diff options
Diffstat (limited to 'recipes-extended/glusterfs/files/0003-server-protocol-don-t-allow-.-path-in-name.patch')
-rw-r--r-- | recipes-extended/glusterfs/files/0003-server-protocol-don-t-allow-.-path-in-name.patch | 73 |
1 files changed, 73 insertions, 0 deletions
diff --git a/recipes-extended/glusterfs/files/0003-server-protocol-don-t-allow-.-path-in-name.patch b/recipes-extended/glusterfs/files/0003-server-protocol-don-t-allow-.-path-in-name.patch new file mode 100644 index 00000000..e6ef9e39 --- /dev/null +++ b/recipes-extended/glusterfs/files/0003-server-protocol-don-t-allow-.-path-in-name.patch @@ -0,0 +1,73 @@ +From b89658672d137ef56bd0694457b9125bf7d45ba4 Mon Sep 17 00:00:00 2001 +From: Amar Tumballi <amarts@redhat.com> +Date: Thu, 9 Aug 2018 13:00:01 +0530 +Subject: [PATCH 3/7] server-protocol: don't allow '../' path in 'name' + +This will prevent any arbitrary file creation through glusterfs +by modifying the client bits. + +Also check for the similar flaw inside posix too, so we prevent any +changes in layers in-between. + +Fixes: bz#1625095 + +Signed-off-by: Amar Tumballi <amarts@redhat.com> +Change-Id: Id9fe0ef6e86459e8ed85ab947d977f058c5ae06e + +Upstream-Status: Backport + +Fix CVE-2018-10926 +Fix CVE-2018-10927 +Fix CVE-2018-10928 +Fix CVE-2018-10929 +Fix CVE-2018-10930 + +Signed-off-by: Chen Qi <Qi.Chen@windriver.com> +--- + xlators/protocol/server/src/server-resolve.c | 12 ++++++++++++ + xlators/storage/posix/src/posix-handle.h | 6 ++++++ + 2 files changed, 18 insertions(+) + +diff --git a/xlators/protocol/server/src/server-resolve.c b/xlators/protocol/server/src/server-resolve.c +index d0126aa..aa35685 100644 +--- a/xlators/protocol/server/src/server-resolve.c ++++ b/xlators/protocol/server/src/server-resolve.c +@@ -294,6 +294,18 @@ resolve_entry_simple (call_frame_t *frame) + /* expected @parent was found from the inode cache */ + gf_uuid_copy (state->loc_now->pargfid, resolve->pargfid); + state->loc_now->parent = inode_ref (parent); ++ ++ if (strstr (resolve->bname, "../")) { ++ /* Resolving outside the parent's tree is not allowed */ ++ gf_msg (this->name, GF_LOG_ERROR, EPERM, ++ PS_MSG_GFID_RESOLVE_FAILED, ++ "%s: path sent by client not allowed", ++ resolve->bname); ++ resolve->op_ret = -1; ++ resolve->op_errno = EPERM; ++ ret = 1; ++ goto out; ++ } + state->loc_now->name = resolve->bname; + + inode = inode_grep (state->itable, parent, resolve->bname); +diff --git a/xlators/storage/posix/src/posix-handle.h b/xlators/storage/posix/src/posix-handle.h +index 9af6a7a..6e7a8d2 100644 +--- a/xlators/storage/posix/src/posix-handle.h ++++ b/xlators/storage/posix/src/posix-handle.h +@@ -217,6 +217,12 @@ + break; \ + } \ + \ ++ if (strstr (loc->name, "../")) { \ ++ gf_msg (this->name, GF_LOG_ERROR, 0, P_MSG_ENTRY_HANDLE_CREATE, \ ++ "'../' in name not allowed: (%s)", loc->name); \ ++ op_ret = -1; \ ++ break; \ ++ } \ + if (LOC_HAS_ABSPATH (loc)) { \ + MAKE_REAL_PATH (entp, this, loc->path); \ + __parp = strdupa (entp); \ +-- +2.7.4 + |