Hello community, here is the log from the commit of package openwsman for openSUSE:Factory checked in at 2019-05-28 09:42:08 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/openwsman (Old) and /work/SRC/openSUSE:Factory/.openwsman.new.5148 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "openwsman" Tue May 28 09:42:08 2019 rev:66 rq:705567 version:2.6.9 Changes: -------- --- /work/SRC/openSUSE:Factory/openwsman/openwsman.changes 2018-11-20 22:43:43.286254122 +0100 +++ /work/SRC/openSUSE:Factory/.openwsman.new.5148/openwsman.changes 2019-05-28 09:42:13.773865793 +0200 @@ -1,0 +2,16 @@ +Wed Apr 3 09:01:06 UTC 2019 - Adam Majer <adam.majer@suse.de> + +- bsc1122623.patch: (bsc#1122623, CVE-2019-3816, CVE-2019-3833) + + treat all non-registered by provider paths as invalid + + fix possible denial of service in path parsing +- debug_fix.patch: fix compilation in debug mode +- use OBS specific BuildIgnore syntax that is rpm friendly. This is + to prevent rpm parser from reporting errors. + +------------------------------------------------------------------- +Tue Jan 8 09:27:48 UTC 2019 - olaf@aepfle.de + +- Remove comment from postun scriptlet because it generates a + script which is not understood by specified interpreter + +------------------------------------------------------------------- New: ---- bsc1122623.patch debug_fix.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ openwsman.spec ++++++ --- /var/tmp/diff_new_pack.me3L0v/_old 2019-05-28 09:42:15.093865336 +0200 +++ /var/tmp/diff_new_pack.me3L0v/_new 2019-05-28 09:42:15.097865334 +0200 @@ -1,7 +1,7 @@ # # spec file for package openwsman # -# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -44,7 +44,7 @@ %endif %if 0%{?rhel_version} > 0 -BuildRequires: -vim +#!BuildIgnore: vim %endif %if 0%{?fedora_version} || 0%{?centos_version} || 0%{?rhel_version} || 0%{?fedora} || 0%{?rhel} @@ -153,6 +153,8 @@ Source3: %{name}.SuSEfirewall2 BuildRoot: %{_tmppath}/%{name}-%{version}-build Source4: %{name}.service +Patch2: bsc1122623.patch +Patch3: debug_fix.patch %description OpenWSMAN is an implementation of the WS-Management protocol stack. @@ -363,6 +365,8 @@ %if 0%{?fedora_version} || 0%{?centos_version} || 0%{?rhel_version} || 0%{?fedora} || 0%{?rhel} %patch1 -p1 %endif +%patch2 -p1 +%patch3 -p1 %build rm -rf build @@ -408,7 +412,7 @@ %install cd build -%make_install +DESTDIR=%{buildroot} make install mkdir -p %{buildroot}/%{_docdir} # don't copy ruby docs if they don't exist [ -d bindings/ruby/html ] && cp -a bindings/ruby/html %{buildroot}/%{_docdir}/openwsman-ruby-docs @@ -441,7 +445,6 @@ %post -n libwsman3 -p /sbin/ldconfig %postun -n libwsman3 -p /sbin/ldconfig -# follow http://en.opensuse.org/openSUSE:Systemd_packaging_guidelines %if 0%{?has_systemd} %pre server if [ -f /var/lib/systemd/migrated/%{name} ]; then ++++++ bsc1122623.patch ++++++ Index: openwsman-2.6.7/src/server/shttpd/shttpd.c =================================================================== --- openwsman-2.6.7.orig/src/server/shttpd/shttpd.c +++ openwsman-2.6.7/src/server/shttpd/shttpd.c @@ -336,10 +336,12 @@ date_to_epoch(const char *s) } static void -remove_double_dots(char *s) +remove_all_leading_dots(char *s) { char *p = s; + while (*s != '\0' && *s == '.') s++; + while (*s != '\0') { *p++ = *s++; if (s[-1] == '/' || s[-1] == '\\') @@ -546,7 +548,7 @@ decide_what_to_do(struct conn *c) *c->query++ = '\0'; _shttpd_url_decode(c->uri, strlen(c->uri), c->uri, strlen(c->uri) + 1); - remove_double_dots(c->uri); + remove_all_leading_dots(c->uri); root = c->ctx->options[OPT_ROOT]; if (strlen(c->uri) + strlen(root) >= sizeof(path)) { @@ -556,6 +558,7 @@ decide_what_to_do(struct conn *c) (void) _shttpd_snprintf(path, sizeof(path), "%s%s", root, c->uri); + DBG(("decide_what_to_do -> processed path: [%s]", path)); /* User may use the aliases - check URI for mount point */ if (is_alias(c->ctx, c->uri, &alias_uri, &alias_path) != NULL) { (void) _shttpd_snprintf(path, sizeof(path), "%.*s%s", @@ -572,7 +575,10 @@ decide_what_to_do(struct conn *c) if ((ruri = _shttpd_is_registered_uri(c->ctx, c->uri)) != NULL) { _shttpd_setup_embedded_stream(c, ruri->callback, ruri->callback_data); - } else + } else { + _shttpd_send_server_error(c, 403, "Forbidden"); + } +#if 0 if (strstr(path, HTPASSWD)) { /* Do not allow to view passwords files */ _shttpd_send_server_error(c, 403, "Forbidden"); @@ -656,6 +662,7 @@ decide_what_to_do(struct conn *c) } else { _shttpd_send_server_error(c, 500, "Internal Error"); } +#endif } static int @@ -698,11 +705,11 @@ parse_http_request(struct conn *c) _shttpd_send_server_error(c, 500, "Cannot allocate request"); } + io_inc_tail(&c->rem.io, req_len); + if (c->loc.flags & FLAG_CLOSED) return; - io_inc_tail(&c->rem.io, req_len); - DBG(("Conn %d: parsing request: [%.*s]", c->rem.chan.sock, req_len, s)); c->rem.flags |= FLAG_HEADERS_PARSED; @@ -968,7 +975,7 @@ write_stream(struct stream *from, struct } -static void +static int connection_desctructor(struct llhead *lp) { struct conn *c = LL_ENTRY(lp, struct conn, link); @@ -992,7 +999,8 @@ connection_desctructor(struct llhead *lp * Check the "Connection: " header before we free c->request * If it its 'keep-alive', then do not close the connection */ - do_close = (c->ch.connection.v_vec.len >= vec.len && + do_close = c->rem.flags & FLAG_CLOSED || + (c->ch.connection.v_vec.len >= vec.len && !_shttpd_strncasecmp(vec.ptr,c->ch.connection.v_vec.ptr,vec.len)) || (c->major_version < 1 || (c->major_version >= 1 && c->minor_version < 1)); @@ -1014,7 +1022,7 @@ connection_desctructor(struct llhead *lp io_clear(&c->loc.io); c->birth_time = _shttpd_current_time; if (io_data_len(&c->rem.io) > 0) - process_connection(c, 0, 0); + return 1; } else { if (c->rem.io_class != NULL) c->rem.io_class->close(&c->rem); @@ -1025,6 +1033,8 @@ connection_desctructor(struct llhead *lp free(c); } + + return 0; } static void @@ -1032,7 +1042,7 @@ worker_destructor(struct llhead *lp) { struct worker *worker = LL_ENTRY(lp, struct worker, link); - free_list(&worker->connections, connection_desctructor); + free_list(&worker->connections, (void (*)(struct llhead *))connection_desctructor); free(worker); } @@ -1065,6 +1075,8 @@ add_to_set(int fd, fd_set *set, int *max static void process_connection(struct conn *c, int remote_ready, int local_ready) { +again: + /* Read from remote end if it is ready */ if (remote_ready && io_space_len(&c->rem.io)) read_stream(&c->rem); @@ -1093,7 +1105,11 @@ process_connection(struct conn *c, int r if ((_shttpd_current_time > c->expire_time) || (c->rem.flags & FLAG_CLOSED) || ((c->loc.flags & FLAG_CLOSED) && !io_data_len(&c->loc.io))) - connection_desctructor(&c->link); + if (connection_desctructor(&c->link)) { + remote_ready = 0; + local_ready = 0; + goto again; + } } static int @@ -1650,7 +1666,7 @@ worker_function(void *param) while (worker->exit_flag == 0) poll_worker(worker, 1000 * 10); - free_list(&worker->connections, connection_desctructor); + free_list(&worker->connections, (void (*)(struct llhead *))connection_desctructor); free(worker); } Index: openwsman-2.6.7/src/server/wsmand.c =================================================================== --- openwsman-2.6.7.orig/src/server/wsmand.c +++ openwsman-2.6.7/src/server/wsmand.c @@ -198,6 +198,11 @@ static void daemonize(void) int fd; char *pid; + /* Change our CWD to service_path */ + i=chdir("/"); + // i=chdir(wsmand_options_get_service_path()); + assert(i == 0); + if (wsmand_options_get_foreground_debug() > 0) { return; } @@ -214,10 +219,6 @@ static void daemonize(void) log_pid = 0; setsid(); - /* Change our CWD to / */ - i=chdir("/"); - assert(i == 0); - /* Close all file descriptors. */ for (i = getdtablesize(); i >= 0; --i) close(i); ++++++ debug_fix.patch ++++++ diff --git a/include/u/carpal.h b/include/u/carpal.h index fd49617b..653fef58 100644 --- a/include/u/carpal.h +++ b/include/u/carpal.h @@ -16,6 +16,7 @@ #include <u/log.h> +#include "./debug_internal.h" #ifdef __cplusplus extern "C" { diff --git a/include/u/debug_internal.h b/include/u/debug_internal.h index 03c000e6..6b59246b 100644 --- a/include/u/debug_internal.h +++ b/include/u/debug_internal.h @@ -52,8 +52,8 @@ struct _debug_handler_t { }; typedef struct _debug_handler_t debug_handler_t; -void debug_full(debug_level_e level, const char *format, ...); -void debug_full_verbose(debug_level_e level, char *file, +int debug_full(debug_level_e level, const char *format, ...); +int debug_full_verbose(debug_level_e level, char *file, int line, const char *proc, const char *format, ...); // #define ENABLE_TRACING diff --git a/src/lib/u/debug.c b/src/lib/u/debug.c index d647cd47..300d981d 100644 --- a/src/lib/u/debug.c +++ b/src/lib/u/debug.c @@ -106,13 +106,14 @@ static void call_handlers(debug_level_e level, char *str) } -void debug_full(debug_level_e level, const char *format, ...) +int debug_full(debug_level_e level, const char *format, ...) { va_list args; char *str; + int ret = 0; if (handlers == NULL) { - return; + return -1; } va_start(args, format); @@ -120,13 +121,15 @@ void debug_full(debug_level_e level, const char *format, ...) va_end(args); call_handlers(level, str); + ret = strlen(str); u_free(str); + return ret; } -void +int debug_full_verbose(debug_level_e level, char *file, int line, const char *proc, const char *format, ...) @@ -134,9 +137,10 @@ debug_full_verbose(debug_level_e level, va_list args; char *str; char *body; + int ret = 0; if (handlers == NULL) { - return; + return -1; } va_start(args, format); @@ -147,6 +151,8 @@ debug_full_verbose(debug_level_e level, u_free(body); call_handlers(level, str); + ret = strlen(str); u_free(str); + return ret; } diff --git a/src/lib/u/uri.c b/src/lib/u/uri.c index be5fe47e..e210ffc2 100644 --- a/src/lib/u/uri.c +++ b/src/lib/u/uri.c @@ -7,6 +7,7 @@ static const char rcsid[] = #ifdef HAVE_CONFIG_H #include <wsman_config.h> #endif +#include <ctype.h> #include <stdlib.h> #include <string.h>