Import from CS git
This commit is contained in:
parent
991d1cc920
commit
eaeb816b4a
@ -0,0 +1,34 @@
|
||||
commit ce6112399ebf0ff39069a34bc9286242c875555e
|
||||
Author: adam kaminski <adam@adamkaminski.com>
|
||||
Date: Fri Feb 9 12:49:34 2024 -0500
|
||||
|
||||
pmapi.py : fix for struct_time() and day of year out of range on yyyy-01-01
|
||||
|
||||
Fix for `day of year out of range` on 2024-01-01, due to self.tm_yday - 1, which returns `[2024, 1, 1, 2, 3, 0, 0, -1, 0]`. The range for tm_yday should be [1, 366].
|
||||
|
||||
# timedatectl set-ntp false
|
||||
# timedatectl set-time "2024-01-01 00:00:00"
|
||||
# /usr/libexec/pcp/bin/pcp-mpstat -P ALL -t 1 -s 2
|
||||
Traceback (most recent call last):
|
||||
File "/usr/libexec/pcp/bin/pcp-mpstat", line 653, in <module>
|
||||
sts = manager.run()
|
||||
File "/usr/lib64/python3.6/site-packages/pcp/pmcc.py", line 687, in run
|
||||
self._printer.report(self)
|
||||
File "/usr/libexec/pcp/bin/pcp-mpstat", line 606, in report
|
||||
self.print_machine_info(group, manager)
|
||||
File "/usr/libexec/pcp/bin/pcp-mpstat", line 585, in print_machine_info
|
||||
time_string = time.strftime("%x", timestamp.struct_time())
|
||||
ValueError: day of year out of range
|
||||
|
||||
diff -Naurp pcp-5.3.7.orig/src/python/pcp/pmapi.py pcp-5.3.7/src/python/pcp/pmapi.py
|
||||
--- pcp-5.3.7.orig/src/python/pcp/pmapi.py 2022-04-05 09:05:43.000000000 +1000
|
||||
+++ pcp-5.3.7/src/python/pcp/pmapi.py 2024-08-08 09:56:16.298625548 +1000
|
||||
@@ -299,7 +299,7 @@ class tm(Structure):
|
||||
pywday = 6
|
||||
stlist = [self.tm_year + 1900, self.tm_mon + 1, self.tm_mday,
|
||||
self.tm_hour, self.tm_min, self.tm_sec,
|
||||
- pywday, self.tm_yday - 1, self.tm_isdst]
|
||||
+ pywday, self.tm_yday + 1, self.tm_isdst]
|
||||
return time.struct_time(stlist)
|
||||
|
||||
def __str__(self):
|
320
SOURCES/redhat-issues-RHEL-34586-pmproxy-pmcd-fd-leak.patch
Normal file
320
SOURCES/redhat-issues-RHEL-34586-pmproxy-pmcd-fd-leak.patch
Normal file
@ -0,0 +1,320 @@
|
||||
diff -Naurp pcp-5.3.7.orig/qa/src/test_pcp_sockets.python pcp-5.3.7/qa/src/test_pcp_sockets.python
|
||||
--- pcp-5.3.7.orig/qa/src/test_pcp_sockets.python 1970-01-01 10:00:00.000000000 +1000
|
||||
+++ pcp-5.3.7/qa/src/test_pcp_sockets.python 2024-09-09 13:47:06.848083320 +1000
|
||||
@@ -0,0 +1,23 @@
|
||||
+import socket
|
||||
+import cpmapi as api
|
||||
+from pcp import pmapi
|
||||
+
|
||||
+address = 'localhost'
|
||||
+port = 44321
|
||||
+
|
||||
+c = []
|
||||
+for i in range(0, 1234):
|
||||
+ print('context', i)
|
||||
+ ctx = pmapi.pmContext(api.PM_CONTEXT_HOST, "local:")
|
||||
+ print('created', i)
|
||||
+ c.append(ctx)
|
||||
+
|
||||
+s = []
|
||||
+for i in range(0, 1234):
|
||||
+ sock = socket.socket()
|
||||
+ print('socket', i)
|
||||
+ sock.connect((address, port))
|
||||
+ print('connect', i)
|
||||
+ sock.send(b"abba\r") # -- gives a too-large PDU
|
||||
+ print('send', i)
|
||||
+ # s.append(sock) # -- exercise pduread: timeout
|
||||
diff -Naurp pcp-5.3.7.orig/src/libpcp/src/pdu.c pcp-5.3.7/src/libpcp/src/pdu.c
|
||||
--- pcp-5.3.7.orig/src/libpcp/src/pdu.c 2022-04-05 09:05:43.000000000 +1000
|
||||
+++ pcp-5.3.7/src/libpcp/src/pdu.c 2024-09-09 13:47:06.869083364 +1000
|
||||
@@ -186,10 +186,7 @@ pduread(int fd, char *buf, int len, int
|
||||
* Need all parts of the PDU to be received by dead_hand
|
||||
* This enforces a low overall timeout for the whole PDU
|
||||
* (as opposed to just a timeout for individual calls to
|
||||
- * recv). A more invasive alternative (better) approach
|
||||
- * would see all I/O performed in the main event loop,
|
||||
- * and I/O routines transformed to continuation-passing
|
||||
- * style.
|
||||
+ * recv).
|
||||
*/
|
||||
gettimeofday(&dead_hand, NULL);
|
||||
dead_hand.tv_sec += wait.tv_sec;
|
||||
@@ -499,9 +496,10 @@ PM_FAULT_RETURN(PM_ERR_TIMEOUT);
|
||||
if (len == -1) {
|
||||
if (! __pmSocketClosed()) {
|
||||
char errmsg[PM_MAXERRMSGLEN];
|
||||
- pmNotifyErr(LOG_ERR, "%s: fd=%d hdr read: len=%d: %s",
|
||||
- "__pmGetPDU", fd, len,
|
||||
- pmErrStr_r(-oserror(), errmsg, sizeof(errmsg)));
|
||||
+ if (pmDebugOptions.pdu)
|
||||
+ pmNotifyErr(LOG_ERR, "%s: fd=%d hdr read: len=%d: %s",
|
||||
+ "__pmGetPDU", fd, len,
|
||||
+ pmErrStr_r(-oserror(), errmsg, sizeof(errmsg)));
|
||||
}
|
||||
}
|
||||
else if (len >= (int)sizeof(php->len)) {
|
||||
@@ -520,15 +518,17 @@ PM_FAULT_RETURN(PM_ERR_TIMEOUT);
|
||||
}
|
||||
else if (len < 0) {
|
||||
char errmsg[PM_MAXERRMSGLEN];
|
||||
- pmNotifyErr(LOG_ERR, "%s: fd=%d hdr read: len=%d: %s",
|
||||
- "__pmGetPDU", fd, len,
|
||||
- pmErrStr_r(len, errmsg, sizeof(errmsg)));
|
||||
+ if (pmDebugOptions.pdu)
|
||||
+ pmNotifyErr(LOG_ERR, "%s: fd=%d hdr read: len=%d: %s",
|
||||
+ "__pmGetPDU", fd, len,
|
||||
+ pmErrStr_r(len, errmsg, sizeof(errmsg)));
|
||||
__pmUnpinPDUBuf(pdubuf);
|
||||
return PM_ERR_IPC;
|
||||
}
|
||||
else if (len > 0) {
|
||||
- pmNotifyErr(LOG_ERR, "%s: fd=%d hdr read: bad len=%d",
|
||||
- "__pmGetPDU", fd, len);
|
||||
+ if (pmDebugOptions.pdu)
|
||||
+ pmNotifyErr(LOG_ERR, "%s: fd=%d hdr read: bad len=%d",
|
||||
+ "__pmGetPDU", fd, len);
|
||||
__pmUnpinPDUBuf(pdubuf);
|
||||
return PM_ERR_IPC;
|
||||
}
|
||||
@@ -547,8 +547,9 @@ check_read_len:
|
||||
* PDU length indicates insufficient bytes for a PDU header
|
||||
* ... looks like DOS attack like PV 935490
|
||||
*/
|
||||
- pmNotifyErr(LOG_ERR, "%s: fd=%d illegal PDU len=%d in hdr",
|
||||
- "__pmGetPDU", fd, php->len);
|
||||
+ if (pmDebugOptions.pdu)
|
||||
+ pmNotifyErr(LOG_ERR, "%s: fd=%d illegal PDU len=%d in hdr",
|
||||
+ "__pmGetPDU", fd, php->len);
|
||||
__pmUnpinPDUBuf(pdubuf);
|
||||
return PM_ERR_IPC;
|
||||
}
|
||||
@@ -559,16 +560,18 @@ check_read_len:
|
||||
* (note, pmcd and pmdas have to be able to _send_ large PDUs,
|
||||
* e.g. for a pmResult or instance domain enquiry)
|
||||
*/
|
||||
- if (len < (int)(sizeof(php->len) + sizeof(php->type)))
|
||||
- /* PDU too short to provide a valid type */
|
||||
- pmNotifyErr(LOG_ERR, "%s: fd=%d bad PDU len=%d in hdr "
|
||||
- "exceeds maximum client PDU size (%d)",
|
||||
- "__pmGetPDU", fd, php->len, ceiling);
|
||||
- else
|
||||
- pmNotifyErr(LOG_ERR, "%s: fd=%d type=0x%x bad PDU len=%d in hdr "
|
||||
- "exceeds maximum client PDU size (%d)",
|
||||
- "__pmGetPDU", fd, (unsigned)ntohl(php->type),
|
||||
- php->len, ceiling);
|
||||
+ if (pmDebugOptions.pdu) {
|
||||
+ if (len < (int)(sizeof(php->len) + sizeof(php->type)))
|
||||
+ /* PDU too short to provide a valid type */
|
||||
+ pmNotifyErr(LOG_ERR, "%s: fd=%d bad PDU len=%d in hdr"
|
||||
+ " exceeds maximum client PDU size (%d)",
|
||||
+ "__pmGetPDU", fd, php->len, ceiling);
|
||||
+ else
|
||||
+ pmNotifyErr(LOG_ERR, "%s: fd=%d type=0x%x bad PDU len=%d in hdr"
|
||||
+ " exceeds maximum client PDU size (%d)",
|
||||
+ "__pmGetPDU", fd, (unsigned)ntohl(php->type),
|
||||
+ php->len, ceiling);
|
||||
+ }
|
||||
__pmUnpinPDUBuf(pdubuf);
|
||||
return PM_ERR_TOOBIG;
|
||||
}
|
||||
@@ -608,6 +611,10 @@ check_read_len:
|
||||
__pmUnpinPDUBuf(pdubuf);
|
||||
return PM_ERR_TIMEOUT;
|
||||
}
|
||||
+ else if (!pmDebugOptions.pdu) {
|
||||
+ __pmUnpinPDUBuf(pdubuf);
|
||||
+ return PM_ERR_IPC;
|
||||
+ }
|
||||
else if (len < 0) {
|
||||
char errmsg[PM_MAXERRMSGLEN];
|
||||
pmNotifyErr(LOG_ERR, "%s: fd=%d data read: len=%d: %s",
|
||||
@@ -641,7 +648,8 @@ check_read_len:
|
||||
* PDU type is bad ... could be a possible mem leak attack like
|
||||
* https://bugzilla.redhat.com/show_bug.cgi?id=841319
|
||||
*/
|
||||
- pmNotifyErr(LOG_ERR, "%s: fd=%d illegal PDU type=%d in hdr",
|
||||
+ if (pmDebugOptions.pdu)
|
||||
+ pmNotifyErr(LOG_ERR, "%s: fd=%d illegal PDU type=%d in hdr",
|
||||
"__pmGetPDU", fd, php->type);
|
||||
__pmUnpinPDUBuf(pdubuf);
|
||||
return PM_ERR_IPC;
|
||||
diff -Naurp pcp-5.3.7.orig/src/libpcp_web/src/load.h pcp-5.3.7/src/libpcp_web/src/load.h
|
||||
--- pcp-5.3.7.orig/src/libpcp_web/src/load.h 2021-02-17 15:27:41.000000000 +1100
|
||||
+++ pcp-5.3.7/src/libpcp_web/src/load.h 2024-09-09 13:45:56.531933622 +1000
|
||||
@@ -42,8 +42,9 @@ typedef struct context {
|
||||
unsigned int setup : 1; /* context established */
|
||||
unsigned int cached : 1; /* context/source in cache */
|
||||
unsigned int garbage : 1; /* context pending removal */
|
||||
+ unsigned int inactive: 1; /* context removal deferred */
|
||||
unsigned int updated : 1; /* context labels are updated */
|
||||
- unsigned int padding : 4; /* zero-filled struct padding */
|
||||
+ unsigned int padding : 3; /* zero-filled struct padding */
|
||||
unsigned int refcount : 16; /* currently-referenced counter */
|
||||
unsigned int timeout; /* context timeout in milliseconds */
|
||||
uv_timer_t timer;
|
||||
diff -Naurp pcp-5.3.7.orig/src/libpcp_web/src/webgroup.c pcp-5.3.7/src/libpcp_web/src/webgroup.c
|
||||
--- pcp-5.3.7.orig/src/libpcp_web/src/webgroup.c 2024-09-09 13:44:34.166748200 +1000
|
||||
+++ pcp-5.3.7/src/libpcp_web/src/webgroup.c 2024-09-09 13:45:56.531933622 +1000
|
||||
@@ -134,9 +134,18 @@ webgroup_timeout_context(uv_timer_t *arg
|
||||
* is returned to zero by the caller, or background cleanup
|
||||
* finds this context and cleans it.
|
||||
*/
|
||||
- if (cp->refcount == 0 && cp->garbage == 0) {
|
||||
- cp->garbage = 1;
|
||||
- uv_timer_stop(&cp->timer);
|
||||
+ if (cp->refcount == 0) {
|
||||
+ if (cp->garbage == 0) {
|
||||
+ cp->garbage = 1;
|
||||
+ uv_timer_stop(&cp->timer);
|
||||
+ }
|
||||
+ } else {
|
||||
+ /*
|
||||
+ * Context timed out but still referenced, must wait
|
||||
+ * until the caller releases its reference (shortly)
|
||||
+ * before beginning garbage collection process.
|
||||
+ */
|
||||
+ cp->inactive = 1;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -298,20 +307,28 @@ webgroup_garbage_collect(struct webgroup
|
||||
dictIterator *iterator;
|
||||
dictEntry *entry;
|
||||
context_t *cp;
|
||||
- unsigned int count = 0, drops = 0;
|
||||
+ unsigned int count = 0, drops = 0, garbageset = 0, inactiveset = 0;
|
||||
|
||||
if (pmDebugOptions.http || pmDebugOptions.libweb)
|
||||
- fprintf(stderr, "%s: started\n", "webgroup_garbage_collect");
|
||||
+ fprintf(stderr, "%s: started for groups %p\n",
|
||||
+ "webgroup_garbage_collect", groups);
|
||||
|
||||
/* do context GC if we get the lock (else don't block here) */
|
||||
if (uv_mutex_trylock(&groups->mutex) == 0) {
|
||||
iterator = dictGetSafeIterator(groups->contexts);
|
||||
for (entry = dictNext(iterator); entry;) {
|
||||
cp = (context_t *)dictGetVal(entry);
|
||||
+ if (cp->privdata != groups)
|
||||
+ continue;
|
||||
entry = dictNext(iterator);
|
||||
- if (cp->garbage && cp->privdata == groups) {
|
||||
+ if (cp->garbage)
|
||||
+ garbageset++;
|
||||
+ if (cp->inactive && cp->refcount == 0)
|
||||
+ inactiveset++;
|
||||
+ if (cp->garbage || (cp->inactive && cp->refcount == 0)) {
|
||||
if (pmDebugOptions.http || pmDebugOptions.libweb)
|
||||
- fprintf(stderr, "GC context %u (%p)\n", cp->randomid, cp);
|
||||
+ fprintf(stderr, "GC dropping context %u (%p)\n",
|
||||
+ cp->randomid, cp);
|
||||
uv_mutex_unlock(&groups->mutex);
|
||||
webgroup_drop_context(cp, groups);
|
||||
uv_mutex_lock(&groups->mutex);
|
||||
@@ -324,7 +341,8 @@ webgroup_garbage_collect(struct webgroup
|
||||
/* if dropping the last remaining context, do cleanup */
|
||||
if (groups->active && drops == count) {
|
||||
if (pmDebugOptions.http || pmDebugOptions.libweb)
|
||||
- fprintf(stderr, "%s: freezing\n", "webgroup_garbage_collect");
|
||||
+ fprintf(stderr, "%s: freezing groups %p\n",
|
||||
+ "webgroup_garbage_collect", groups);
|
||||
webgroup_timers_stop(groups);
|
||||
}
|
||||
uv_mutex_unlock(&groups->mutex);
|
||||
@@ -334,8 +352,10 @@ webgroup_garbage_collect(struct webgroup
|
||||
mmv_set(groups->map, groups->metrics[WEBGROUP_GC_COUNT], &count);
|
||||
|
||||
if (pmDebugOptions.http || pmDebugOptions.libweb)
|
||||
- fprintf(stderr, "%s: finished [%u drops from %u entries]\n",
|
||||
- "webgroup_garbage_collect", drops, count);
|
||||
+ fprintf(stderr, "%s: finished [%u drops from %u entries,"
|
||||
+ " %u garbageset, %u inactiveset]\n",
|
||||
+ "webgroup_garbage_collect", drops, count,
|
||||
+ garbageset, inactiveset);
|
||||
}
|
||||
|
||||
static void
|
||||
@@ -354,7 +374,7 @@ webgroup_use_context(struct context *cp,
|
||||
int sts;
|
||||
struct webgroups *gp = (struct webgroups *)cp->privdata;
|
||||
|
||||
- if (cp->garbage == 0) {
|
||||
+ if (cp->garbage == 0 && cp->inactive == 0) {
|
||||
if (cp->setup == 0) {
|
||||
if ((sts = pmReconnectContext(cp->context)) < 0) {
|
||||
infofmt(*message, "cannot reconnect context: %s",
|
||||
@@ -424,7 +444,7 @@ webgroup_lookup_context(pmWebGroupSettin
|
||||
*status = -ENOTCONN;
|
||||
return NULL;
|
||||
}
|
||||
- if (cp->garbage == 0) {
|
||||
+ if (cp->garbage == 0 && cp->inactive == 0) {
|
||||
access.username = cp->username;
|
||||
access.password = cp->password;
|
||||
access.realm = cp->realm;
|
||||
diff -Naurp pcp-5.3.7.orig/src/pmcd/src/client.c pcp-5.3.7/src/pmcd/src/client.c
|
||||
--- pcp-5.3.7.orig/src/pmcd/src/client.c 2018-01-15 15:49:13.000000000 +1100
|
||||
+++ pcp-5.3.7/src/pmcd/src/client.c 2024-09-09 13:47:06.870083366 +1000
|
||||
@@ -74,7 +74,8 @@ NotifyEndContext(int ctx)
|
||||
ClientInfo *
|
||||
AcceptNewClient(int reqfd)
|
||||
{
|
||||
- static unsigned int seq = 0;
|
||||
+ static unsigned int seq, saved, count;
|
||||
+ static struct timeval then;
|
||||
int i, fd;
|
||||
__pmSockLen addrlen;
|
||||
struct timeval now;
|
||||
@@ -83,21 +84,30 @@ AcceptNewClient(int reqfd)
|
||||
addrlen = __pmSockAddrSize();
|
||||
fd = __pmAccept(reqfd, client[i].addr, &addrlen);
|
||||
if (fd == -1) {
|
||||
- if (neterror() == EPERM) {
|
||||
- pmNotifyErr(LOG_NOTICE, "AcceptNewClient(%d): "
|
||||
- "Permission Denied\n", reqfd);
|
||||
- }
|
||||
- else if (neterror() == ECONNABORTED) {
|
||||
+ if (neterror() == ECONNABORTED) {
|
||||
/* quietly ignore this one ... */
|
||||
;
|
||||
}
|
||||
else {
|
||||
- /*
|
||||
- * unexpected ... ignore the client (we used to kill off pmcd
|
||||
- * but that seems way too extreme)
|
||||
+ /* Permission denied or an unexpected error (e.g. EMFILE)
|
||||
+ * - rate limit the logging and make this client go away.
|
||||
*/
|
||||
- pmNotifyErr(LOG_ERR, "AcceptNewClient(%d): Unexpected error from __pmAccept: %d: %s\n",
|
||||
- reqfd, neterror(), netstrerror());
|
||||
+ pmtimevalNow(&now);
|
||||
+ if (neterror() != saved || now.tv_sec > then.tv_sec + 60) {
|
||||
+ if (neterror() == EPERM)
|
||||
+ pmNotifyErr(LOG_NOTICE, "AcceptNewClient(%d): "
|
||||
+ "Permission Denied (%d suppressed)\n",
|
||||
+ reqfd, count);
|
||||
+ else
|
||||
+ pmNotifyErr(LOG_ERR, "AcceptNewClient(%d): "
|
||||
+ "Accept error (%d suppressed): %d: %s\n",
|
||||
+ reqfd, count, neterror(), netstrerror());
|
||||
+ saved = neterror();
|
||||
+ count = 0;
|
||||
+ } else {
|
||||
+ count++;
|
||||
+ }
|
||||
+ then = now;
|
||||
}
|
||||
client[i].fd = -1;
|
||||
DeleteClient(&client[i]);
|
||||
diff -Naurp pcp-5.3.7.orig/src/pmcd/src/pmcd.c pcp-5.3.7/src/pmcd/src/pmcd.c
|
||||
--- pcp-5.3.7.orig/src/pmcd/src/pmcd.c 2021-10-13 10:48:23.000000000 +1100
|
||||
+++ pcp-5.3.7/src/pmcd/src/pmcd.c 2024-09-09 13:47:06.871083368 +1000
|
||||
@@ -685,7 +685,7 @@ HandleReadyAgents(__pmFdSet *readyFds)
|
||||
}
|
||||
|
||||
static void
|
||||
-CheckNewClient(__pmFdSet * fdset, int rfd, int family)
|
||||
+CheckNewClient(__pmFdSet *fdset, int rfd, int family)
|
||||
{
|
||||
int s, sts, accepted = 1;
|
||||
__uint32_t challenge;
|
1404
SOURCES/redhat-issues-RHEL-57788-pmdahacluster-update.patch
Normal file
1404
SOURCES/redhat-issues-RHEL-57788-pmdahacluster-update.patch
Normal file
File diff suppressed because it is too large
Load Diff
403
SOURCES/redhat-issues-RHEL-57796-pmcd-pmstore-corruption.patch
Normal file
403
SOURCES/redhat-issues-RHEL-57796-pmcd-pmstore-corruption.patch
Normal file
@ -0,0 +1,403 @@
|
||||
diff -Naurp pcp-5.3.7.orig/qa/1518 pcp-5.3.7/qa/1518
|
||||
--- pcp-5.3.7.orig/qa/1518 1970-01-01 10:00:00.000000000 +1000
|
||||
+++ pcp-5.3.7/qa/1518 2024-09-09 13:13:14.561437414 +1000
|
||||
@@ -0,0 +1,75 @@
|
||||
+#!/bin/sh
|
||||
+# PCP QA Test No. 1518
|
||||
+# SUSE Issue A)
|
||||
+# __pmDecodeValueSet() Miscalculates Available Buffer Space
|
||||
+# Leading to a Possible Heap Corruption
|
||||
+#
|
||||
+# Copyright (c) 2024 Ken McDonell. All Rights Reserved.
|
||||
+# Copyright (c) 2024 Matthias Gerstner. All Rights Reserved.
|
||||
+#
|
||||
+
|
||||
+if [ $# -eq 0 ]
|
||||
+then
|
||||
+ seq=`basename $0`
|
||||
+ echo "QA output created by $seq"
|
||||
+else
|
||||
+ # use $seq from caller, unless not set
|
||||
+ [ -n "$seq" ] || seq=`basename $0`
|
||||
+ echo "QA output created by `basename $0` $*"
|
||||
+fi
|
||||
+
|
||||
+# get standard environment, filters and checks
|
||||
+. ./common.product
|
||||
+. ./common.filter
|
||||
+. ./common.check
|
||||
+
|
||||
+$sudo rm -rf $tmp $tmp.* $seq.full
|
||||
+
|
||||
+which nc >/dev/null 2>&1 || _notrun "no nc executable installed"
|
||||
+_check_valgrind
|
||||
+
|
||||
+_cleanup()
|
||||
+{
|
||||
+ cat pmcd.log >>$here/$seq.full
|
||||
+ cd $here
|
||||
+ $sudo rm -rf $tmp $tmp.*
|
||||
+}
|
||||
+
|
||||
+status=0 # success is the default!
|
||||
+trap "_cleanup; exit \$status" 0 1 2 3 15
|
||||
+
|
||||
+_filter()
|
||||
+{
|
||||
+ sed \
|
||||
+ -e '/^Command: /d' \
|
||||
+ # end
|
||||
+}
|
||||
+
|
||||
+mkdir $tmp || exit 1
|
||||
+cd $tmp
|
||||
+grep sampledso $PCP_PMCDCONF_PATH >pmcd.conf
|
||||
+cat pmcd.conf >>$here/$seq.full
|
||||
+port=`_find_free_port`
|
||||
+echo "port=$port" >>$here/$seq.full
|
||||
+
|
||||
+# real QA test starts here
|
||||
+valgrind $PCP_BINADM_DIR/pmcd -f -Dpdu -c ./pmcd.conf -s ./pmcd.socket -p $port >out 2>err &
|
||||
+valgrind_pid=$!
|
||||
+sleep 2
|
||||
+pmcd_pid=`$PCP_PS_PROG $PCP_PS_ALL_FLAGS | grep '[p]mcd -f -Dpdu' | $PCP_AWK_PROG '{ print $2 }'`
|
||||
+echo "pmcd_pid=$pmcd_pid" >>$here/$seq.full
|
||||
+nc -N -U ./pmcd.socket <$here/binary/decode-value-set-out-of-bound-write 2>&1 \
|
||||
+| od -c >>$here/$seq.full
|
||||
+sleep 2
|
||||
+kill -TERM $pmcd_pid
|
||||
+wait
|
||||
+
|
||||
+echo "expect error to be logged ..."
|
||||
+grep __pmDecodeValueSet pmcd.log
|
||||
+
|
||||
+echo
|
||||
+echo "and no valgrind badness ..."
|
||||
+cat out err | _filter_valgrind | _filter
|
||||
+
|
||||
+# success, all done
|
||||
+exit
|
||||
diff -Naurp pcp-5.3.7.orig/qa/1518.out pcp-5.3.7/qa/1518.out
|
||||
--- pcp-5.3.7.orig/qa/1518.out 1970-01-01 10:00:00.000000000 +1000
|
||||
+++ pcp-5.3.7/qa/1518.out 2024-09-09 13:13:14.561437414 +1000
|
||||
@@ -0,0 +1,11 @@
|
||||
+QA output created by 1518
|
||||
+expect error to be logged ...
|
||||
+__pmDecodeValueSet: PM_ERR_IPC: pmid[0] value[0] vindex=1020 (max=255)
|
||||
+
|
||||
+and no valgrind badness ...
|
||||
+Memcheck, a memory error detector
|
||||
+LEAK SUMMARY:
|
||||
+definitely lost: 0 bytes in 0 blocks
|
||||
+indirectly lost: 0 bytes in 0 blocks
|
||||
+Rerun with --leak-check=full to see details of leaked memory
|
||||
+ERROR SUMMARY: 0 errors from 0 contexts ...
|
||||
diff -Naurp pcp-5.3.7.orig/qa/group pcp-5.3.7/qa/group
|
||||
--- pcp-5.3.7.orig/qa/group 2024-09-09 13:11:13.796450545 +1000
|
||||
+++ pcp-5.3.7/qa/group 2024-09-09 13:13:49.419437747 +1000
|
||||
@@ -1847,6 +1847,7 @@ x11
|
||||
1490 python local labels
|
||||
1495 pmlogrewrite labels pmdumplog local
|
||||
1511 pmcd local pmda.sample
|
||||
+1518 pmcd libpcp local
|
||||
1530 pmda.zfs local valgrind
|
||||
1531 pmda.zfs local valgrind
|
||||
1532 pmda.zfs local
|
||||
diff -Naurp pcp-5.3.7.orig/src/libpcp/src/endian.c pcp-5.3.7/src/libpcp/src/endian.c
|
||||
--- pcp-5.3.7.orig/src/libpcp/src/endian.c 2022-04-05 09:05:43.000000000 +1000
|
||||
+++ pcp-5.3.7/src/libpcp/src/endian.c 2024-09-09 13:20:56.967560588 +1000
|
||||
@@ -268,13 +268,17 @@ ntohEventArray(pmValueBlock * const vb,
|
||||
}
|
||||
|
||||
void
|
||||
-__ntohpmValueBlock(pmValueBlock * const vb)
|
||||
+__ntohpmValueBlock_hdr(pmValueBlock * const vb)
|
||||
{
|
||||
unsigned int *ip = (unsigned int *)vb;
|
||||
|
||||
/* Swab the first word, which contain vtype and vlen */
|
||||
*ip = ntohl(*ip);
|
||||
+}
|
||||
|
||||
+void
|
||||
+__ntohpmValueBlock_buf(pmValueBlock * const vb)
|
||||
+{
|
||||
switch (vb->vtype) {
|
||||
case PM_TYPE_U64:
|
||||
case PM_TYPE_64:
|
||||
@@ -298,6 +302,13 @@ __ntohpmValueBlock(pmValueBlock * const
|
||||
break;
|
||||
}
|
||||
}
|
||||
+
|
||||
+void
|
||||
+__ntohpmValueBlock(pmValueBlock * const vb)
|
||||
+{
|
||||
+ __ntohpmValueBlock_hdr(vb);
|
||||
+ __ntohpmValueBlock_buf(vb);
|
||||
+}
|
||||
#endif
|
||||
|
||||
#ifndef __htonpmPDUInfo
|
||||
diff -Naurp pcp-5.3.7.orig/src/libpcp/src/internal.h pcp-5.3.7/src/libpcp/src/internal.h
|
||||
--- pcp-5.3.7.orig/src/libpcp/src/internal.h 2022-04-05 09:05:43.000000000 +1000
|
||||
+++ pcp-5.3.7/src/libpcp/src/internal.h 2024-09-09 13:21:44.336608061 +1000
|
||||
@@ -60,6 +60,8 @@ extern int __pmGetDate(struct timespec *
|
||||
#define __ntohpmLabel(a) /* noop */
|
||||
#define __htonpmValueBlock(a) /* noop */
|
||||
#define __ntohpmValueBlock(a) /* noop */
|
||||
+#define __ntohpmValueBlock_hdr(a) /* noop */
|
||||
+#define __ntohpmValueBlock_buf(a) /* noop */
|
||||
#define __htonpmTimespec(a) /* noop */
|
||||
#define __ntohpmTimespec(a) /* noop */
|
||||
#define __htonpmTimestamp(a) /* noop */
|
||||
@@ -94,6 +96,8 @@ extern void __htonpmLabel(pmLabel * cons
|
||||
extern void __ntohpmLabel(pmLabel * const) _PCP_HIDDEN;
|
||||
extern void __htonpmValueBlock(pmValueBlock * const) _PCP_HIDDEN;
|
||||
extern void __ntohpmValueBlock(pmValueBlock * const) _PCP_HIDDEN;
|
||||
+extern void __ntohpmValueBlock_hdr(pmValueBlock * const) _PCP_HIDDEN;
|
||||
+extern void __ntohpmValueBlock_buf(pmValueBlock * const) _PCP_HIDDEN;
|
||||
extern void __htonpmTimespec(pmTimespec * const ) _PCP_HIDDEN;
|
||||
extern void __ntohpmTimespec(pmTimespec * const ) _PCP_HIDDEN;
|
||||
extern void __htonpmTimestamp(__pmTimestamp * const );
|
||||
diff -Naurp pcp-5.3.7.orig/src/libpcp/src/p_result.c pcp-5.3.7/src/libpcp/src/p_result.c
|
||||
--- pcp-5.3.7.orig/src/libpcp/src/p_result.c 2022-04-05 09:05:43.000000000 +1000
|
||||
+++ pcp-5.3.7/src/libpcp/src/p_result.c 2024-09-09 13:27:16.651969214 +1000
|
||||
@@ -277,6 +277,135 @@ __pmSendHighResResult(int fd, int from,
|
||||
return __pmSendHighResResult_ctx(NULL, fd, from, result);
|
||||
}
|
||||
|
||||
+/* Check that a network encoded event array is within a given buffer size */
|
||||
+int
|
||||
+__pmEventArrayCheck(pmValueBlock * const vb, int highres, int pmid, int value, size_t check)
|
||||
+{
|
||||
+ char *base;
|
||||
+ int r; /* records */
|
||||
+ int p; /* parameters in a record ... */
|
||||
+ int nrecords;
|
||||
+ int nparams;
|
||||
+
|
||||
+ if (highres) {
|
||||
+ pmHighResEventArray *hreap = (pmHighResEventArray *)vb;
|
||||
+ base = (char *)&hreap->ea_record[0];
|
||||
+ if (base > (char *)vb + check) {
|
||||
+ if (pmDebugOptions.pdu)
|
||||
+ fprintf(stderr, "__pmEventArrayCheck #1: PM_ERR_IPC: pmid[%d] value[%d] highres event records past end of PDU buffer\n",
|
||||
+ pmid, value);
|
||||
+ return PM_ERR_IPC;
|
||||
+ }
|
||||
+ nrecords = ntohl(hreap->ea_nrecords);
|
||||
+ }
|
||||
+ else {
|
||||
+ pmEventArray *eap = (pmEventArray *)vb;
|
||||
+ base = (char *)&eap->ea_record[0];
|
||||
+ if (base > (char *)vb + check) {
|
||||
+ if (pmDebugOptions.pdu)
|
||||
+ fprintf(stderr, "__pmEventArrayCheck #2: PM_ERR_IPC: pmid[%d] value[%d] event records past end of PDU buffer\n",
|
||||
+ pmid, value);
|
||||
+ return PM_ERR_IPC;
|
||||
+ }
|
||||
+ nrecords = ntohl(eap->ea_nrecords);
|
||||
+ }
|
||||
+
|
||||
+ /* walk packed event record array */
|
||||
+ for (r = 0; r < nrecords; r++) {
|
||||
+ unsigned int flags, type;
|
||||
+ size_t size, remaining;
|
||||
+
|
||||
+ remaining = check - (base - (char *)vb);
|
||||
+ if (highres) {
|
||||
+ pmHighResEventRecord *hrerp = (pmHighResEventRecord *)base;
|
||||
+ size = sizeof(hrerp->er_timestamp) + sizeof(hrerp->er_flags) +
|
||||
+ sizeof(hrerp->er_nparams);
|
||||
+ if (size > remaining) {
|
||||
+ if (pmDebugOptions.pdu)
|
||||
+ fprintf(stderr, "__pmEventArrayCheck #3: PM_ERR_IPC: pmid[%d] value[%d] record[%d] highres event record past end of PDU buffer\n",
|
||||
+ pmid, value, r);
|
||||
+ return PM_ERR_IPC;
|
||||
+ }
|
||||
+ nparams = ntohl(hrerp->er_nparams);
|
||||
+ flags = ntohl(hrerp->er_flags);
|
||||
+ }
|
||||
+ else {
|
||||
+ pmEventRecord *erp = (pmEventRecord *)base;
|
||||
+ size = sizeof(erp->er_timestamp) + sizeof(erp->er_flags) +
|
||||
+ sizeof(erp->er_nparams);
|
||||
+ if (size > remaining) {
|
||||
+ if (pmDebugOptions.pdu)
|
||||
+ fprintf(stderr, "__pmEventArrayCheck #4: PM_ERR_IPC: pmid[%d] value[%d] record[%d] event record past end of PDU buffer\n",
|
||||
+ pmid, value, r);
|
||||
+ return PM_ERR_IPC;
|
||||
+ }
|
||||
+ nparams = ntohl(erp->er_nparams);
|
||||
+ flags = ntohl(erp->er_flags);
|
||||
+ }
|
||||
+
|
||||
+ if (flags & PM_EVENT_FLAG_MISSED)
|
||||
+ nparams = 0;
|
||||
+
|
||||
+ base += size;
|
||||
+ remaining = check - (base - (char *)vb);
|
||||
+
|
||||
+ for (p = 0; p < nparams; p++) {
|
||||
+ __uint32_t *tp; /* points to int holding vtype/vlen */
|
||||
+ pmEventParameter *epp = (pmEventParameter *)base;
|
||||
+
|
||||
+ if (sizeof(pmEventParameter) > remaining) {
|
||||
+ if (pmDebugOptions.pdu)
|
||||
+ fprintf(stderr, "__pmEventArrayCheck #5: PM_ERR_IPC: pmid[%d] value[%d] record[%d] param[%d] event record past end of PDU buffer\n",
|
||||
+ pmid, value, r, p);
|
||||
+ return PM_ERR_IPC;
|
||||
+ }
|
||||
+
|
||||
+ tp = (__uint32_t *)&epp->ep_pmid;
|
||||
+ tp++; /* now points to ep_type/ep_len */
|
||||
+ *tp = ntohl(*tp);
|
||||
+ type = epp->ep_type;
|
||||
+ size = epp->ep_len;
|
||||
+ *tp = htonl(*tp); /* leave the buffer how we found it */
|
||||
+
|
||||
+ if (sizeof(pmID) + size > remaining) {
|
||||
+ if (pmDebugOptions.pdu)
|
||||
+ fprintf(stderr, "__pmEventArrayCheck #6: PM_ERR_IPC: pmid[%d] value[%d] record[%d] param[%d] event record past end of PDU buffer\n",
|
||||
+ pmid, value, r, p);
|
||||
+ return PM_ERR_IPC;
|
||||
+ }
|
||||
+
|
||||
+ base += sizeof(pmID) + PM_PDU_SIZE_BYTES(size);
|
||||
+
|
||||
+ /*
|
||||
+ * final check for the types below, ep_len should be 4 or
|
||||
+ * 8, but a malformed PDU could have smaller ep_len values
|
||||
+ * and then unpacking these types risk going past the end
|
||||
+ * of the PDU buffer
|
||||
+ */
|
||||
+ size = 0;
|
||||
+ switch (type) {
|
||||
+ case PM_TYPE_32:
|
||||
+ case PM_TYPE_U32:
|
||||
+ case PM_TYPE_FLOAT:
|
||||
+ size = 4; /* 32-bit types */
|
||||
+ break;
|
||||
+ case PM_TYPE_64:
|
||||
+ case PM_TYPE_U64:
|
||||
+ case PM_TYPE_DOUBLE:
|
||||
+ size = 8; /* 64-bit types */
|
||||
+ break;
|
||||
+ }
|
||||
+ if (size > 0 && sizeof(pmID) + size > remaining) {
|
||||
+ if (pmDebugOptions.pdu)
|
||||
+ fprintf(stderr, "__pmEventArrayCheck #7: PM_ERR_IPC: pmid[%d] value[%d] record[%d] param[%d] event record past end of PDU buffer\n",
|
||||
+ pmid, value, r, p);
|
||||
+ return PM_ERR_IPC;
|
||||
+ }
|
||||
+ }
|
||||
+ }
|
||||
+ return 0;
|
||||
+}
|
||||
+
|
||||
#if defined(HAVE_64BIT_PTR)
|
||||
static int
|
||||
__pmDecodeValueSet(__pmPDU *pdubuf, int pdulen, __pmPDU *data, char *pduend,
|
||||
@@ -290,7 +419,7 @@ __pmDecodeValueSet(__pmPDU *pdubuf, int
|
||||
int i, j;
|
||||
/*
|
||||
* Note: all sizes are in units of bytes ... beware that 'data' is in
|
||||
- * units of __pmPDU
|
||||
+ * units of __pmPDU (four bytes)
|
||||
*/
|
||||
int vsize; /* size of vlist_t's in PDU buffer */
|
||||
int nvsize; /* size of pmValue's after decode */
|
||||
@@ -368,11 +497,10 @@ __pmDecodeValueSet(__pmPDU *pdubuf, int
|
||||
return PM_ERR_IPC;
|
||||
}
|
||||
vindex = ntohl(pduvp->value.lval);
|
||||
- if (vindex < 0 || vindex > pdulen) {
|
||||
+ if (vindex < 0 || (char *)&pdubuf[vindex] >= pduend) {
|
||||
if (pmDebugOptions.pdu && pmDebugOptions.desperate)
|
||||
- fprintf(stderr, "%s: Bad: pmid[%d] value[%d] "
|
||||
- "vindex=%d\n",
|
||||
- "__pmDecodeValueSet", i, j, vindex);
|
||||
+ fprintf(stderr, "__pmDecodeValueSet: PM_ERR_IPC: pmid[%d] value[%d] vindex=%d (max=%ld)\n",
|
||||
+ i, j, vindex, (long)((pduend-(char *)pdubuf) / sizeof(pdubuf[0])-1));
|
||||
return PM_ERR_IPC;
|
||||
}
|
||||
pduvbp = (pmValueBlock *)&pdubuf[vindex];
|
||||
@@ -387,7 +515,7 @@ __pmDecodeValueSet(__pmPDU *pdubuf, int
|
||||
"__pmDecodeValueSet", i, j);
|
||||
return PM_ERR_IPC;
|
||||
}
|
||||
- __ntohpmValueBlock(pduvbp);
|
||||
+ __ntohpmValueBlock_hdr(pduvbp);
|
||||
if (pduvbp->vlen < PM_VAL_HDR_SIZE ||
|
||||
pduvbp->vlen > pdulen) {
|
||||
if (pmDebugOptions.pdu && pmDebugOptions.desperate)
|
||||
@@ -396,13 +524,20 @@ __pmDecodeValueSet(__pmPDU *pdubuf, int
|
||||
i, j, pduvbp->vlen);
|
||||
return PM_ERR_IPC;
|
||||
}
|
||||
- if (pduvbp->vlen > (size_t)(pduend - (char *)pduvbp)) {
|
||||
+ if (pduvbp->vlen > check) {
|
||||
if (pmDebugOptions.pdu && pmDebugOptions.desperate)
|
||||
fprintf(stderr, "%s: Bad: pmid[%d] value[%d] "
|
||||
"pduvp past end of PDU buffer\n",
|
||||
"__pmDecodeValueSet", i, j);
|
||||
return PM_ERR_IPC;
|
||||
}
|
||||
+ if (pduvbp->vtype == PM_TYPE_HIGHRES_EVENT ||
|
||||
+ pduvbp->vtype == PM_TYPE_EVENT) {
|
||||
+ vindex = (pduvbp->vtype == PM_TYPE_HIGHRES_EVENT);
|
||||
+ if (__pmEventArrayCheck(pduvbp, vindex, i, j, check) < 0)
|
||||
+ return PM_ERR_IPC;
|
||||
+ }
|
||||
+ __ntohpmValueBlock_buf(pduvbp);
|
||||
vbsize += PM_PDU_SIZE_BYTES(pduvbp->vlen);
|
||||
if (pmDebugOptions.pdu && pmDebugOptions.desperate) {
|
||||
fprintf(stderr, " len: %d type: %d",
|
||||
@@ -635,11 +770,10 @@ __pmDecodeValueSet(__pmPDU *pdubuf, int
|
||||
} else {
|
||||
/* salvage pmValueBlocks from end of PDU */
|
||||
vindex = ntohl(pduvp->value.lval);
|
||||
- if (vindex < 0 || vindex > pdulen) {
|
||||
+ if (vindex < 0 || (char *)&pdubuf[vindex] >= pduend) {
|
||||
if (pmDebugOptions.pdu && pmDebugOptions.desperate)
|
||||
- fprintf(stderr, "%s: Bad: pmid[%d] value[%d] "
|
||||
- "vindex=%d\n",
|
||||
- "__pmDecodeValueSet", i, j, vindex);
|
||||
+ fprintf(stderr, "__pmDecodeValueSet: PM_ERR_IPC: pmid[%d] value[%d] vindex=%d (max=%ld)\n",
|
||||
+ i, j, vindex, (long)((pduend-(char *)pdubuf) / sizeof(pdubuf[0])-1));
|
||||
return PM_ERR_IPC;
|
||||
}
|
||||
pduvbp = (pmValueBlock *)&pdubuf[vindex];
|
||||
@@ -654,7 +788,8 @@ __pmDecodeValueSet(__pmPDU *pdubuf, int
|
||||
"__pmDecodeValueSet", i, j);
|
||||
return PM_ERR_IPC;
|
||||
}
|
||||
- __ntohpmValueBlock(pduvbp);
|
||||
+
|
||||
+ __ntohpmValueBlock_hdr(pduvbp);
|
||||
if (pduvbp->vlen < PM_VAL_HDR_SIZE ||
|
||||
pduvbp->vlen > pdulen) {
|
||||
if (pmDebugOptions.pdu && pmDebugOptions.desperate)
|
||||
@@ -663,13 +798,20 @@ __pmDecodeValueSet(__pmPDU *pdubuf, int
|
||||
i, j, pduvbp->vlen);
|
||||
return PM_ERR_IPC;
|
||||
}
|
||||
- if (pduvbp->vlen > (size_t)(pduend - (char *)pduvbp)) {
|
||||
+ if (pduvbp->vlen > check) {
|
||||
if (pmDebugOptions.pdu && pmDebugOptions.desperate)
|
||||
fprintf(stderr, "%s: Bad: pmid[%d] value[%d] "
|
||||
"pduvp past end of PDU buffer\n",
|
||||
"__pmDecodeValueSet", i, j);
|
||||
return PM_ERR_IPC;
|
||||
}
|
||||
+ if (pduvbp->vtype == PM_TYPE_HIGHRES_EVENT ||
|
||||
+ pduvbp->vtype == PM_TYPE_EVENT) {
|
||||
+ vindex = (pduvbp->vtype == PM_TYPE_HIGHRES_EVENT);
|
||||
+ if (__pmEventArrayCheck(pduvbp, vindex, i, j, check) < 0)
|
||||
+ return PM_ERR_IPC;
|
||||
+ }
|
||||
+ __ntohpmValueBlock_buf(pduvbp);
|
||||
pduvp->value.pval = pduvbp;
|
||||
}
|
||||
}
|
@ -0,0 +1,99 @@
|
||||
diff -Naurp pcp-5.3.7.orig/qa/640 pcp-5.3.7/qa/640
|
||||
--- pcp-5.3.7.orig/qa/640 2017-08-17 10:54:57.000000000 +1000
|
||||
+++ pcp-5.3.7/qa/640 2024-09-09 13:41:12.440235947 +1000
|
||||
@@ -6,6 +6,10 @@
|
||||
# years; so we now simply check the right permissions are in place
|
||||
# and move right along...
|
||||
#
|
||||
+# Aug 2024 update
|
||||
+# SuSE Issue G identifies another possible exploit, so try that
|
||||
+# as well.
|
||||
+#
|
||||
# Copyright (c) 1995-2002 Silicon Graphics, Inc. All Rights Reserved.
|
||||
#
|
||||
|
||||
@@ -17,13 +21,54 @@ echo "QA output created by $seq"
|
||||
. ./common.filter
|
||||
. ./common.check
|
||||
|
||||
-status=0 # success is the default!
|
||||
-trap "$sudo rm -f $tmp.*; exit \$status" 0 1 2 3 15
|
||||
+rm -f $seq.full
|
||||
+ls -li $PCP_LOG_DIR/NOTICES $tmp/badness >>$seq.full 2>&1
|
||||
+
|
||||
+_cleanup()
|
||||
+{
|
||||
+ if [ -f $PCP_LOG_DIR/NOTICES.$seq ]
|
||||
+ then
|
||||
+ $sudo rm -f $PCP_LOG_DIR/NOTICES
|
||||
+ $sudo mv $PCP_LOG_DIR/NOTICES.$seq $PCP_LOG_DIR/NOTICES
|
||||
+ fi
|
||||
+ ls -li $PCP_LOG_DIR/NOTICES $tmp/badness >>$seq.full 2>&1
|
||||
+ $sudo rm -rf $tmp $tmp.*
|
||||
+}
|
||||
+
|
||||
+status=1 # failure is the default!
|
||||
+trap "_cleanup; exit \$status" 0 1 2 3 15
|
||||
+
|
||||
+_filter()
|
||||
+{
|
||||
+ sed \
|
||||
+ -e "s@$PCP_LOG_DIR@PCP_LOG_DIR@g" \
|
||||
+ -e '/^pmpost:/s/\[.*]/[DATE]/' \
|
||||
+ # end
|
||||
+}
|
||||
|
||||
# real QA test starts here
|
||||
pmpost=$PCP_BINADM_DIR/pmpost
|
||||
-echo "Using pmpost binary: $pmpost" > $seq.full
|
||||
+echo "Using pmpost binary: $pmpost" >>$seq.full
|
||||
test -u "$pmpost" && echo "FAIL: pmpost has setuid bit set"
|
||||
test -g "$pmpost" && echo "FAIL: pmpost has setgid bit set"
|
||||
+
|
||||
+$sudo mkdir $tmp || exit
|
||||
+$sudo chmod 700 $tmp || exit
|
||||
+$sudo -u $PCP_USER mv $PCP_LOG_DIR/NOTICES $PCP_LOG_DIR/NOTICES.$seq
|
||||
+
|
||||
+$sudo -u $PCP_USER ln -s $tmp/badness $PCP_LOG_DIR/NOTICES >>$seq.full
|
||||
+$pmpost ordinary user 2>&1 | _filter
|
||||
+$sudo ls -li $PCP_LOG_DIR/NOTICES $tmp/badness >>$seq.full 2>&1
|
||||
+$sudo -u pcp $pmpost pcp user 2>&1 | _filter
|
||||
+$sudo ls -li $PCP_LOG_DIR/NOTICES $tmp/badness >>$seq.full 2>&1
|
||||
+$sudo $pmpost root user 2>&1 | _filter
|
||||
+$sudo ls -li $PCP_LOG_DIR/NOTICES $tmp/badness >>$seq.full 2>&1
|
||||
+if $sudo test -f $tmp/badness
|
||||
+then
|
||||
+ $sudo cat $tmp/badness
|
||||
+fi
|
||||
+
|
||||
echo "Test complete"
|
||||
+
|
||||
+status=0
|
||||
exit
|
||||
diff -Naurp pcp-5.3.7.orig/qa/640.out pcp-5.3.7/qa/640.out
|
||||
--- pcp-5.3.7.orig/qa/640.out 2017-08-17 10:54:57.000000000 +1000
|
||||
+++ pcp-5.3.7/qa/640.out 2024-09-09 13:41:12.440235947 +1000
|
||||
@@ -1,2 +1,5 @@
|
||||
QA output created by 640
|
||||
+pmpost: unposted message: [DATE] ordinary user
|
||||
+pmpost: unposted message: [DATE] pcp user
|
||||
+pmpost: unposted message: [DATE] root user
|
||||
Test complete
|
||||
diff -Naurp pcp-5.3.7.orig/src/pmpost/pmpost.c pcp-5.3.7/src/pmpost/pmpost.c
|
||||
--- pcp-5.3.7.orig/src/pmpost/pmpost.c 2021-02-17 15:27:41.000000000 +1100
|
||||
+++ pcp-5.3.7/src/pmpost/pmpost.c 2024-09-09 13:41:12.440235947 +1000
|
||||
@@ -141,8 +141,12 @@ main(int argc, char **argv)
|
||||
goto oops;
|
||||
}
|
||||
|
||||
- if ((fd = open(notices, O_WRONLY|O_APPEND, 0)) < 0) {
|
||||
- if ((fd = open(notices, O_WRONLY|O_CREAT|O_APPEND, 0664)) < 0) {
|
||||
+ if ((fd = open(notices, O_WRONLY|O_APPEND|O_NOFOLLOW, 0)) < 0) {
|
||||
+ if (oserror() == ELOOP) {
|
||||
+ /* last component is symlink => attack? ... bail! */
|
||||
+ goto oops;
|
||||
+ }
|
||||
+ if ((fd = open(notices, O_WRONLY|O_CREAT|O_APPEND|O_NOFOLLOW, 0664)) < 0) {
|
||||
fprintf(stderr, "pmpost: cannot open or create file \"%s\": %s\n",
|
||||
notices, osstrerror());
|
||||
goto oops;
|
@ -1,6 +1,6 @@
|
||||
Name: pcp
|
||||
Version: 5.3.7
|
||||
Release: 20%{?dist}
|
||||
Release: 22%{?dist}
|
||||
Summary: System-level performance monitoring and performance management
|
||||
License: GPLv2+ and LGPLv2+ and CC-BY
|
||||
URL: https://pcp.io
|
||||
@ -28,6 +28,11 @@ Patch17: redhat-build-jsonsl.patch
|
||||
Patch18: redhat-issues-RHEL-7507-pmdaopenmetrics-quoting.patch
|
||||
Patch19: redhat-issues-RHEL-7501-pmlogger_farm-selinux-policy.patch
|
||||
Patch20: redhat-issues-RHEL-30715-pmproxy-resp-proxy-disabled.patch
|
||||
Patch21: redhat-issues-RHEL-29708-python-day-of-year-range.patch
|
||||
Patch22: redhat-issues-RHEL-57796-pmcd-pmstore-corruption.patch
|
||||
Patch23: redhat-issues-RHEL-57799-pmpost-symlink-handling.patch
|
||||
Patch24: redhat-issues-RHEL-34586-pmproxy-pmcd-fd-leak.patch
|
||||
Patch25: redhat-issues-RHEL-57788-pmdahacluster-update.patch
|
||||
|
||||
# The additional linker flags break out-of-tree PMDAs.
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=2043092
|
||||
@ -39,11 +44,13 @@ Patch20: redhat-issues-RHEL-30715-pmproxy-resp-proxy-disabled.patch
|
||||
%global __python2 python
|
||||
%endif
|
||||
|
||||
# UsrMerge was completed in EL 7, however the latest 'hostname' package in EL 7 contains "Provides: /bin/hostname"
|
||||
# UsrMerge was completed in EL 7, however the latest 'hostname' package in EL 7 contains "Provides: /bin/hostname". Likewise for /bin/ps from procps[-ng] packages.
|
||||
%if 0%{?rhel} >= 8 || 0%{?fedora} >= 17
|
||||
%global _hostname_executable /usr/bin/hostname
|
||||
%global _ps_executable /usr/bin/ps
|
||||
%else
|
||||
%global _hostname_executable /bin/hostname
|
||||
%global _ps_executable /bin/ps
|
||||
%endif
|
||||
|
||||
%global disable_perl 0
|
||||
@ -294,7 +301,8 @@ BuildRequires: perl-devel perl(strict)
|
||||
BuildRequires: perl(ExtUtils::MakeMaker) perl(LWP::UserAgent) perl(JSON)
|
||||
BuildRequires: perl(Time::HiRes) perl(Digest::MD5)
|
||||
BuildRequires: perl(XML::LibXML) perl(File::Slurp)
|
||||
BuildRequires: man %{_hostname_executable}
|
||||
BuildRequires: %{_hostname_executable}
|
||||
BuildRequires: %{_ps_executable}
|
||||
%if !%{disable_systemd}
|
||||
BuildRequires: systemd-devel systemd-rpm-macros
|
||||
%endif
|
||||
@ -308,7 +316,8 @@ BuildRequires: qt5-qtsvg-devel
|
||||
%endif
|
||||
%endif
|
||||
|
||||
Requires: bash xz gawk sed grep findutils which %{_hostname_executable}
|
||||
Requires: bash xz gawk sed grep coreutils diffutils findutils
|
||||
Requires: which %{_hostname_executable} %{_ps_executable}
|
||||
Requires: pcp-libs = %{version}-%{release}
|
||||
|
||||
%if !%{disable_selinux}
|
||||
@ -3366,6 +3375,16 @@ fi
|
||||
%files zeroconf -f pcp-zeroconf-files.rpm
|
||||
|
||||
%changelog
|
||||
* Mon Sep 09 2024 Nathan Scott <nathans@redhat.com> - 5.3.7-22
|
||||
- Fix buffer sizing checks in pmstore PDU handling (RHEL-57796)
|
||||
- Guard against symlink attacks in pmpost program (RHEL-57799)
|
||||
- Fix libpcp_web webgroup slow request refcounting (RHEL-58002)
|
||||
- Update pmdahacluster for newer crm_mon versions (RHEL-57788)
|
||||
|
||||
* Thu Aug 08 2024 Nathan Scott <nathans@redhat.com> - 5.3.7-21
|
||||
- Fix python API day-of-year out of range bug (RHEL-29708)
|
||||
- Added spec deps on ps and diffutils for diff (RHEL-17081)
|
||||
|
||||
* Wed Apr 17 2024 Nathan Scott <nathans@redhat.com> - 5.3.7-20
|
||||
- Disable RESP proxying by default in pmproxy (RHEL-30715)
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user