Fix plugin code for the new fsm implementation
Resolves: RHEL-9561 RHEL-9563 RHEL-9565
This commit is contained in:
Florian Festi
parent
0408f935ff
commit
e91f7f791b
@ -0,0 +1,90 @@
|
||||
From 6dd62720fe84f7e2ad902c915b952fc0b29e3dcd Mon Sep 17 00:00:00 2001
|
||||
From: Panu Matilainen <pmatilai@redhat.com>
|
||||
Date: Tue, 15 Feb 2022 11:34:37 +0200
|
||||
Subject: [PATCH] Swap over to dirfd+basename based operation within the fsm
|
||||
|
||||
Within fsm this is just a matter of adjusting error messages to include
|
||||
the directory... if it only wasn't for the plugins requiring absolute
|
||||
paths for outside users. For the plugins, we need to assemble absolute
|
||||
paths as needed, both in ensureDir() and plugin file slots.
|
||||
---
|
||||
lib/rpmplugins.c | 20 +++++++++++++++++---
|
||||
2 files changed, 36 insertions(+), 14 deletions(-)
|
||||
|
||||
diff --git a/lib/rpmplugins.c b/lib/rpmplugins.c
|
||||
index 703368c0d..f06fd7895 100644
|
||||
--- a/lib/rpmplugins.c
|
||||
+++ b/lib/rpmplugins.c
|
||||
@@ -350,21 +350,31 @@ rpmRC rpmpluginsCallScriptletPost(rpmPlugins plugins, const char *s_name, int ty
|
||||
return rc;
|
||||
}
|
||||
|
||||
+static char *abspath(rpmfi fi, const char *path)
|
||||
+{
|
||||
+ if (*path == '/')
|
||||
+ return xstrdup(path);
|
||||
+ else
|
||||
+ return rstrscat(NULL, rpmfiDN(fi), path, NULL);
|
||||
+}
|
||||
+
|
||||
rpmRC rpmpluginsCallFsmFilePre(rpmPlugins plugins, rpmfi fi, const char *path,
|
||||
mode_t file_mode, rpmFsmOp op)
|
||||
{
|
||||
plugin_fsm_file_pre_func hookFunc;
|
||||
int i;
|
||||
rpmRC rc = RPMRC_OK;
|
||||
+ char *apath = abspath(fi, path);
|
||||
|
||||
for (i = 0; i < plugins->count; i++) {
|
||||
rpmPlugin plugin = plugins->plugins[i];
|
||||
RPMPLUGINS_SET_HOOK_FUNC(fsm_file_pre);
|
||||
- if (hookFunc && hookFunc(plugin, fi, path, file_mode, op) == RPMRC_FAIL) {
|
||||
+ if (hookFunc && hookFunc(plugin, fi, apath, file_mode, op) == RPMRC_FAIL) {
|
||||
rpmlog(RPMLOG_ERR, "Plugin %s: hook fsm_file_pre failed\n", plugin->name);
|
||||
rc = RPMRC_FAIL;
|
||||
}
|
||||
}
|
||||
+ free(apath);
|
||||
|
||||
return rc;
|
||||
}
|
||||
@@ -375,14 +385,16 @@ rpmRC rpmpluginsCallFsmFilePost(rpmPlugins plugins, rpmfi fi, const char *path,
|
||||
plugin_fsm_file_post_func hookFunc;
|
||||
int i;
|
||||
rpmRC rc = RPMRC_OK;
|
||||
+ char *apath = abspath(fi, path);
|
||||
|
||||
for (i = 0; i < plugins->count; i++) {
|
||||
rpmPlugin plugin = plugins->plugins[i];
|
||||
RPMPLUGINS_SET_HOOK_FUNC(fsm_file_post);
|
||||
- if (hookFunc && hookFunc(plugin, fi, path, file_mode, op, res) == RPMRC_FAIL) {
|
||||
+ if (hookFunc && hookFunc(plugin, fi, apath, file_mode, op, res) == RPMRC_FAIL) {
|
||||
rpmlog(RPMLOG_WARNING, "Plugin %s: hook fsm_file_post failed\n", plugin->name);
|
||||
}
|
||||
}
|
||||
+ free(apath);
|
||||
|
||||
return rc;
|
||||
}
|
||||
@@ -394,15 +406,17 @@ rpmRC rpmpluginsCallFsmFilePrepare(rpmPlugins plugins, rpmfi fi,
|
||||
plugin_fsm_file_prepare_func hookFunc;
|
||||
int i;
|
||||
rpmRC rc = RPMRC_OK;
|
||||
+ char *apath = abspath(fi, path);
|
||||
|
||||
for (i = 0; i < plugins->count; i++) {
|
||||
rpmPlugin plugin = plugins->plugins[i];
|
||||
RPMPLUGINS_SET_HOOK_FUNC(fsm_file_prepare);
|
||||
- if (hookFunc && hookFunc(plugin, fi, fd, path, dest, file_mode, op) == RPMRC_FAIL) {
|
||||
+ if (hookFunc && hookFunc(plugin, fi, fd, apath, dest, file_mode, op) == RPMRC_FAIL) {
|
||||
rpmlog(RPMLOG_ERR, "Plugin %s: hook fsm_file_prepare failed\n", plugin->name);
|
||||
rc = RPMRC_FAIL;
|
||||
}
|
||||
}
|
||||
+ free(apath);
|
||||
|
||||
return rc;
|
||||
}
|
||||
--
|
||||
2.41.0
|
||||
|
||||
9
rpm.spec
9
rpm.spec
@ -32,7 +32,7 @@
|
||||
|
||||
%global rpmver 4.14.3
|
||||
#global snapver rc2
|
||||
%global rel 28
|
||||
%global rel 29
|
||||
|
||||
%global srcver %{version}%{?snapver:-%{snapver}}
|
||||
%global srcdir %{?snapver:testing}%{!?snapver:%{name}-%(echo %{version} | cut -d'.' -f1-2).x}
|
||||
@ -119,11 +119,12 @@ Patch165: rpm-4.16.1.3-rpm2archive-error-handling.patch
|
||||
Patch166: rpm-4.14.3-rpm2archive-nocompression.patch
|
||||
Patch167: rpm-4.14.3-rpm2archive-parse-popt-options.patch
|
||||
Patch168: rpm-4.14.3-rpm2archive-Don-t-print-usage.patch
|
||||
# Backport fsm to fix CVEs
|
||||
# Backport fsm to fix CVEs
|
||||
Patch169: 0001-Eliminate-code-duplication-from-rpmfiNext.patch
|
||||
Patch170: 0001-Add-optional-callback-on-directory-changes-during-rp.patch
|
||||
Patch171: 0001-Pass-file-descriptor-to-file-prepare-plugin-hook-use.patch
|
||||
Patch172: 0001-Use-file-state-machine-from-rpm-4.19.patch
|
||||
Patch172: 0001-Swap-over-to-dirfd-basename-based-operation-within-t.patch
|
||||
Patch173: 0001-Use-file-state-machine-from-rpm-4.19.patch
|
||||
|
||||
# Python 3 string API sanity
|
||||
Patch500: 0001-In-Python-3-return-all-our-string-data-as-surrogate-.patch
|
||||
@ -706,7 +707,7 @@ make check || cat tests/rpmtests.log
|
||||
%doc doc/librpm/html/*
|
||||
|
||||
%changelog
|
||||
* Fri Oct 13 2023 Florian Festi <ffesti@redhat.com> - 4.14.3-28
|
||||
* Tue Nov 07 2023 Florian Festi <ffesti@redhat.com> - 4.14.3-29
|
||||
- Backport file handling code from rpm-4.19 to fix CVE-2021-35937,
|
||||
CVE-2021-35938 and CVE-2021-35939
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user