Bug#1036673: marked as done (unblock: glusterfs/10.3-5)

Debian Bug Tracking System Wed, 24 May 2023 13:03:39 -0700

Your message dated Wed, 24 May 2023 20:01:33 +0000
with message-id <[email protected]>
and subject line unblock glusterfs
has caused the Debian Bug report #1036673,
regarding unblock: glusterfs/10.3-5
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
1036673: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036673
Debian Bug Tracking System
Contact [email protected] with problems

--- Begin Message ---

Package: release.debian.org
Severity: normal
User: [email protected]
Usertags: unblock

Please unblock package glusterfs

[ Reason ]
I have applied a patch from 10.4, which fixes a security issue as described in
CVE-2023-26253, #1031731 and https://github.com/gluster/glusterfs/issues/3954

[ Impact ]
Stack buffer overflow

[ Tests ]
Manual and tests driven by upstream

[ Risks ]
Small patch already shipped by upstream, I do not see a risk

[ Checklist ]
  [x ] all changes are documented in the d/changelog
  [x ] I reviewed all changes and I approve them
  [x ] attach debdiff against the package in testing


unblock glusterfs/10.3-5

diff -Nru glusterfs-10.3/debian/changelog glusterfs-10.3/debian/changelog
--- glusterfs-10.3/debian/changelog     2023-01-06 15:56:57.000000000 +0100
+++ glusterfs-10.3/debian/changelog     2023-05-24 10:48:08.000000000 +0200
@@ -1,3 +1,12 @@
+glusterfs (10.3-5) unstable; urgency=high
+
+  * Add upstream patch 09-CVE-2023-26253: Resolve asan bug in during receive
+    event notification, which results in a stack-buffer-overflow. This
+    addresses CVE-2023-26253.
+    Closes: #1031731
+
+ -- Patrick Matthäi <[email protected]>  Wed, 24 May 2023 10:48:08 +0200
+
 glusterfs (10.3-4) unstable; urgency=medium
 
   * Add adduser dependency on glusterfs-common.
diff -Nru glusterfs-10.3/debian/patches/09-CVE-2023-26253.diff 
glusterfs-10.3/debian/patches/09-CVE-2023-26253.diff
--- glusterfs-10.3/debian/patches/09-CVE-2023-26253.diff        1970-01-01 
01:00:00.000000000 +0100
+++ glusterfs-10.3/debian/patches/09-CVE-2023-26253.diff        2023-05-24 
10:48:08.000000000 +0200
@@ -0,0 +1,67 @@
+From 0cbf51a9827af0e3a35f5cfa823bfa39740bbc58 Mon Sep 17 00:00:00 2001
+From: mohit84 <[email protected]>
+Date: Thu, 30 Mar 2023 13:02:19 +0530
+Subject: [PATCH] fuse: Resolve asan bug in during receive event notification
+ (#4024)
+
+The fuse xlator notify function tries to assign data object to graph
+object without checking an event. In case of upcall event data object
+represents upcall object so during access of graph object the process
+crashed for asan build.
+
+Solution: Access the graph->id only while an event is associated
+specifically to fuse xlator
+
+> Fixes: #3954
+> Change-Id: I6b2869256b26d22163879737dcf163510d1cd8bf
+> Signed-off-by: Mohit Agrawal [email protected]
+> (Reviewed on upstream link #4019)
+
+Fixes: #3954
+Change-Id: I6b2869256b26d22163879737dcf163510d1cd8bf
+---
+ xlators/mount/fuse/src/fuse-bridge.c | 14 +++++++++++---
+ 1 file changed, 11 insertions(+), 3 deletions(-)
+
+diff --git a/xlators/mount/fuse/src/fuse-bridge.c 
b/xlators/mount/fuse/src/fuse-bridge.c
+index 89e7725ca7c..583a135fac2 100644
+--- a/xlators/mount/fuse/src/fuse-bridge.c
++++ b/xlators/mount/fuse/src/fuse-bridge.c
+@@ -6484,6 +6484,7 @@ notify(xlator_t *this, int32_t event, void *data, ...)
+     int32_t ret = 0;
+     fuse_private_t *private = NULL;
+     gf_boolean_t start_thread = _gf_false;
++    gf_boolean_t event_graph = _gf_true;
+     glusterfs_graph_t *graph = NULL;
+     struct pollfd pfd = {0};
+ 
+@@ -6492,9 +6493,6 @@ notify(xlator_t *this, int32_t event, void *data, ...)
+ 
+     graph = data;
+ 
+-    gf_log("fuse", GF_LOG_DEBUG, "got event %d on graph %d", event,
+-           ((graph) ? graph->id : 0));
+-
+     switch (event) {
+         case GF_EVENT_GRAPH_NEW:
+             break;
+@@ -6584,9 +6582,19 @@ notify(xlator_t *this, int32_t event, void *data, ...)
+         }
+ 
+         default:
++            /* Set the event_graph to false so that event
++               debug msg would not try to access invalid graph->id
++               while data object is not matched to graph object
++               for ex in case of upcall event data object represents
++               gf_upcall object
++            */
++            event_graph = _gf_false;
+             break;
+     }
+ 
++    gf_log("fuse", GF_LOG_DEBUG, "got event %d on graph %d", event,
++           ((graph && event_graph) ? graph->id : -1));
++
+     return ret;
+ }
+ 
diff -Nru glusterfs-10.3/debian/patches/series 
glusterfs-10.3/debian/patches/series
--- glusterfs-10.3/debian/patches/series        2023-01-06 15:56:57.000000000 
+0100
+++ glusterfs-10.3/debian/patches/series        2023-05-24 10:48:08.000000000 
+0200
@@ -4,3 +4,4 @@
 06-spelling-error.diff
 07-spelling-error.diff
 08-bash-term-in-posix-shell.diff
+09-CVE-2023-26253.diff

--- End Message ---

--- Begin Message ---
Unblocked.
--- End Message ---

Bug#1036673: marked as done (unblock: glusterfs/10.3-5)

Reply via email to