rpms/pacemaker
5
0
Fork 0
Code Issues Pull Requests Releases Activity

2.0.1-2 (rev. 1) - forgotten patches

Browse Source 
Signed-off-by: Jan Pokorný <jpokorny@redhat.com>
This commit is contained in:
Jan Pokorný 2019-04-17 16:53:09 +02:00
parent ccade529e9
commit 0160aac9f8
No known key found for this signature in database
GPG Key ID: 61BBB23A9E8F8DE2
3 changed files with 2441 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

136
High-libservices-fix-use-after-free-wrt.-alert-handl.patch Normal file
View File

@ -0,0 +1,136 @@
From 6a77ebbb553cde4695839cd7ec47531a7f3eb9f3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jan=20Pokorn=C3=BD?= <jpokorny@redhat.com>
Date: Tue, 2 Apr 2019 10:13:21 +0200
Subject: [PATCH 1/6] High: libservices: fix use-after-free wrt. alert handling
This could possibly lead to unsolicited information disclosure by the
means of standard output of the immediately preceding agent/resource
execution leaking into the log stream under some circumstances.
It was hence assigned CVE-2019-3885.
The provoked pathological state of pacemaker-execd daemon progresses
towards crashing it for hitting segmentation fault.
---
lib/services/services.c | 40 +----------------------------------
lib/services/services_linux.c | 35 ++++++++++++++++++++++++++----
2 files changed, 32 insertions(+), 43 deletions(-)
diff --git a/lib/services/services.c b/lib/services/services.c
index 20e824fb5..256890e1d 100644
--- a/lib/services/services.c
+++ b/lib/services/services.c
@@ -372,35 +372,6 @@ services_action_user(svc_action_t *op, const char *user)
return crm_user_lookup(user, &(op->opaque->uid), &(op->opaque->gid));
}
-static void
-set_alert_env(gpointer key, gpointer value, gpointer user_data)
-{
- int rc;
-
- if (value) {
- rc = setenv(key, value, 1);
- } else {
- rc = unsetenv(key);
- }
-
- if (rc < 0) {
- crm_perror(LOG_ERR, "setenv %s=%s",
- (char*)key, (value? (char*)value : ""));
- } else {
- crm_trace("setenv %s=%s", (char*)key, (value? (char*)value : ""));
- }
-}
-
-static void
-unset_alert_env(gpointer key, gpointer value, gpointer user_data)
-{
- if (unsetenv(key) < 0) {
- crm_perror(LOG_ERR, "unset %s", (char*)key);
- } else {
- crm_trace("unset %s", (char*)key);
- }
-}
-
/*!
* \brief Execute an alert agent action
*
@@ -415,18 +386,9 @@ unset_alert_env(gpointer key, gpointer value, gpointer user_data)
gboolean
services_alert_async(svc_action_t *action, void (*cb)(svc_action_t *op))
{
- gboolean responsible;
-
action->synchronous = false;
action->opaque->callback = cb;
- if (action->params) {
- g_hash_table_foreach(action->params, set_alert_env, NULL);
- }
- responsible = services_os_action_execute(action);
- if (action->params) {
- g_hash_table_foreach(action->params, unset_alert_env, NULL);
- }
- return responsible;
+ return services_os_action_execute(action);
}
#if SUPPORT_DBUS
diff --git a/lib/services/services_linux.c b/lib/services/services_linux.c
index 6e6789a22..076daa51a 100644
--- a/lib/services/services_linux.c
+++ b/lib/services/services_linux.c
@@ -160,6 +160,25 @@ set_ocf_env_with_prefix(gpointer key, gpointer value, gpointer user_data)
set_ocf_env(buffer, value, user_data);
}
+static void
+set_alert_env(gpointer key, gpointer value, gpointer user_data)
+{
+ int rc;
+
+ if (value != NULL) {
+ rc = setenv(key, value, 1);
+ } else {
+ rc = unsetenv(key);
+ }
+
+ if (rc < 0) {
+ crm_perror(LOG_ERR, "setenv %s=%s",
+ (char*)key, (value? (char*)value : ""));
+ } else {
+ crm_trace("setenv %s=%s", (char*)key, (value? (char*)value : ""));
+ }
+}
+
/*!
* \internal
* \brief Add environment variables suitable for an action
@@ -169,12 +188,20 @@ set_ocf_env_with_prefix(gpointer key, gpointer value, gpointer user_data)
static void
add_action_env_vars(const svc_action_t *op)
{
- if (safe_str_eq(op->standard, PCMK_RESOURCE_CLASS_OCF) == FALSE) {
- return;
+ void (*env_setter)(gpointer, gpointer, gpointer) = NULL;
+ if (op->agent == NULL) {
+ env_setter = set_alert_env; /* we deal with alert handler */
+
+ } else if (safe_str_eq(op->standard, PCMK_RESOURCE_CLASS_OCF)) {
+ env_setter = set_ocf_env_with_prefix;
}
- if (op->params) {
- g_hash_table_foreach(op->params, set_ocf_env_with_prefix, NULL);
+ if (env_setter != NULL && op->params != NULL) {
+ g_hash_table_foreach(op->params, env_setter, NULL);
+ }
+
+ if (env_setter == NULL || env_setter == set_alert_env) {
+ return;
}
set_ocf_env("OCF_RA_VERSION_MAJOR", "1", NULL);
--
2.21.0

2265
High-pacemakerd-vs.-IPC-procfs-confused-deputy-authentic.patch Normal file
View File

File diff suppressed because it is too large Load Diff

40
Med-controld-fix-possible-NULL-pointer-dereference.patch Normal file
View File

@ -0,0 +1,40 @@
From 3ad7b2509d78f95b5dfc8fffc4d9a91be1da5113 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jan=20Pokorn=C3=BD?= <jpokorny@redhat.com>
Date: Wed, 17 Apr 2019 15:04:21 +0200
Subject: [PATCH] Med: controld: fix possible NULL pointer dereference
This is now more likely triggerable once the problems related to
CVE-2018-16878 are avoided.
---
daemons/controld/controld_control.c | 15 +++++++++------
1 file changed, 9 insertions(+), 6 deletions(-)
diff --git a/daemons/controld/controld_control.c b/daemons/controld/controld_control.c
index ee956982b..0ac358cbe 100644
--- a/daemons/controld/controld_control.c
+++ b/daemons/controld/controld_control.c
@@ -77,12 +77,15 @@ do_ha_control(long long action,
registered = crm_connect_corosync(cluster);
#endif
}
- controld_election_init(cluster->uname);
- fsa_our_uname = cluster->uname;
- fsa_our_uuid = cluster->uuid;
- if(cluster->uuid == NULL) {
- crm_err("Could not obtain local uuid");
- registered = FALSE;
+
+ if (registered == TRUE) {
+ controld_election_init(cluster->uname);
+ fsa_our_uname = cluster->uname;
+ fsa_our_uuid = cluster->uuid;
+ if(cluster->uuid == NULL) {
+ crm_err("Could not obtain local uuid");
+ registered = FALSE;
+ }
}
if (registered == FALSE) {
--
2.21.0