File bsc#1131357-0001-High-libservices-fix-use-after... of Package pacemaker.15719

Overview Repositories Revisions Requests Users Attributes Meta

File bsc#1131357-0001-High-libservices-fix-use-after-free-wrt.-alert-handl.patch of Package pacemaker.15719

From 32ded3e0172e0fae89cf70965e1c0406c1db883b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jan=20Pokorn=C3=BD?= <jpokorny@redhat.com>
Date: Tue, 2 Apr 2019 10:13:21 +0200
Subject: [PATCH 1/7] High: libservices: fix use-after-free wrt. alert handling

This could possibly lead to unsolicited information disclosure by the
means of standard output of the immediately preceding agent/resource
execution leaking into the log stream under some circumstances.
It was hence assigned CVE-2019-3885.

The provoked pathological state of pacemaker-execd daemon progresses
towards crashing it for hitting segmentation fault.
---
 lib/services/services.c       | 40 +---------------------------------------
 lib/services/services_linux.c | 35 +++++++++++++++++++++++++++++++----
 2 files changed, 32 insertions(+), 43 deletions(-)

diff --git a/lib/services/services.c b/lib/services/services.c
index 313567f58..d3537d021 100644
--- a/lib/services/services.c
+++ b/lib/services/services.c
@@ -373,35 +373,6 @@ services_action_user(svc_action_t *op, const char *user)
     return crm_user_lookup(user, &(op->opaque->uid), &(op->opaque->gid));
 }
 
-static void
-set_alert_env(gpointer key, gpointer value, gpointer user_data)
-{
-    int rc;
-
-    if (value) {
-        rc = setenv(key, value, 1);
-    } else {
-        rc = unsetenv(key);
-    }
-
-    if (rc < 0) {
-        crm_perror(LOG_ERR, "setenv %s=%s",
-                  (char*)key, (value? (char*)value : ""));
-    } else {
-        crm_trace("setenv %s=%s", (char*)key, (value? (char*)value : ""));
-    }
-}
-
-static void
-unset_alert_env(gpointer key, gpointer value, gpointer user_data)
-{
-    if (unsetenv(key) < 0) {
-        crm_perror(LOG_ERR, "unset %s", (char*)key);
-    } else {
-        crm_trace("unset %s", (char*)key);
-    }
-}
-
 /*!
  * \brief Execute an alert agent action
  *
@@ -416,18 +387,9 @@ unset_alert_env(gpointer key, gpointer value, gpointer user_data)
 gboolean
 services_alert_async(svc_action_t *action, void (*cb)(svc_action_t *op))
 {
-    gboolean responsible;
-
     action->synchronous = false;
     action->opaque->callback = cb;
-    if (action->params) {
-        g_hash_table_foreach(action->params, set_alert_env, NULL);
-    }
-    responsible = services_os_action_execute(action);
-    if (action->params) {
-        g_hash_table_foreach(action->params, unset_alert_env, NULL);
-    }
-    return responsible;
+    return services_os_action_execute(action);
 }
 
 #if SUPPORT_DBUS
diff --git a/lib/services/services_linux.c b/lib/services/services_linux.c
index a04a8f995..90c1f4411 100644
--- a/lib/services/services_linux.c
+++ b/lib/services/services_linux.c
@@ -160,6 +160,25 @@ set_ocf_env_with_prefix(gpointer key, gpointer value, gpointer user_data)
     set_ocf_env(buffer, value, user_data);
 }
 
+static void
+set_alert_env(gpointer key, gpointer value, gpointer user_data)
+{
+    int rc;
+
+    if (value != NULL) {
+        rc = setenv(key, value, 1);
+    } else {
+        rc = unsetenv(key);
+    }
+
+    if (rc < 0) {
+        crm_perror(LOG_ERR, "setenv %s=%s",
+                  (char*)key, (value? (char*)value : ""));
+    } else {
+        crm_trace("setenv %s=%s", (char*)key, (value? (char*)value : ""));
+    }
+}
+
 /*!
  * \internal
  * \brief Add environment variables suitable for an action
@@ -169,12 +188,20 @@ set_ocf_env_with_prefix(gpointer key, gpointer value, gpointer user_data)
 static void
 add_action_env_vars(const svc_action_t *op)
 {
-    if (safe_str_eq(op->standard, PCMK_RESOURCE_CLASS_OCF) == FALSE) {
-        return;
+    void (*env_setter)(gpointer, gpointer, gpointer) = NULL;
+    if (op->agent == NULL) {
+        env_setter = set_alert_env;  /* we deal with alert handler */
+
+    } else if (safe_str_eq(op->standard, PCMK_RESOURCE_CLASS_OCF)) {
+        env_setter = set_ocf_env_with_prefix;
     }
 
-    if (op->params) {
-        g_hash_table_foreach(op->params, set_ocf_env_with_prefix, NULL);
+    if (env_setter != NULL && op->params != NULL) {
+        g_hash_table_foreach(op->params, env_setter, NULL);
+    }
+
+    if (env_setter == NULL || env_setter == set_alert_env) {
+        return;
     }
 
     set_ocf_env("OCF_RA_VERSION_MAJOR", "1", NULL);
-- 
2.16.4

Places

File bsc#1131357-0001-High-libservices-fix-use-after-free-wrt.-alert-handl.patch of Package pacemaker.15719

Places