Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP5:GA
slurm.32313
U_14-Strict-check-on-message-size-to-prevent-me...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File U_14-Strict-check-on-message-size-to-prevent-message-extension-attacks.patch of Package slurm.32313
From: Tim Wickberg <tim@schedmd.com> Date: Wed Nov 29 10:33:17 2023 -0700 Subject: [PATCH 14/28]Strict check on message size to prevent message extension attacks. Patch-mainline: Upstream Git-repo: https://github.com/SchedMD/slurm Git-commit: ed1dd2c341894dc69c5ba9e29dc64e3cfdcaaaa3 References: bsc#1218046, bsc#1218050, bsc#1218051, bsc#1218053 Signed-off-by: Egbert Eich <eich@suse.de> CVE-2023-49933. Signed-off-by: Egbert Eich <eich@suse.com> --- NEWS | 2 ++ src/common/slurm_protocol_api.c | 6 +++--- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/NEWS b/NEWS index b8902e238b..908cca0ca3 100644 --- a/NEWS +++ b/NEWS @@ -3,6 +3,8 @@ documents those changes that are of interest to users and administrators. * Backported changes ==================== + -- Prevent message extension attacks that could bypass the message hash. + CVE-2023-49933. -- Prevent NULL pointer dereference on size_valp overflow. CVE-2023-49936. -- Prevent double-xfree() on error in _unpack_node_reg_resp(). CVE-2023-49937. -- Fix filesystem handling race conditions that could lead to an attacker diff --git a/src/common/slurm_protocol_api.c b/src/common/slurm_protocol_api.c index 441bf4675a..a727f7e94b 100644 --- a/src/common/slurm_protocol_api.c +++ b/src/common/slurm_protocol_api.c @@ -1014,7 +1014,7 @@ extern int slurm_unpack_received_msg(slurm_msg_t *msg, int fd, Buf buffer) msg->body_offset = get_buf_offset(buffer); - if ((header.body_length > remaining_buf(buffer)) || + if ((header.body_length != remaining_buf(buffer)) || _check_hash(buffer, &header, msg, auth_cred) || (unpack_msg(msg, buffer) != SLURM_SUCCESS)) { rc = ESLURM_PROTOCOL_INCOMPLETE_PACKET; @@ -1279,7 +1279,7 @@ List slurm_receive_msgs(int fd, int steps, int timeout) msg.msg_type = header.msg_type; msg.flags = header.flags; - if ((header.body_length > remaining_buf(buffer)) || + if ((header.body_length != remaining_buf(buffer)) || _check_hash(buffer, &header, &msg, auth_cred) || (unpack_msg(&msg, buffer) != SLURM_SUCCESS)) { (void) g_slurm_auth_destroy(auth_cred); @@ -1647,7 +1647,7 @@ int slurm_receive_msg_and_forward(int fd, slurm_addr_t *orig_addr, msg->msg_type = header.msg_type; msg->flags = header.flags; - if ( (header.body_length > remaining_buf(buffer)) || + if ((header.body_length != remaining_buf(buffer)) || _check_hash(buffer, &header, msg, auth_cred) || (unpack_msg(msg, buffer) != SLURM_SUCCESS) ) { (void) g_slurm_auth_destroy(auth_cred);
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor