From 4a51a79c64a6cd87090a7699c5997c6de92efd6d Mon Sep 17 00:00:00 2001 From: "Neil.wrz" Date: Sun, 15 Jan 2023 18:13:30 -0800 Subject: [PATCH] fix cve CVE 2022-47952 log leaks root information Signed-off-by: Neil.wrz --- ...022-47952-log-leaks-root-information.patch | 50 +++++++++++++++++++ lxc.spec | 9 +++- 2 files changed, 58 insertions(+), 1 deletion(-) create mode 100644 0032-fix-cve-CVE-2022-47952-log-leaks-root-information.patch diff --git a/0032-fix-cve-CVE-2022-47952-log-leaks-root-information.patch b/0032-fix-cve-CVE-2022-47952-log-leaks-root-information.patch new file mode 100644 index 0000000..b1ad5a6 --- /dev/null +++ b/0032-fix-cve-CVE-2022-47952-log-leaks-root-information.patch @@ -0,0 +1,50 @@ +From fbae2f59fe9989963ca4ca617680c6eecbd84e91 Mon Sep 17 00:00:00 2001 +From: "Neil.wrz" +Date: Sun, 15 Jan 2023 18:00:20 -0800 +Subject: [PATCH] update + +--- + src/lxc/cmd/lxc_user_nic.c | 14 +++++--------- + 1 file changed, 5 insertions(+), 9 deletions(-) + +diff --git a/src/lxc/cmd/lxc_user_nic.c b/src/lxc/cmd/lxc_user_nic.c +index fd34559..d62f551 100644 +--- a/src/lxc/cmd/lxc_user_nic.c ++++ b/src/lxc/cmd/lxc_user_nic.c +@@ -1113,20 +1113,16 @@ int main(int argc, char *argv[]) + } else if (request == LXC_USERNIC_DELETE) { + char opath[LXC_PROC_PID_FD_LEN]; + +- /* Open the path with O_PATH which will not trigger an actual +- * open(). Don't report an errno to the caller to not leak +- * information whether the path exists or not. +- * When stracing setuid is stripped so this is not a concern +- * either. +- */ ++ // Keep in mind CVE-2022-47952: It's crucial not to leak any ++ // information whether open() succeeded or failed. + netns_fd = open(args.pid, O_PATH | O_CLOEXEC); + if (netns_fd < 0) { +- usernic_error("Failed to open \"%s\"\n", args.pid); ++ usernic_error("Failed while opening netns file for \"%s\"\n", args.pid); + _exit(EXIT_FAILURE); + } + + if (!fhas_fs_type(netns_fd, NSFS_MAGIC)) { +- usernic_error("Path \"%s\" does not refer to a network namespace path\n", args.pid); ++ usernic_error("Failed while opening netns file for \"%s\"\n", args.pid); + close(netns_fd); + _exit(EXIT_FAILURE); + } +@@ -1140,7 +1136,7 @@ int main(int argc, char *argv[]) + /* Now get an fd that we can use in setns() calls. */ + ret = open(opath, O_RDONLY | O_CLOEXEC); + if (ret < 0) { +- CMD_SYSERROR("Failed to open \"%s\"\n", args.pid); ++ CMD_SYSERROR("Failed while opening netns file for \"%s\"\n", args.pid); + close(netns_fd); + _exit(EXIT_FAILURE); + } +-- +2.25.1 + diff --git a/lxc.spec b/lxc.spec index 78e7702..5d969b0 100644 --- a/lxc.spec +++ b/lxc.spec @@ -1,4 +1,4 @@ -%global _release 2021092601 +%global _release 2021092602 Name: lxc Version: 4.0.3 @@ -39,6 +39,7 @@ Patch0028: 0028-seccomp-init-and-destroy-notifier.cookie.patch Patch0029: 0029-just-use-origin-loop-if-do-not-have-io.patch Patch0030: 0030-conf-fix-a-memory-leak.patch Patch0031: 0031-fix-lsm_se_mount_context-memory-leak.patch +Patch0032: 0032-fix-cve-CVE-2022-47952-log-leaks-root-information.patch BuildRequires: systemd-units git libtool graphviz docbook2X doxygen chrpath BuildRequires: pkgconfig(libseccomp) @@ -210,6 +211,12 @@ make check %{_mandir}/*/man7/%{name}* %changelog +* Mon Jan 16 2023 wangrunze - 4.0.3-2021092602 +- Type:cve +- ID:NA +- SUG:NA +- DESC:fix cve CVE 2022-47952 log leaks root information + * Sun Sep 26 2021 chengzeruizhi - 4.0.3-2021092601 - Type:bugfix - ID:NA -- Gitee