File fix-salt-ssh-opts-poisoning-bsc-1197637-3002.2-500.patch of Package salt
From db45057dbb783297314d7d6979f9ffcd01ab2789 Mon Sep 17 00:00:00 2001
From: Victor Zhestkov <vzhestkov@suse.com>
Date: Thu, 31 Mar 2022 13:39:38 +0300
Subject: [PATCH] Fix salt-ssh opts poisoning (bsc#1197637) - 3002.2
(#500)
* Fix salt-ssh opts poisoning
* Pass proper __opts__ to roster modules
* Remove redundant copy.deepcopy for opts from handle_routine
---
salt/client/ssh/__init__.py | 17 ++++++++++-------
salt/loader.py | 7 ++++++-
2 files changed, 16 insertions(+), 8 deletions(-)
diff --git a/salt/client/ssh/__init__.py b/salt/client/ssh/__init__.py
index 57bc289a62..b9c69f17e3 100644
--- a/salt/client/ssh/__init__.py
+++ b/salt/client/ssh/__init__.py
@@ -339,7 +339,7 @@ class SSH:
self.session_flock_file = os.path.join(
self.opts["cachedir"], "salt-ssh.session.lock"
)
- self.ssh_session_grace_time = int(self.opts.get("ssh_session_grace_time", 3))
+ self.ssh_session_grace_time = int(self.opts.get("ssh_session_grace_time", 1))
@property
def parse_tgt(self):
@@ -560,7 +560,6 @@ class SSH:
"""
LOG_LOCK.release()
salt.loader.LOAD_LOCK.release()
- opts = copy.deepcopy(opts)
single = Single(
opts,
opts["argv"],
@@ -597,6 +596,7 @@ class SSH:
Spin up the needed threads or processes and execute the subsequent
routines
"""
+ opts = copy.deepcopy(self.opts)
que = multiprocessing.Queue()
running = {}
targets_queue = deque(self.targets.keys())
@@ -607,7 +607,7 @@ class SSH:
if not self.targets:
log.error("No matching targets found in roster.")
break
- if len(running) < self.opts.get("ssh_max_procs", 25) and not init:
+ if len(running) < opts.get("ssh_max_procs", 25) and not init:
if targets_queue:
host = targets_queue.popleft()
else:
@@ -625,7 +625,7 @@ class SSH:
pid_running = (
False
if cached_session["pid"] == 0
- else psutil.pid_exists(cached_session["pid"])
+ else cached_session.get("running", False) or psutil.pid_exists(cached_session["pid"])
)
if (
pid_running and prev_session_running < self.max_pid_wait
@@ -640,9 +640,10 @@ class SSH:
"salt-ssh/session",
host,
{
- "pid": 0,
+ "pid": os.getpid(),
"master_id": self.master_id,
"ts": time.time(),
+ "running": True,
},
)
for default in self.defaults:
@@ -667,7 +668,7 @@ class SSH:
continue
args = (
que,
- self.opts,
+ opts,
host,
self.targets[host],
mine,
@@ -703,6 +704,7 @@ class SSH:
"pid": routine.pid,
"master_id": self.master_id,
"ts": time.time(),
+ "running": True,
},
)
continue
@@ -758,12 +760,13 @@ class SSH:
"pid": 0,
"master_id": self.master_id,
"ts": time.time(),
+ "running": False,
},
)
if len(rets) >= len(self.targets):
break
# Sleep when limit or all threads started
- if len(running) >= self.opts.get("ssh_max_procs", 25) or len(
+ if len(running) >= opts.get("ssh_max_procs", 25) or len(
self.targets
) >= len(running):
time.sleep(0.1)
diff --git a/salt/loader.py b/salt/loader.py
index e1570a146b..6efbe774da 100644
--- a/salt/loader.py
+++ b/salt/loader.py
@@ -540,7 +540,12 @@ def roster(opts, runner=None, utils=None, whitelist=None, context=None):
opts,
tag="roster",
whitelist=whitelist,
- pack={"__runner__": runner, "__utils__": utils, "__context__": context},
+ pack={
+ "__runner__": runner,
+ "__utils__": utils,
+ "__context__": context,
+ "__opts__": opts,
+ },
extra_module_dirs=utils.module_dirs if utils else None,
)
--
2.35.1