Re: [meta-virtualization][kirkstone][PATCH 1/1] fuse: Fix CVE-2023-26253

Wed, 12 Apr 2023 10:08:55 -0700 

In message: [meta-virtualization][kirkstone][PATCH 1/1] fuse: Fix CVE-2023-26253
on 11/04/2023 Soumya wrote:

> Resolve asan bug in during receive event notification (#4024)
> 
>     The fuse xlator notify function tries to assign data object to graph
>     object without checking an event. In case of upcall event data object
>     represents upcall object so during access of graph object the process
>     crashed for asan build.
> 
>     Solution: Access the graph->id only while an event is associated
>     specifically to fuse xlator

merged.

Bruce

> 
> Signed-off-by: Soumya <[email protected]>
> ---
>  .../glusterfs/files/CVE-2023-26253.patch      | 76 +++++++++++++++++++
>  recipes-extended/glusterfs/glusterfs.inc      |  1 +
>  2 files changed, 77 insertions(+)
>  create mode 100644 recipes-extended/glusterfs/files/CVE-2023-26253.patch
> 
> diff --git a/recipes-extended/glusterfs/files/CVE-2023-26253.patch 
> b/recipes-extended/glusterfs/files/CVE-2023-26253.patch
> new file mode 100644
> index 00000000..828c1626
> --- /dev/null
> +++ b/recipes-extended/glusterfs/files/CVE-2023-26253.patch
> @@ -0,0 +1,76 @@
> +commit 0cbf51a9827af0e3a35f5cfa823bfa39740bbc58
> +Author: mohit84 <[email protected]>
> +Date:   Thu Mar 30 13:02:19 2023 +0530
> +Subject: [PATCH] fuse: Resolve asan bug in during receive event notification
> + (#4024)
> +
> +    The fuse xlator notify function tries to assign data object to graph
> +    object without checking an event. In case of upcall event data object
> +    represents upcall object so during access of graph object the process
> +    crashed for asan build.
> +
> +    Solution: Access the graph->id only while an event is associated
> +    specifically to fuse xlator
> +
> +    > Fixes: #3954
> +    > Change-Id: I6b2869256b26d22163879737dcf163510d1cd8bf
> +    > Signed-off-by: Mohit Agrawal [email protected]
> +    > (Reviewed on upstream link #4019)
> +
> +    Fixes: #3954
> +    Change-Id: I6b2869256b26d22163879737dcf163510d1cd8bf
> +
> +CVE: CVE-2023-26253
> +
> +Upstream-Status: Backport 
> [https://github.com/gluster/glusterfs/commit/0cbf51a9827af0e3a35f5cfa823bfa39740bbc58]
> +
> +Signed-off-by: Soumya <[email protected]>
> +---
> + xlators/mount/fuse/src/fuse-bridge.c | 14 +++++++++++---
> + 1 file changed, 11 insertions(+), 3 deletions(-)
> +
> +diff --git a/xlators/mount/fuse/src/fuse-bridge.c 
> b/xlators/mount/fuse/src/fuse-bridge.c
> +index c3945d7..0c01a43 100644
> +--- a/xlators/mount/fuse/src/fuse-bridge.c
> ++++ b/xlators/mount/fuse/src/fuse-bridge.c
> +@@ -6198,6 +6198,7 @@ notify(xlator_t *this, int32_t event, void *data, ...)
> +     int32_t ret = 0;
> +     fuse_private_t *private = NULL;
> +     gf_boolean_t start_thread = _gf_false;
> ++    gf_boolean_t event_graph = _gf_true;
> +     glusterfs_graph_t *graph = NULL;
> + 
> +    private
> +@@ -6205,9 +6206,6 @@ notify(xlator_t *this, int32_t event, void *data, ...)
> + 
> +     graph = data;
> + 
> +-    gf_log("fuse", GF_LOG_DEBUG, "got event %d on graph %d", event,
> +-           ((graph) ? graph->id : 0));
> +-
> +     switch (event) {
> +         case GF_EVENT_GRAPH_NEW:
> +             break;
> +@@ -6271,9 +6269,19 @@ notify(xlator_t *this, int32_t event, void *data, ...)
> +         }
> + 
> +         default:
> ++            /* Set the event_graph to false so that event
> ++               debug msg would not try to access invalid graph->id
> ++               while data object is not matched to graph object
> ++               for ex in case of upcall event data object represents
> ++               gf_upcall object
> ++            */
> ++            event_graph = _gf_false;
> +             break;
> +     }
> + 
> ++    gf_log("fuse", GF_LOG_DEBUG, "got event %d on graph %d", event,
> ++           ((graph && event_graph) ? graph->id : -1));
> ++
> +     return ret;
> + }
> + 
> +-- 
> +2.35.5
> +
> diff --git a/recipes-extended/glusterfs/glusterfs.inc 
> b/recipes-extended/glusterfs/glusterfs.inc
> index baa8962b..e5bedca1 100644
> --- a/recipes-extended/glusterfs/glusterfs.inc
> +++ b/recipes-extended/glusterfs/glusterfs.inc
> @@ -20,6 +20,7 @@ SRC_URI += "file://glusterd.init \
>              file://glusterd-change-port-range.patch \
>              
> file://configure.ac-allow-PYTHON-values-to-be-passed-via-en.patch \
>              
> file://0001-cli-duplicate-defns-of-cli_default_conn_timeout-and-.patch \
> +            file://CVE-2023-26253.patch \
>             "
>  
>  LICENSE = "(LGPL-3.0-or-later | GPL-2.0-only) & GPL-3.0-or-later & 
> LGPL-3.0-or-later & GPL-2.0-or-later & LGPL-2.0-or-later & LGPL-2.1-or-later 
> & Apache-2.0"
> -- 
> 2.35.5
> 

> 
> 
> 


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#7988): 
https://lists.yoctoproject.org/g/meta-virtualization/message/7988
Mute This Topic: https://lists.yoctoproject.org/mt/98191421/21656
Group Owner: [email protected]
Unsubscribe: 
https://lists.yoctoproject.org/g/meta-virtualization/leave/6693005/21656/1014668956/xyzzy
 [[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to