Bug#1036673: unblock: glusterfs/10.3-5
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
Please unblock package glusterfs
[ Reason ]
I have applied a patch from 10.4, which fixes a security issue as described in
CVE-2023-26253, #1031731 and https://github.com/gluster/glusterfs/issues/3954
[ Impact ]
Stack buffer overflow
[ Tests ]
Manual and tests driven by upstream
[ Risks ]
Small patch already shipped by upstream, I do not see a risk
[ Checklist ]
[x ] all changes are documented in the d/changelog
[x ] I reviewed all changes and I approve them
[x ] attach debdiff against the package in testing
unblock glusterfs/10.3-5
diff -Nru glusterfs-10.3/debian/changelog glusterfs-10.3/debian/changelog
--- glusterfs-10.3/debian/changelog 2023-01-06 15:56:57.000000000 +0100
+++ glusterfs-10.3/debian/changelog 2023-05-24 10:48:08.000000000 +0200
@@ -1,3 +1,12 @@
+glusterfs (10.3-5) unstable; urgency=high
+
+ * Add upstream patch 09-CVE-2023-26253: Resolve asan bug in during receive
+ event notification, which results in a stack-buffer-overflow. This
+ addresses CVE-2023-26253.
+ Closes: #1031731
+
+ -- Patrick Matthäi <pmatthaei@debian.org> Wed, 24 May 2023 10:48:08 +0200
+
glusterfs (10.3-4) unstable; urgency=medium
* Add adduser dependency on glusterfs-common.
diff -Nru glusterfs-10.3/debian/patches/09-CVE-2023-26253.diff glusterfs-10.3/debian/patches/09-CVE-2023-26253.diff
--- glusterfs-10.3/debian/patches/09-CVE-2023-26253.diff 1970-01-01 01:00:00.000000000 +0100
+++ glusterfs-10.3/debian/patches/09-CVE-2023-26253.diff 2023-05-24 10:48:08.000000000 +0200
@@ -0,0 +1,67 @@
+From 0cbf51a9827af0e3a35f5cfa823bfa39740bbc58 Mon Sep 17 00:00:00 2001
+From: mohit84 <moagrawa@redhat.com>
+Date: Thu, 30 Mar 2023 13:02:19 +0530
+Subject: [PATCH] fuse: Resolve asan bug in during receive event notification
+ (#4024)
+
+The fuse xlator notify function tries to assign data object to graph
+object without checking an event. In case of upcall event data object
+represents upcall object so during access of graph object the process
+crashed for asan build.
+
+Solution: Access the graph->id only while an event is associated
+specifically to fuse xlator
+
+> Fixes: #3954
+> Change-Id: I6b2869256b26d22163879737dcf163510d1cd8bf
+> Signed-off-by: Mohit Agrawal moagrawa@redhat.com
+> (Reviewed on upstream link #4019)
+
+Fixes: #3954
+Change-Id: I6b2869256b26d22163879737dcf163510d1cd8bf
+---
+ xlators/mount/fuse/src/fuse-bridge.c | 14 +++++++++++---
+ 1 file changed, 11 insertions(+), 3 deletions(-)
+
+diff --git a/xlators/mount/fuse/src/fuse-bridge.c b/xlators/mount/fuse/src/fuse-bridge.c
+index 89e7725ca7c..583a135fac2 100644
+--- a/xlators/mount/fuse/src/fuse-bridge.c
++++ b/xlators/mount/fuse/src/fuse-bridge.c
+@@ -6484,6 +6484,7 @@ notify(xlator_t *this, int32_t event, void *data, ...)
+ int32_t ret = 0;
+ fuse_private_t *private = NULL;
+ gf_boolean_t start_thread = _gf_false;
++ gf_boolean_t event_graph = _gf_true;
+ glusterfs_graph_t *graph = NULL;
+ struct pollfd pfd = {0};
+
+@@ -6492,9 +6493,6 @@ notify(xlator_t *this, int32_t event, void *data, ...)
+
+ graph = data;
+
+- gf_log("fuse", GF_LOG_DEBUG, "got event %d on graph %d", event,
+- ((graph) ? graph->id : 0));
+-
+ switch (event) {
+ case GF_EVENT_GRAPH_NEW:
+ break;
+@@ -6584,9 +6582,19 @@ notify(xlator_t *this, int32_t event, void *data, ...)
+ }
+
+ default:
++ /* Set the event_graph to false so that event
++ debug msg would not try to access invalid graph->id
++ while data object is not matched to graph object
++ for ex in case of upcall event data object represents
++ gf_upcall object
++ */
++ event_graph = _gf_false;
+ break;
+ }
+
++ gf_log("fuse", GF_LOG_DEBUG, "got event %d on graph %d", event,
++ ((graph && event_graph) ? graph->id : -1));
++
+ return ret;
+ }
+
diff -Nru glusterfs-10.3/debian/patches/series glusterfs-10.3/debian/patches/series
--- glusterfs-10.3/debian/patches/series 2023-01-06 15:56:57.000000000 +0100
+++ glusterfs-10.3/debian/patches/series 2023-05-24 10:48:08.000000000 +0200
@@ -4,3 +4,4 @@
06-spelling-error.diff
07-spelling-error.diff
08-bash-term-in-posix-shell.diff
+09-CVE-2023-26253.diff
Reply to: