diff --git a/SOURCES/bz1668357-fence_virt-dont-report-success-incorrect-parameter.patch b/SOURCES/bz1668357-fence_virt-dont-report-success-incorrect-parameter.patch new file mode 100644 index 0000000..6c541f9 --- /dev/null +++ b/SOURCES/bz1668357-fence_virt-dont-report-success-incorrect-parameter.patch @@ -0,0 +1,35 @@ +From 83e507cd236c304ce6b95b2ba52d3894f8002dc8 Mon Sep 17 00:00:00 2001 +From: Oyvind Albrigtsen +Date: Fri, 9 Nov 2018 13:10:29 +0100 +Subject: [PATCH] fence_virt: dont report success for incorrect parameters + +--- + client/main.c | 2 +- + client/options.c | 1 + + 2 files changed, 2 insertions(+), 1 deletion(-) + +diff --git a/client/main.c b/client/main.c +index 8e94093..a3135e3 100644 +--- a/client/main.c ++++ b/client/main.c +@@ -112,7 +112,7 @@ main(int argc, char **argv) + args.mode = MODE_VSOCK; + + if (args.flags & F_ERR) { +- if (args.op != FENCE_VALIDATEALL) ++ if (args.op != FENCE_VALIDATEALL) + args_usage(argv[0], my_options, (argc == 1)); + exit(1); + } +diff --git a/client/options.c b/client/options.c +index a3f321b..4b5ed56 100644 +--- a/client/options.c ++++ b/client/options.c +@@ -904,6 +904,7 @@ args_get_stdin(const char *optstr, fence_virt_args_t *args) + "parse warning: " + "illegal variable '%s' on line %d\n", name, + line); ++ args->flags |= F_ERR; + continue; + } + diff --git a/SOURCES/bz1766993-fence_virtd-fix-segfault-no-domains.patch b/SOURCES/bz1766993-fence_virtd-fix-segfault-no-domains.patch new file mode 100644 index 0000000..a746ba4 --- /dev/null +++ b/SOURCES/bz1766993-fence_virtd-fix-segfault-no-domains.patch @@ -0,0 +1,29 @@ +From 36367a99eb803a7941f6cbfd6086e7a71bf91e21 Mon Sep 17 00:00:00 2001 +From: Andrew Price +Date: Tue, 29 Oct 2019 11:27:06 +0000 +Subject: [PATCH] fence_virtd: Fix segfault in vl_get when no domains are found + +If virConnectListAllDomains() returns 0 on every iteration, the loop +will end with a vl == NULL and the pointer dereference in the qsort() +call will result in a segfault. Check for NULL on completion of the loop +to guard against that. + +Signed-off-by: Andrew Price +--- + server/virt.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/server/virt.c b/server/virt.c +index 9710791..ed08e0c 100644 +--- a/server/virt.c ++++ b/server/virt.c +@@ -128,6 +128,9 @@ virt_list_t *vl_get(virConnectPtr *vp, int vp_count, int my_id) + + _free_dom_list(dom_list, ret); + } ++ /* No domains found */ ++ if (!vl) ++ return NULL; + + /* We have all the locally running domains & states now */ + /* Sort */ diff --git a/SPECS/fence-virt.spec b/SPECS/fence-virt.spec index 291817c..4096b6c 100644 --- a/SPECS/fence-virt.spec +++ b/SPECS/fence-virt.spec @@ -1,6 +1,6 @@ Name: fence-virt Version: 0.4.0 -Release: 6%{?dist} +Release: 8%{?dist} Summary: A pluggable fencing framework for virtual machines Group: System Environment/Base License: GPLv2+ @@ -13,6 +13,8 @@ URL: http://fence-virt.sourceforge.net Source0: http://people.redhat.com/rmccabe/fence-virt/%{name}-%{version}.tar.bz2 Patch0: bz1624110-1-harden-fPIE.patch Patch1: bz1624110-2-fence_virt-fix-coredump.patch +Patch2: bz1668357-fence_virt-dont-report-success-incorrect-parameter.patch +Patch3: bz1766993-fence_virtd-fix-segfault-no-domains.patch BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX) @@ -99,6 +101,8 @@ are located on corosync cluster nodes. %setup -q %patch0 -p1 %patch1 -p1 +%patch2 -p1 -F1 +%patch3 -p1 %build ./autogen.sh @@ -190,6 +194,14 @@ fi %{_libdir}/%{name}/cpg.so %changelog +* Thu Nov 21 2019 Oyvind Albrigtsen - 0.4.0-8 +- fence_virtd: fix segfault when no domains are found + Resolves: rhbz#1766993 + +* Tue Jul 23 2019 Oyvind Albrigtsen - 0.4.0-7 +- fence_xvm/fence_virt: dont report success for incorrect parameter + Resolves: rhbz#1668357 + * Tue Apr 9 2019 Oyvind Albrigtsen - 0.4.0-6 - Harden with -fPIE and -Wl,-z,now Resolves: rhbz#1624110