File CVE-2023-38201.patch of Package keylime

Overview Repositories Revisions Requests Users Attributes Meta

File CVE-2023-38201.patch of Package keylime

From 9e5ac9f25cd400b16d5969f531cee28290543f2a Mon Sep 17 00:00:00 2001
From: Marcio Silva <marcio.a.silva@ibm.com>
Date: Wed, 12 Jul 2023 12:05:47 -0300
Subject: [PATCH] Fix for CVE-2023-38201 (Security Advisory
 GHSA-f4r5-q63f-gcww)

In addition to remove the offending message, this patch also ensures
deletion of an agent's record from the database in case of failure after
a single attempt.

Signed-off-by: Marcio Silva <marcio.a.silva@ibm.com>
---
 keylime/registrar_common.py | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

Index: keylime-v6.3.2/keylime/registrar_common.py
===================================================================
--- keylime-v6.3.2.orig/keylime/registrar_common.py
+++ keylime-v6.3.2/keylime/registrar_common.py
@@ -378,7 +378,7 @@ class UnprotectedHandler(BaseHTTPRequest
                 try:
                     contact_port = int(contact_port)
                     if contact_port < 1 or contact_port > 65535:
-                        logger.warning("Contact port for agent %s is not a number between 1 and got: %s.",
+                        logger.warning("Contact port for agent %s is not a number between 1 and 65535 got: %s.",
                                        agent_id, contact_port)
                         contact_port = None
                 except ValueError:
@@ -495,8 +495,16 @@ class UnprotectedHandler(BaseHTTPRequest
                     logger.error('SQLAlchemy Error: %s', e)
                     raise
             else:
+                if agent_id and session.query(RegistrarMain).filter_by(agent_id=agent_id).delete():
+                    try:
+                        session.commit()
+                    except SQLAlchemyError as e:
+                        logger.error("SQLAlchemy Error: %s", e)
+                        raise
+
                 raise Exception(
-                    f"Auth tag {auth_tag} does not match expected value {ex_mac}")
+                    f"Auth tag {auth_tag} for agent {agent_id} does not match expected value. The agent has been deleted from database, and a restart of it will be required"
+                )
 
             web_util.echo_json_response(self, 200, "Success")
             logger.info('PUT activated: %s', agent_id)

Places

File CVE-2023-38201.patch of Package keylime

Places