diff --git a/0022-fix-cve-CVE-2022-47952-log-leaks-root-information.patch b/0022-fix-cve-CVE-2022-47952-log-leaks-root-information.patch new file mode 100644 index 0000000000000000000000000000000000000000..e524ed9631f9729b0d10bd76648ca95190878279 --- /dev/null +++ b/0022-fix-cve-CVE-2022-47952-log-leaks-root-information.patch @@ -0,0 +1,51 @@ +From 2b4d27ef9b5d9f38654277f021fabdda2d5f8e36 Mon Sep 17 00:00:00 2001 +From: isuladci +Date: Thu, 12 Jan 2023 19:20:43 -0800 +Subject: [PATCH] fix cve CVE-2022-47952: log leaks root information + +Signed-off-by: isuladci +--- + src/lxc/cmd/lxc_user_nic.c | 14 +++++--------- + 1 file changed, 5 insertions(+), 9 deletions(-) + +diff --git a/src/lxc/cmd/lxc_user_nic.c b/src/lxc/cmd/lxc_user_nic.c +index 4160565..5b848da 100644 +--- a/src/lxc/cmd/lxc_user_nic.c ++++ b/src/lxc/cmd/lxc_user_nic.c +@@ -1087,20 +1087,16 @@ int main(int argc, char *argv[]) + } else if (request == LXC_USERNIC_DELETE) { + char opath[LXC_PROC_PID_FD_LEN]; + +- /* Open the path with O_PATH which will not trigger an actual +- * open(). Don't report an errno to the caller to not leak +- * information whether the path exists or not. +- * When stracing setuid is stripped so this is not a concern +- * either. +- */ ++ // Keep in mind CVE-2022-47952: It's crucial not to leak any ++ // information whether open() succeeded or failed. + netns_fd = open(args.pid, O_PATH | O_CLOEXEC); + if (netns_fd < 0) { +- usernic_error("Failed to open \"%s\"\n", args.pid); ++ usernic_error("Failed while opening netns file for \"%s\"\n", args.pid); + _exit(EXIT_FAILURE); + } + + if (!fhas_fs_type(netns_fd, NSFS_MAGIC)) { +- usernic_error("Path \"%s\" does not refer to a network namespace path\n", args.pid); ++ usernic_error("Failed while opening netns file for \"%s\"\n", args.pid); + close(netns_fd); + _exit(EXIT_FAILURE); + } +@@ -1114,7 +1110,7 @@ int main(int argc, char *argv[]) + /* Now get an fd that we can use in setns() calls. */ + ret = open(opath, O_RDONLY | O_CLOEXEC); + if (ret < 0) { +- CMD_SYSERROR("Failed to open \"%s\"\n", args.pid); ++ CMD_SYSERROR("Failed while opening netns file for \"%s\"\n", args.pid); + close(netns_fd); + _exit(EXIT_FAILURE); + } +-- +2.25.1 + diff --git a/lxc.spec b/lxc.spec index f47073021b9be935c38dceec675e5f6fde0a906e..5c93d520d36d63c9bbdc6379e43626d8e8802b27 100644 --- a/lxc.spec +++ b/lxc.spec @@ -1,4 +1,4 @@ -%global _release 2022102406 +%global _release 2022102407 Name: lxc Version: 4.0.3 @@ -29,6 +29,7 @@ Patch0018: 0018-add-macro-to-adapt-musl-libc.patch Patch0019: 0019-add-lxc-attach-add-gids-option.patch Patch0020: 0020-add-sscanf-adapation-code-for-musl.patch Patch0021: 0021-change-the-suffi-parameter-in-lxc-attach-help-output.patch +Patch0022: 0022-fix-cve-CVE-2022-47952-log-leaks-root-information.patch BuildRequires: systemd-units git libtool graphviz docbook2X doxygen chrpath BuildRequires: pkgconfig(libseccomp) @@ -209,6 +210,12 @@ make check %endif %changelog +* Fri Jan 13 2023 wangrunze - 4.0.3-2022102407 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC: fix cve CVE-2022-47952 log leaks root information + * Fri Dec 16 2022 huangsong - 4.0.3-2022102406 - Type:bugfix - ID:NA diff --git a/series.conf b/series.conf index 104f14993e9ee8a32306d1c85044c47b21a8e6b2..1d8bad9504069bafaaebfc0765ff8f5a53f627e9 100644 --- a/series.conf +++ b/series.conf @@ -17,3 +17,5 @@ 0018-add-macro-to-adapt-musl-libc.patch 0019-add-lxc-attach-add-gids-option.patch 0020-add-sscanf-adapation-code-for-musl.patch +0021-change-the-suffi-parameter-in-lxc-attach-help-output.patch +0022-fix-cve-CVE-2022-47952-log-leaks-root-information.patch