Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/sys-cluster/ceph/files/ceph-0.94.7-monitor-security.patch
diff options
context:
space:
mode:
Diffstat (limited to 'sys-cluster/ceph/files/ceph-0.94.7-monitor-security.patch')
-rw-r--r--sys-cluster/ceph/files/ceph-0.94.7-monitor-security.patch109
1 files changed, 109 insertions, 0 deletions
diff --git a/sys-cluster/ceph/files/ceph-0.94.7-monitor-security.patch b/sys-cluster/ceph/files/ceph-0.94.7-monitor-security.patch
new file mode 100644
index 000000000000..b225a6fd6b29
--- /dev/null
+++ b/sys-cluster/ceph/files/ceph-0.94.7-monitor-security.patch
@@ -0,0 +1,109 @@
+From b78a1be835706e7dabc505be343945d0ac05697d Mon Sep 17 00:00:00 2001
+From: Kefu Chai <kchai@redhat.com>
+Date: Thu, 30 Jun 2016 13:24:22 +0800
+Subject: [PATCH] mon: Monitor: validate prefix on handle_command()
+
+Fixes: http://tracker.ceph.com/issues/16297
+
+Signed-off-by: You Ji <youji@ebay.com>
+(cherry picked from commit 7cb3434fed03a5497abfd00bcec7276b70df0654)
+
+Conflicts:
+ src/mon/Monitor.cc (the signature of Monitor::reply_command()
+ changed a little bit in master, so adapt the
+ commit to work with the old method)
+---
+ src/mon/Monitor.cc | 23 ++++++++++++++++++++++-
+ src/test/librados/cmd.cc | 35 +++++++++++++++++++++++++++++++++++
+ 2 files changed, 57 insertions(+), 1 deletion(-)
+
+diff --git a/src/mon/Monitor.cc b/src/mon/Monitor.cc
+index 48563ad..d499f0c 100644
+--- a/src/mon/Monitor.cc
++++ b/src/mon/Monitor.cc
+@@ -2565,7 +2565,19 @@ void Monitor::handle_command(MMonCommand *m)
+ return;
+ }
+
+- cmd_getval(g_ceph_context, cmdmap, "prefix", prefix);
++ // check return value. If no prefix parameter provided,
++ // return value will be false, then return error info.
++ if(!cmd_getval(g_ceph_context, cmdmap, "prefix", prefix)) {
++ reply_command(m, -EINVAL, "command prefix not found", 0);
++ return;
++ }
++
++ // check prefix is empty
++ if (prefix.empty()) {
++ reply_command(m, -EINVAL, "command prefix must not be empty", 0);
++ return;
++ }
++
+ if (prefix == "get_command_descriptions") {
+ bufferlist rdata;
+ Formatter *f = Formatter::create("json");
+@@ -2586,6 +2598,15 @@ void Monitor::handle_command(MMonCommand *m)
+ boost::scoped_ptr<Formatter> f(Formatter::create(format));
+
+ get_str_vec(prefix, fullcmd);
++
++ // make sure fullcmd is not empty.
++ // invalid prefix will cause empty vector fullcmd.
++ // such as, prefix=";,,;"
++ if (fullcmd.empty()) {
++ reply_command(m, -EINVAL, "command requires a prefix to be valid", 0);
++ return;
++ }
++
+ module = fullcmd[0];
+
+ // validate command is in leader map
+diff --git a/src/test/librados/cmd.cc b/src/test/librados/cmd.cc
+index 4f327a0..0a7ed16 100644
+--- a/src/test/librados/cmd.cc
++++ b/src/test/librados/cmd.cc
+@@ -49,6 +49,41 @@ TEST(LibRadosCmd, MonDescribe) {
+ rados_buffer_free(buf);
+ rados_buffer_free(st);
+
++ cmd[0] = (char *)"";
++ ASSERT_EQ(-EINVAL, rados_mon_command(cluster, (const char **)cmd, 1, "{}", 2, &buf, &buflen, &st, &stlen));
++ rados_buffer_free(buf);
++ rados_buffer_free(st);
++
++ cmd[0] = (char *)"{}";
++ ASSERT_EQ(-EINVAL, rados_mon_command(cluster, (const char **)cmd, 1, "", 0, &buf, &buflen, &st, &stlen));
++ rados_buffer_free(buf);
++ rados_buffer_free(st);
++
++ cmd[0] = (char *)"{\"abc\":\"something\"}";
++ ASSERT_EQ(-EINVAL, rados_mon_command(cluster, (const char **)cmd, 1, "", 0, &buf, &buflen, &st, &stlen));
++ rados_buffer_free(buf);
++ rados_buffer_free(st);
++
++ cmd[0] = (char *)"{\"prefix\":\"\"}";
++ ASSERT_EQ(-EINVAL, rados_mon_command(cluster, (const char **)cmd, 1, "", 0, &buf, &buflen, &st, &stlen));
++ rados_buffer_free(buf);
++ rados_buffer_free(st);
++
++ cmd[0] = (char *)"{\"prefix\":\" \"}";
++ ASSERT_EQ(-EINVAL, rados_mon_command(cluster, (const char **)cmd, 1, "", 0, &buf, &buflen, &st, &stlen));
++ rados_buffer_free(buf);
++ rados_buffer_free(st);
++
++ cmd[0] = (char *)"{\"prefix\":\";;;,,,;;,,\"}";
++ ASSERT_EQ(-EINVAL, rados_mon_command(cluster, (const char **)cmd, 1, "", 0, &buf, &buflen, &st, &stlen));
++ rados_buffer_free(buf);
++ rados_buffer_free(st);
++
++ cmd[0] = (char *)"{\"prefix\":\"extra command\"}";
++ ASSERT_EQ(-EINVAL, rados_mon_command(cluster, (const char **)cmd, 1, "", 0, &buf, &buflen, &st, &stlen));
++ rados_buffer_free(buf);
++ rados_buffer_free(st);
++
+ cmd[0] = (char *)"{\"prefix\":\"mon_status\"}";
+ ASSERT_EQ(0, rados_mon_command(cluster, (const char **)cmd, 1, "", 0, &buf, &buflen, &st, &stlen));
+ ASSERT_LT(0u, buflen);
+--
+2.9.0
+