[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1036673: marked as done (unblock: glusterfs/10.3-5)

Your message dated Wed, 24 May 2023 20:01:33 +0000
with message-id <E1q1uft-00DqkU-78@respighi.debian.org>
and subject line unblock glusterfs
has caused the Debian Bug report #1036673,
regarding unblock: glusterfs/10.3-5
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1036673: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036673
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Please unblock package glusterfs

[ Reason ]
I have applied a patch from 10.4, which fixes a security issue as described in
CVE-2023-26253, #1031731 and https://github.com/gluster/glusterfs/issues/3954

[ Impact ]
Stack buffer overflow

[ Tests ]
Manual and tests driven by upstream

[ Risks ]
Small patch already shipped by upstream, I do not see a risk

[ Checklist ]
  [x ] all changes are documented in the d/changelog
  [x ] I reviewed all changes and I approve them
  [x ] attach debdiff against the package in testing


unblock glusterfs/10.3-5

diff -Nru glusterfs-10.3/debian/changelog glusterfs-10.3/debian/changelog
--- glusterfs-10.3/debian/changelog	2023-01-06 15:56:57.000000000 +0100
+++ glusterfs-10.3/debian/changelog	2023-05-24 10:48:08.000000000 +0200
@@ -1,3 +1,12 @@
+glusterfs (10.3-5) unstable; urgency=high
+
+  * Add upstream patch 09-CVE-2023-26253: Resolve asan bug in during receive
+    event notification, which results in a stack-buffer-overflow. This
+    addresses CVE-2023-26253.
+    Closes: #1031731
+
+ -- Patrick Matthäi <pmatthaei@debian.org>  Wed, 24 May 2023 10:48:08 +0200
+
 glusterfs (10.3-4) unstable; urgency=medium
 
   * Add adduser dependency on glusterfs-common.
diff -Nru glusterfs-10.3/debian/patches/09-CVE-2023-26253.diff glusterfs-10.3/debian/patches/09-CVE-2023-26253.diff
--- glusterfs-10.3/debian/patches/09-CVE-2023-26253.diff	1970-01-01 01:00:00.000000000 +0100
+++ glusterfs-10.3/debian/patches/09-CVE-2023-26253.diff	2023-05-24 10:48:08.000000000 +0200
@@ -0,0 +1,67 @@
+From 0cbf51a9827af0e3a35f5cfa823bfa39740bbc58 Mon Sep 17 00:00:00 2001
+From: mohit84 <moagrawa@redhat.com>
+Date: Thu, 30 Mar 2023 13:02:19 +0530
+Subject: [PATCH] fuse: Resolve asan bug in during receive event notification
+ (#4024)
+
+The fuse xlator notify function tries to assign data object to graph
+object without checking an event. In case of upcall event data object
+represents upcall object so during access of graph object the process
+crashed for asan build.
+
+Solution: Access the graph->id only while an event is associated
+specifically to fuse xlator
+
+> Fixes: #3954
+> Change-Id: I6b2869256b26d22163879737dcf163510d1cd8bf
+> Signed-off-by: Mohit Agrawal moagrawa@redhat.com
+> (Reviewed on upstream link #4019)
+
+Fixes: #3954
+Change-Id: I6b2869256b26d22163879737dcf163510d1cd8bf
+---
+ xlators/mount/fuse/src/fuse-bridge.c | 14 +++++++++++---
+ 1 file changed, 11 insertions(+), 3 deletions(-)
+
+diff --git a/xlators/mount/fuse/src/fuse-bridge.c b/xlators/mount/fuse/src/fuse-bridge.c
+index 89e7725ca7c..583a135fac2 100644
+--- a/xlators/mount/fuse/src/fuse-bridge.c
++++ b/xlators/mount/fuse/src/fuse-bridge.c
+@@ -6484,6 +6484,7 @@ notify(xlator_t *this, int32_t event, void *data, ...)
+     int32_t ret = 0;
+     fuse_private_t *private = NULL;
+     gf_boolean_t start_thread = _gf_false;
++    gf_boolean_t event_graph = _gf_true;
+     glusterfs_graph_t *graph = NULL;
+     struct pollfd pfd = {0};
+ 
+@@ -6492,9 +6493,6 @@ notify(xlator_t *this, int32_t event, void *data, ...)
+ 
+     graph = data;
+ 
+-    gf_log("fuse", GF_LOG_DEBUG, "got event %d on graph %d", event,
+-           ((graph) ? graph->id : 0));
+-
+     switch (event) {
+         case GF_EVENT_GRAPH_NEW:
+             break;
+@@ -6584,9 +6582,19 @@ notify(xlator_t *this, int32_t event, void *data, ...)
+         }
+ 
+         default:
++            /* Set the event_graph to false so that event
++               debug msg would not try to access invalid graph->id
++               while data object is not matched to graph object
++               for ex in case of upcall event data object represents
++               gf_upcall object
++            */
++            event_graph = _gf_false;
+             break;
+     }
+ 
++    gf_log("fuse", GF_LOG_DEBUG, "got event %d on graph %d", event,
++           ((graph && event_graph) ? graph->id : -1));
++
+     return ret;
+ }
+ 
diff -Nru glusterfs-10.3/debian/patches/series glusterfs-10.3/debian/patches/series
--- glusterfs-10.3/debian/patches/series	2023-01-06 15:56:57.000000000 +0100
+++ glusterfs-10.3/debian/patches/series	2023-05-24 10:48:08.000000000 +0200
@@ -4,3 +4,4 @@
 06-spelling-error.diff
 07-spelling-error.diff
 08-bash-term-in-posix-shell.diff
+09-CVE-2023-26253.diff

--- End Message ---
--- Begin Message --- 
Unblocked.

--- End Message ---
Reply to: