Package: release.debian.org Severity: normal User: release.debian....@packages.debian.org Usertags: unblock
Please unblock package glusterfs [ Reason ] I have applied a patch from 10.4, which fixes a security issue as described in CVE-2023-26253, #1031731 and https://github.com/gluster/glusterfs/issues/3954 [ Impact ] Stack buffer overflow [ Tests ] Manual and tests driven by upstream [ Risks ] Small patch already shipped by upstream, I do not see a risk [ Checklist ] [x ] all changes are documented in the d/changelog [x ] I reviewed all changes and I approve them [x ] attach debdiff against the package in testing unblock glusterfs/10.3-5
diff -Nru glusterfs-10.3/debian/changelog glusterfs-10.3/debian/changelog --- glusterfs-10.3/debian/changelog 2023-01-06 15:56:57.000000000 +0100 +++ glusterfs-10.3/debian/changelog 2023-05-24 10:48:08.000000000 +0200 @@ -1,3 +1,12 @@ +glusterfs (10.3-5) unstable; urgency=high + + * Add upstream patch 09-CVE-2023-26253: Resolve asan bug in during receive + event notification, which results in a stack-buffer-overflow. This + addresses CVE-2023-26253. + Closes: #1031731 + + -- Patrick Matthäi <pmatth...@debian.org> Wed, 24 May 2023 10:48:08 +0200 + glusterfs (10.3-4) unstable; urgency=medium * Add adduser dependency on glusterfs-common. diff -Nru glusterfs-10.3/debian/patches/09-CVE-2023-26253.diff glusterfs-10.3/debian/patches/09-CVE-2023-26253.diff --- glusterfs-10.3/debian/patches/09-CVE-2023-26253.diff 1970-01-01 01:00:00.000000000 +0100 +++ glusterfs-10.3/debian/patches/09-CVE-2023-26253.diff 2023-05-24 10:48:08.000000000 +0200 @@ -0,0 +1,67 @@ +From 0cbf51a9827af0e3a35f5cfa823bfa39740bbc58 Mon Sep 17 00:00:00 2001 +From: mohit84 <moagr...@redhat.com> +Date: Thu, 30 Mar 2023 13:02:19 +0530 +Subject: [PATCH] fuse: Resolve asan bug in during receive event notification + (#4024) + +The fuse xlator notify function tries to assign data object to graph +object without checking an event. In case of upcall event data object +represents upcall object so during access of graph object the process +crashed for asan build. + +Solution: Access the graph->id only while an event is associated +specifically to fuse xlator + +> Fixes: #3954 +> Change-Id: I6b2869256b26d22163879737dcf163510d1cd8bf +> Signed-off-by: Mohit Agrawal moagr...@redhat.com +> (Reviewed on upstream link #4019) + +Fixes: #3954 +Change-Id: I6b2869256b26d22163879737dcf163510d1cd8bf +--- + xlators/mount/fuse/src/fuse-bridge.c | 14 +++++++++++--- + 1 file changed, 11 insertions(+), 3 deletions(-) + +diff --git a/xlators/mount/fuse/src/fuse-bridge.c b/xlators/mount/fuse/src/fuse-bridge.c +index 89e7725ca7c..583a135fac2 100644 +--- a/xlators/mount/fuse/src/fuse-bridge.c ++++ b/xlators/mount/fuse/src/fuse-bridge.c +@@ -6484,6 +6484,7 @@ notify(xlator_t *this, int32_t event, void *data, ...) + int32_t ret = 0; + fuse_private_t *private = NULL; + gf_boolean_t start_thread = _gf_false; ++ gf_boolean_t event_graph = _gf_true; + glusterfs_graph_t *graph = NULL; + struct pollfd pfd = {0}; + +@@ -6492,9 +6493,6 @@ notify(xlator_t *this, int32_t event, void *data, ...) + + graph = data; + +- gf_log("fuse", GF_LOG_DEBUG, "got event %d on graph %d", event, +- ((graph) ? graph->id : 0)); +- + switch (event) { + case GF_EVENT_GRAPH_NEW: + break; +@@ -6584,9 +6582,19 @@ notify(xlator_t *this, int32_t event, void *data, ...) + } + + default: ++ /* Set the event_graph to false so that event ++ debug msg would not try to access invalid graph->id ++ while data object is not matched to graph object ++ for ex in case of upcall event data object represents ++ gf_upcall object ++ */ ++ event_graph = _gf_false; + break; + } + ++ gf_log("fuse", GF_LOG_DEBUG, "got event %d on graph %d", event, ++ ((graph && event_graph) ? graph->id : -1)); ++ + return ret; + } + diff -Nru glusterfs-10.3/debian/patches/series glusterfs-10.3/debian/patches/series --- glusterfs-10.3/debian/patches/series 2023-01-06 15:56:57.000000000 +0100 +++ glusterfs-10.3/debian/patches/series 2023-05-24 10:48:08.000000000 +0200 @@ -4,3 +4,4 @@ 06-spelling-error.diff 07-spelling-error.diff 08-bash-term-in-posix-shell.diff +09-CVE-2023-26253.diff