File removed-all-check_config-callback-implementations-to-avoid-security-issues of Package tcmu-runner.5250
From: Matthias Gerstner <matthias.gerstner@suse.de>
Date: Mon, 17 Jul 2017 11:35:25 +0200
Subject: removed all check_config callback implementations to avoid security
issues
Git-commit: 8cf8208775022301adaa59c240bb7f93742d1329
References: bsc#1049491
see github issue #194
qcow.c contained an information leak, could test for existance of any
file in the system
file_example.c and file_optical.c allow also to test for existance of
any file, plus to temporarily create empty new files anywhere in the
file system. This also involves a race condition, if a file didn't exist
in the first place, but would be created in-between by some other
process, then the file would be deleted by the check_config
implementation.
Acked-by: Lee Duncan <lduncan@suse.com>
---
consumer.c | 7 -------
file_example.c | 31 -------------------------------
qcow.c | 23 -----------------------
3 files changed, 61 deletions(-)
--- a/consumer.c
+++ b/consumer.c
@@ -74,11 +74,6 @@ static int set_medium_error(uint8_t *sen
return tcmu_set_sense_data(sense, MEDIUM_ERROR, ASC_READ_ERROR, NULL);
}
-static bool foo_check_config(const char *cfgstring, char **reason)
-{
- return true;
-}
-
static int foo_open(struct tcmu_device *dev)
{
/* open the backing file */
@@ -157,8 +152,6 @@ static struct tcmulib_handler foo_handle
.subtype = "foo",
.cfg_desc = "a description goes here",
- .check_config = foo_check_config,
-
.added = foo_open,
.removed = foo_close,
};
--- a/file_example.c
+++ b/file_example.c
@@ -145,35 +145,6 @@ file_handler_destroy(struct file_handler
}
#endif /* ASYNC_FILE_HANDLER */
-static bool file_check_config(const char *cfgstring, char **reason)
-{
- char *path;
- int fd;
-
- path = strchr(cfgstring, '/');
- if (!path) {
- if (asprintf(reason, "No path found") == -1)
- *reason = NULL;
- return false;
- }
- path += 1; /* get past '/' */
-
- if (access(path, W_OK) != -1)
- return true; /* File exists and is writable */
-
- /* We also support creating the file, so see if we can create it */
- fd = creat(path, S_IRUSR | S_IWUSR);
- if (fd == -1) {
- if (asprintf(reason, "Could not create file") == -1)
- *reason = NULL;
- return false;
- }
-
- unlink(path);
-
- return true;
-}
-
static int file_open(struct tcmu_device *dev)
{
struct file_state *state;
@@ -384,8 +355,6 @@ static const char file_cfg_desc[] =
static struct tcmur_handler file_handler = {
.cfg_desc = file_cfg_desc,
- .check_config = file_check_config,
-
.open = file_open,
.close = file_close,
#ifdef ASYNC_FILE_HANDLER
--- a/qcow.c
+++ b/qcow.c
@@ -1388,27 +1388,6 @@ static struct bdev_ops raw_ops = {
/* TCMU QCOW Handler */
-static bool qcow_check_config(const char *cfgstring, char **reason)
-{
- char *path;
-
- path = strchr(cfgstring, '/');
- if (!path) {
- if (asprintf(reason, "No path found") == -1)
- *reason = NULL;
- return false;
- }
- path += 1; /* get past '/' */
-
- if (access(path, R_OK|W_OK) == -1) {
- if (asprintf(reason, "File not present, or not writable") == -1)
- *reason = NULL;
- return false;
- }
-
- return true; /* File exists and is writable */
-}
-
static int qcow_open(struct tcmu_device *dev)
{
struct bdev *bdev;
@@ -1559,8 +1538,6 @@ static struct tcmur_handler qcow_handler
.subtype = "qcow",
.cfg_desc = qcow_cfg_desc,
- .check_config = qcow_check_config,
-
.open = qcow_open,
.close = qcow_close,
.handle_cmd = qcow_handle_cmd,
