File pacemaker#3413-0003-Fix-libcib-Don-t-incorrectly-expand-and-in-XML-attr-.patch of Package pacemaker.41118
From 99efc26aa94077268b081c94ef492dbd5b457078 Mon Sep 17 00:00:00 2001
From: Reid Wahl <nrwahl@protonmail.com>
Date: Wed, 3 Apr 2024 10:09:44 -0700
Subject: [PATCH 3/3] Fix: libcib: Don't incorrectly expand "++" and "+=" in
 XML attr values
Drop fix_plus_plus_recursive() call in cib_perform_op. Suppose we have
an XML attribute "score" with initial value "9".
\# cibadmin --query --scope constraints | grep loc_cons
  <rsc_location id="loc_cons" rsc="dummy" node="laptop" score="9"/>
Now suppose a CIB replace operation sets the value of "score" to
"score++". fix_plus_plus_recursive() calls expand_plus_plus(), but it
doesn't have access to the old value. So it treats the old value as 0
and expands "score++" to "1" no matter what.
\# cibadmin --replace --scope constraints --xml-text \
'<constraints><rsc_location id="loc_cons" rsc="dummy" node="laptop" score="score++"/></constraints>'
\# cibadmin --query --scope constraints | grep loc_cons
  <rsc_location id="loc_cons" rsc="dummy" node="laptop" score="1"/>
Likewise, "score+=5" gets expanded to 5.
\# cibadmin --replace --scope constraints --xml-text \
'<constraints><rsc_location id="loc_cons" rsc="dummy" node="laptop" score="score+=5"/></constraints>'
\# cibadmin --query --scope constraints | grep loc_cons
  <rsc_location id="loc_cons" rsc="dummy" node="laptop" score="5"/>
(CIB modify operations expand "++" and "+=" correctly via
pcmk__xml_update().)
Node attributes are nvpairs, so this can't expand node attribute values.
If we update the value of a node attribute test_attr to "test_attr++",
we're not setting an XML attribute "test_attr" to "test_attr++". Rather,
we're updating an <nvpair> to have "name='test_attr'" and
"value='test_attr++'". This is a mismatch as far as
fix_plus_plus_recursive() and expand_plus_plus() are concerned.
There is only one internal function (update_failcount()) that sets
"<attr>++" for any XML attribute value, and there are no internal
functions that set "<attr>+=<int>". update_failcount() is setting a node
attribute, so as explained above, fix_plus_plus_recursive() has no
effect. (attrd_expand_value() expands the value in this update.)
So the fix_plus_plus_recursive() behavior is a bug when processing CIB
operations. It's better to set the new value unexpanded than to pretend
the old value was 0. It's not worth the effort of implementing correct
value expansion when processing a CIB operation unless there's demand
for it.
Signed-off-by: Reid Wahl <nrwahl@protonmail.com>
---
 lib/cib/cib_utils.c | 1 -
 1 file changed, 1 deletion(-)
Index: pacemaker-2.1.5+20221208.a3f44794f/lib/cib/cib_utils.c
===================================================================
--- pacemaker-2.1.5+20221208.a3f44794f.orig/lib/cib/cib_utils.c
+++ pacemaker-2.1.5+20221208.a3f44794f/lib/cib/cib_utils.c
@@ -298,7 +298,6 @@ cib_perform_op(const char *op, int call_
 
     crm_trace("Massaging CIB contents");
     pcmk__strip_xml_text(scratch);
-    fix_plus_plus_recursive(scratch);
 
     if (pcmk_is_set(call_options, cib_zero_copy)) {
         /* At this point, current_cib is just the 'cib' tag and its properties,