for %s",
+			file, line_nr, (char*)VECTOR_SLOT(strvec, 0));
+		goto fail;
+	}
+	if (count != idx - count_idx) {
+		condlog(1, "%s line %d, invalid argument count for %s:, got '%ld' expected '%d'",
+			file, line_nr, (char*)VECTOR_SLOT(strvec, 0), count,
+			idx - count_idx);
+		goto fail;
+	}
+	free(old_str);
+	return 0;
+fail:
+	free(*str_ptr);
+	*str_ptr = old_str;
+	return 0;
+}
+
+ static int
+ set_path(vector strvec, void *ptr, const char *file, int line_nr)
+ {
+@@ -294,6 +346,14 @@ def_ ## option ## _handler (struct config *conf, vector strvec,         \
+ 	return set_int(strvec, &conf->option, minval, maxval, file, line_nr); \
+ }
+ 
+#define declare_def_arg_str_handler(option, count_idx)			\
+static int								\
+def_ ## option ## _handler (struct config *conf, vector strvec,		\
+			    const char *file, int line_nr)		\
+{									\
+	return set_arg_str(strvec, &conf->option, count_idx, file, line_nr); \
+}
+
+ #define declare_def_snprint(option, function)				\
+ static int								\
+ snprint_def_ ## option (struct config *conf, struct strbuf *buff,	\
+@@ -346,6 +406,17 @@ hw_ ## option ## _handler (struct config *conf, vector strvec,		\
+ 	return set_int(strvec, &hwe->option, minval, maxval, file, line_nr); \
+ }
+ 
+#define declare_hw_arg_str_handler(option, count_idx)			\
+static int								\
+hw_ ## option ## _handler (struct config *conf, vector strvec,		\
+			    const char *file, int line_nr)		\
+{									\
+	struct hwentry * hwe = VECTOR_LAST_SLOT(conf->hwtable);		\
+	if (!hwe)							\
+		return 1;						\
+	return set_arg_str(strvec, &hwe->option, count_idx, file, line_nr); \
+}
+
+ 
+ #define declare_hw_snprint(option, function)				\
+ static int								\
+@@ -377,6 +448,16 @@ ovr_ ## option ## _handler (struct config *conf, vector strvec,		\
+ 		       file, line_nr); \
+ }
+ 
+#define declare_ovr_arg_str_handler(option, count_idx)			\
+static int								\
+ovr_ ## option ## _handler (struct config *conf, vector strvec,		\
+			    const char *file, int line_nr)		\
+{									\
+	if (!conf->overrides)						\
+		return 1;						\
+	return set_arg_str(strvec, &conf->overrides->option, count_idx, file, line_nr); \
+}
+
+ #define declare_ovr_snprint(option, function)				\
+ static int								\
+ snprint_ovr_ ## option (struct config *conf, struct strbuf *buff,	\
+@@ -407,6 +488,17 @@ mp_ ## option ## _handler (struct config *conf, vector strvec,		\
+ 	return set_int(strvec, &mpe->option, minval, maxval, file, line_nr); \
+ }
+ 
+#define declare_mp_arg_str_handler(option, count_idx)			\
+static int								\
+mp_ ## option ## _handler (struct config *conf, vector strvec,		\
+			    const char *file, int line_nr)		\
+{									\
+	struct mpentry * mpe = VECTOR_LAST_SLOT(conf->mptable);		\
+	if (!mpe)							\
+		return 1;						\
+	return set_arg_str(strvec, &mpe->option, count_idx, file, line_nr); \
+}
+
+ #define declare_mp_snprint(option, function)				\
+ static int								\
+ snprint_mp_ ## option (struct config *conf, struct strbuf *buff,	\
+@@ -591,13 +683,13 @@ snprint_def_marginal_pathgroups(struct config *conf, struct strbuf *buff,
+ }
+ 
+ 
+-declare_def_handler(selector, set_str)
+declare_def_arg_str_handler(selector, 1)
+ declare_def_snprint_defstr(selector, print_str, DEFAULT_SELECTOR)
+-declare_hw_handler(selector, set_str)
+declare_hw_arg_str_handler(selector, 1)
+ declare_hw_snprint(selector, print_str)
+-declare_ovr_handler(selector, set_str)
+declare_ovr_arg_str_handler(selector, 1)
+ declare_ovr_snprint(selector, print_str)
+-declare_mp_handler(selector, set_str)
+declare_mp_arg_str_handler(selector, 1)
+ declare_mp_snprint(selector, print_str)
+ 
+ static int snprint_uid_attrs(struct config *conf, struct strbuf *buff,
+@@ -672,13 +764,13 @@ declare_hw_snprint(prio_args, print_str)
+ declare_mp_handler(prio_args, set_str)
+ declare_mp_snprint(prio_args, print_str)
+ 
+-declare_def_handler(features, set_str)
+declare_def_arg_str_handler(features, 0)
+ declare_def_snprint_defstr(features, print_str, DEFAULT_FEATURES)
+-declare_ovr_handler(features, set_str)
+declare_ovr_arg_str_handler(features, 0)
+ declare_ovr_snprint(features, print_str)
+-declare_hw_handler(features, set_str)
+declare_hw_arg_str_handler(features, 0)
+ declare_hw_snprint(features, print_str)
+-declare_mp_handler(features, set_str)
+declare_mp_arg_str_handler(features, 0)
+ declare_mp_snprint(features, print_str)
+ 
+ declare_def_handler(checker_name, set_str)
+@@ -1857,7 +1949,7 @@ declare_hw_snprint(revision, print_str)
+ declare_hw_handler(bl_product, set_str)
+ declare_hw_snprint(bl_product, print_str)
+ 
+-declare_hw_handler(hwhandler, set_str)
+declare_hw_arg_str_handler(hwhandler, 0)
+ declare_hw_snprint(hwhandler, print_str)
+ 
+ /*
--- a/device-mapper-multipath.spec
+++ b/device-mapper-multipath.spec
@ -1,6 +1,6 @@
 Name:    device-mapper-multipath
 Version: 0.8.7
-Release: 16%{?dist}
+Release: 17%{?dist}
 Summary: Tools to manage multipath devices using device-mapper
 License: GPLv2
 URL:     http://christophe.varoqui.free.fr/
@ -86,6 +86,8 @@ Patch0073: 0073-libmultipath-prepare-proto_id-for-use-by-non-scsi-de.patch
 Patch0074: 0074-libmultipath-get-nvme-path-transport-protocol.patch
 Patch0075: 0075-libmultipath-enforce-queue_mode-bio-for-nmve-tcp-pat.patch
 Patch0076: 0076-multipath.conf-5-remove-io-affinity-information.patch
+Patch0077: 0077-libmultipath-don-t-leak-memory-on-invalid-strings.patch
+Patch0078: 0078-libmutipath-validate-the-argument-count-of-config-st.patch


 # runtime
@ -288,6 +290,11 @@ fi
 %{_pkgconfdir}/libdmmp.pc

 %changelog
+* Wed Dec 21 2022 Benjamin Marzinski <bmarzins@redhat.com> - 0.8.7-17
+- Add 0077-libmultipath-don-t-leak-memory-on-invalid-strings.patch
+- Add 0078-libmutipath-validate-the-argument-count-of-config-st.patch
+- Resolves: bz #2145225
+
 * Wed Nov 30 2022 Benjamin Marzinski <bmarzins@redhat.com> - 0.8.7-16
 - Add 0076-multipath.conf-5-remove-io-affinity-information.patch
 - Resolves: bz #2143125