diff options
author | Patrick McLean <chutzpah@gentoo.org> | 2016-06-30 16:52:50 -0700 |
---|---|---|
committer | Patrick McLean <chutzpah@gentoo.org> | 2016-06-30 16:52:50 -0700 |
commit | 4c6618086e16e704df31113b279e7ea4395bd41a (patch) | |
tree | 3b14386cbbbfe9368b97190828e269b95d2c7b3a /sys-cluster/ceph/files | |
parent | www-apps/icingaweb2-module-director: adding for bug 582568 (diff) | |
download | gentoo-4c6618086e16e704df31113b279e7ea4395bd41a.tar.gz gentoo-4c6618086e16e704df31113b279e7ea4395bd41a.tar.bz2 gentoo-4c6618086e16e704df31113b279e7ea4395bd41a.zip |
sys-cluster/ceph: Revision bump to 9.2.1-r2 and 10.2.2-r1 for CVE-2016-5009 (bug #587568)
Package-Manager: portage-2.3.0
Diffstat (limited to 'sys-cluster/ceph/files')
-rw-r--r-- | sys-cluster/ceph/files/ceph-CVE-2016-5009.patch | 87 |
1 files changed, 87 insertions, 0 deletions
diff --git a/sys-cluster/ceph/files/ceph-CVE-2016-5009.patch b/sys-cluster/ceph/files/ceph-CVE-2016-5009.patch new file mode 100644 index 000000000000..1528dadbe9d1 --- /dev/null +++ b/sys-cluster/ceph/files/ceph-CVE-2016-5009.patch @@ -0,0 +1,87 @@ +diff --git a/src/mon/Monitor.cc b/src/mon/Monitor.cc +index 10c8bfc..98843d7 100644 +--- a/src/mon/Monitor.cc ++++ b/src/mon/Monitor.cc +@@ -2631,7 +2631,19 @@ void Monitor::handle_command(MonOpRequestRef op) + return; + } + +- cmd_getval(g_ceph_context, cmdmap, "prefix", prefix); ++ // check return value. If no prefix parameter provided, ++ // return value will be false, then return error info. ++ if(!cmd_getval(g_ceph_context, cmdmap, "prefix", prefix)) { ++ reply_command(op, -EINVAL, "command prefix not found", 0); ++ return; ++ } ++ ++ // check prefix is empty ++ if (prefix.empty()) { ++ reply_command(op, -EINVAL, "command prefix must not be empty", 0); ++ return; ++ } ++ + if (prefix == "get_command_descriptions") { + bufferlist rdata; + Formatter *f = Formatter::create("json"); +@@ -2652,6 +2664,15 @@ void Monitor::handle_command(MonOpRequestRef op) + boost::scoped_ptr<Formatter> f(Formatter::create(format)); + + get_str_vec(prefix, fullcmd); ++ ++ // make sure fullcmd is not empty. ++ // invalid prefix will cause empty vector fullcmd. ++ // such as, prefix=";,,;" ++ if (fullcmd.empty()) { ++ reply_command(op, -EINVAL, "command requires a prefix to be valid", 0); ++ return; ++ } ++ + module = fullcmd[0]; + + // validate command is in leader map +diff --git a/src/test/librados/cmd.cc b/src/test/librados/cmd.cc +index 9261fb5..878a8af 100644 +--- a/src/test/librados/cmd.cc ++++ b/src/test/librados/cmd.cc +@@ -48,6 +48,41 @@ TEST(LibRadosCmd, MonDescribe) { + rados_buffer_free(buf); + rados_buffer_free(st); + ++ cmd[0] = (char *)""; ++ ASSERT_EQ(-EINVAL, rados_mon_command(cluster, (const char **)cmd, 1, "{}", 2, &buf, &buflen, &st, &stlen)); ++ rados_buffer_free(buf); ++ rados_buffer_free(st); ++ ++ cmd[0] = (char *)"{}"; ++ ASSERT_EQ(-EINVAL, rados_mon_command(cluster, (const char **)cmd, 1, "", 0, &buf, &buflen, &st, &stlen)); ++ rados_buffer_free(buf); ++ rados_buffer_free(st); ++ ++ cmd[0] = (char *)"{\"abc\":\"something\"}"; ++ ASSERT_EQ(-EINVAL, rados_mon_command(cluster, (const char **)cmd, 1, "", 0, &buf, &buflen, &st, &stlen)); ++ rados_buffer_free(buf); ++ rados_buffer_free(st); ++ ++ cmd[0] = (char *)"{\"prefix\":\"\"}"; ++ ASSERT_EQ(-EINVAL, rados_mon_command(cluster, (const char **)cmd, 1, "", 0, &buf, &buflen, &st, &stlen)); ++ rados_buffer_free(buf); ++ rados_buffer_free(st); ++ ++ cmd[0] = (char *)"{\"prefix\":\" \"}"; ++ ASSERT_EQ(-EINVAL, rados_mon_command(cluster, (const char **)cmd, 1, "", 0, &buf, &buflen, &st, &stlen)); ++ rados_buffer_free(buf); ++ rados_buffer_free(st); ++ ++ cmd[0] = (char *)"{\"prefix\":\";;;,,,;;,,\"}"; ++ ASSERT_EQ(-EINVAL, rados_mon_command(cluster, (const char **)cmd, 1, "", 0, &buf, &buflen, &st, &stlen)); ++ rados_buffer_free(buf); ++ rados_buffer_free(st); ++ ++ cmd[0] = (char *)"{\"prefix\":\"extra command\"}"; ++ ASSERT_EQ(-EINVAL, rados_mon_command(cluster, (const char **)cmd, 1, "", 0, &buf, &buflen, &st, &stlen)); ++ rados_buffer_free(buf); ++ rados_buffer_free(st); ++ + cmd[0] = (char *)"{\"prefix\":\"mon_status\"}"; + ASSERT_EQ(0, rados_mon_command(cluster, (const char **)cmd, 1, "", 0, &buf, &buflen, &st, &stlen)); + ASSERT_LT(0u, buflen); |