From 8ea653ff4a6ac30f3698c348ff9da3336e498fdc Mon Sep 17 00:00:00 2001 From: wguanghao Date: Mon, 26 Aug 2024 15:49:59 +0800 Subject: [PATCH] backport bugfix patches from community (cherry picked from commit 99cf1ae757b9f5352ce15ee93b7150e0bc5599e8) --- ...mdadm-Assemble.c-fix-coverity-issues.patch | 143 ++++++++++++++++++ ...c-Fix-memory-leak-in-load_containers.patch | 28 ++++ ...-mapfile.c-Fix-STRING_OVERFLOW-issue.patch | 40 +++++ ...-mdadm-Monitor.c-fix-coverity-issues.patch | 67 ++++++++ 0020-mdadm-lib.c-fix-coverity-issues.patch | 43 ++++++ 0021-mdadm-msg.c-fix-coverity-issues.patch | 40 +++++ ...en-fix-coverity-issue-CHECKED_RETURN.patch | 33 ++++ ...r1-fix-coverity-issue-CHECKED_RETURN.patch | 67 ++++++++ 0024-mdadm-util.c-fix-coverity-issues.patch | 134 ++++++++++++++++ 0025-mdadm-sysfs.c-fix-coverity-issues.patch | 56 +++++++ mdadm.spec | 15 +- 11 files changed, 665 insertions(+), 1 deletion(-) create mode 100644 0016-mdadm-Assemble.c-fix-coverity-issues.patch create mode 100644 0017-config.c-Fix-memory-leak-in-load_containers.patch create mode 100644 0018-mapfile.c-Fix-STRING_OVERFLOW-issue.patch create mode 100644 0019-mdadm-Monitor.c-fix-coverity-issues.patch create mode 100644 0020-mdadm-lib.c-fix-coverity-issues.patch create mode 100644 0021-mdadm-msg.c-fix-coverity-issues.patch create mode 100644 0022-mdadm-mdopen-fix-coverity-issue-CHECKED_RETURN.patch create mode 100644 0023-mdadm-super1-fix-coverity-issue-CHECKED_RETURN.patch create mode 100644 0024-mdadm-util.c-fix-coverity-issues.patch create mode 100644 0025-mdadm-sysfs.c-fix-coverity-issues.patch diff --git a/0016-mdadm-Assemble.c-fix-coverity-issues.patch b/0016-mdadm-Assemble.c-fix-coverity-issues.patch new file mode 100644 index 0000000..b452ca2 --- /dev/null +++ b/0016-mdadm-Assemble.c-fix-coverity-issues.patch @@ -0,0 +1,143 @@ +From fd58c07b92b7b0b4d52ad870a180829afb5acae9 Mon Sep 17 00:00:00 2001 +From: Nigel Croxon +Date: Tue, 25 Jun 2024 07:57:28 -0400 +Subject: [PATCH] mdadm: Assemble.c fix coverity issues + +Fixing the following coding errors the coverity tools found: + +* Event dereference: Dereferencing "pre_exist", which is known to be "NULL". +* Event parameter_hidden: Declaration hides parameter "c". +* Event leaked_storage: Variable "pre_exist" going out of scope leaks the + storage it points to. +* Event leaked_storage: Variable "avail" going out of scope leaks the + storage it points to. + +Signed-off-by: Nigel Croxon +--- + Assemble.c | 29 +++++++++++++++++++++++------ + 1 file changed, 23 insertions(+), 6 deletions(-) + +diff --git a/Assemble.c b/Assemble.c +index 2bd7f08..68e0fe2 100644 +--- a/Assemble.c ++++ b/Assemble.c +@@ -563,6 +563,9 @@ static int select_devices(struct mddev_dev *devlist, + tmpdev->used = 1; + content = *contentp; + ++ if (!st) ++ return -1; ++ + if (!st->sb) { + /* we need sb from one of the spares */ + int dfd = dev_open(tmpdev->devname, O_RDONLY); +@@ -811,12 +814,12 @@ static int load_devices(struct devs *devices, char *devmap, + if (i >= bestcnt) { + int newbestcnt = i+10; + int *newbest = xmalloc(sizeof(int)*newbestcnt); +- int c; +- for (c=0; c < newbestcnt; c++) +- if (c < bestcnt) +- newbest[c] = best[c]; ++ int cc; ++ for (cc = 0; cc < newbestcnt; cc++) ++ if (cc < bestcnt) ++ newbest[cc] = best[cc]; + else +- newbest[c] = -1; ++ newbest[cc] = -1; + if (best)free(best); + best = newbest; + bestcnt = newbestcnt; +@@ -1493,8 +1496,11 @@ try_again: + mp = map_by_uuid(&map, content->uuid); + if (mp) { + struct mdinfo *dv; +- /* array already exists. */ + pre_exist = sysfs_read(-1, mp->devnm, GET_LEVEL|GET_DEVS); ++ if (!pre_exist) ++ goto out; ++ ++ /* array already exists. */ + if (pre_exist->array.level != UnSet) { + pr_err("Found some drive for an array that is already active: %s\n", + mp->path); +@@ -1607,6 +1613,7 @@ try_again: + err = assemble_container_content(st, mdfd, content, c, + chosen_name, NULL); + close(mdfd); ++ sysfs_free(pre_exist); + return err; + } + +@@ -1746,23 +1753,27 @@ try_again: + : (O_RDONLY|O_EXCL)))< 0) { + pr_err("Cannot open %s: %s\n", + devices[j].devname, strerror(errno)); ++ free(avail); + goto out; + } + if (st->ss->load_super(st,fd, NULL)) { + close(fd); + pr_err("RAID superblock has disappeared from %s\n", + devices[j].devname); ++ free(avail); + goto out; + } + close(fd); + } + if (st->sb == NULL) { + pr_err("No suitable drives found for %s\n", mddev); ++ free(avail); + goto out; + } + st->ss->getinfo_super(st, content, NULL); + if (sysfs_init(content, mdfd, NULL)) { + pr_err("Unable to initialize sysfs\n"); ++ free(avail); + goto out; + } + +@@ -1832,12 +1843,14 @@ try_again: + if (fd < 0) { + pr_err("Could not open %s for write - cannot Assemble array.\n", + devices[chosen_drive].devname); ++ free(avail); + goto out; + } + if (st->ss->store_super(st, fd)) { + close(fd); + pr_err("Could not re-write superblock on %s\n", + devices[chosen_drive].devname); ++ free(avail); + goto out; + } + if (c->verbose >= 0) +@@ -1896,6 +1909,7 @@ try_again: + pr_err("Failed to restore critical section for reshape, sorry.\n"); + if (c->backup_file == NULL) + cont_err("Possibly you needed to specify the --backup-file\n"); ++ free(avail); + goto out; + } + } +@@ -1924,6 +1938,7 @@ try_again: + if (rv == 1 && !pre_exist) + ioctl(mdfd, STOP_ARRAY, NULL); + free(devices); ++ free(avail); + out: + map_unlock(&map); + if (rv == 0) { +@@ -1958,6 +1973,8 @@ out: + } else if (mdfd >= 0) + close(mdfd); + ++ sysfs_free(pre_exist); ++ + /* '2' means 'OK, but not started yet' */ + if (rv == -1) { + free(devices); +-- +2.43.0 + diff --git a/0017-config.c-Fix-memory-leak-in-load_containers.patch b/0017-config.c-Fix-memory-leak-in-load_containers.patch new file mode 100644 index 0000000..201eb10 --- /dev/null +++ b/0017-config.c-Fix-memory-leak-in-load_containers.patch @@ -0,0 +1,28 @@ +From 44457789fd67168c37932060f9a991f0c611e5a2 Mon Sep 17 00:00:00 2001 +From: Anna Sztukowska +Date: Fri, 28 Jun 2024 12:32:16 +0200 +Subject: [PATCH] config.c: Fix memory leak in load_containers() + +Fix memory leak in load_containers() in config.c reported by SAST +analysis. + +Signed-off-by: Anna Sztukowska +--- + config.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/config.c b/config.c +index 612e700d..cd2379bd 100644 +--- a/config.c ++++ b/config.c +@@ -379,6 +379,7 @@ struct mddev_dev *load_containers(void) + map = NULL; + } + free_mdstat(mdstat); ++ map_free(map); + + return rv; + } +-- +2.39.2 + diff --git a/0018-mapfile.c-Fix-STRING_OVERFLOW-issue.patch b/0018-mapfile.c-Fix-STRING_OVERFLOW-issue.patch new file mode 100644 index 0000000..0284739 --- /dev/null +++ b/0018-mapfile.c-Fix-STRING_OVERFLOW-issue.patch @@ -0,0 +1,40 @@ +From 48c365376ce7763fd9a9e7735b1e9ec5d0ff1631 Mon Sep 17 00:00:00 2001 +From: Anna Sztukowska +Date: Wed, 3 Jul 2024 14:11:58 +0200 +Subject: [PATCH] mapfile.c: Fix STRING_OVERFLOW issue + +Fix STRING_OVERFLOW issue found by SAST analysis in map_add() and +map_update() in mapfile.c. + +Signed-off-by: Anna Sztukowska +--- + mapfile.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/mapfile.c b/mapfile.c +index f1f3ee2c..ea9837ac 100644 +--- a/mapfile.c ++++ b/mapfile.c +@@ -165,8 +165,8 @@ void map_add(struct map_ent **melp, + { + struct map_ent *me = xmalloc(sizeof(*me)); + +- strcpy(me->devnm, devnm); +- strcpy(me->metadata, metadata); ++ snprintf(me->devnm, sizeof(me->devnm), "%s", devnm); ++ snprintf(me->metadata, sizeof(me->metadata), "%s", metadata); + memcpy(me->uuid, uuid, 16); + me->path = path ? xstrdup(path) : NULL; + me->next = *melp; +@@ -227,7 +227,7 @@ int map_update(struct map_ent **mpp, char *devnm, char *metadata, + + for (mp = map ; mp ; mp=mp->next) + if (strcmp(mp->devnm, devnm) == 0) { +- strcpy(mp->metadata, metadata); ++ snprintf(mp->metadata, sizeof(mp->metadata), "%s", metadata); + memcpy(mp->uuid, uuid, 16); + free(mp->path); + mp->path = path ? xstrdup(path) : NULL; +-- +2.39.2 + diff --git a/0019-mdadm-Monitor.c-fix-coverity-issues.patch b/0019-mdadm-Monitor.c-fix-coverity-issues.patch new file mode 100644 index 0000000..2d1c6b0 --- /dev/null +++ b/0019-mdadm-Monitor.c-fix-coverity-issues.patch @@ -0,0 +1,67 @@ +From 4e9e7cc59fab61e16a93d0ae3b73e9b9b0001d4b Mon Sep 17 00:00:00 2001 +From: Nigel Croxon +Date: Mon, 15 Jul 2024 10:13:46 -0400 +Subject: [PATCH] mdadm: Monitor.c fix coverity issues + +Fixing the following coding errors the coverity tools found: + +* Event check_return: Calling "fcntl(fd, 2, 1)" without checking +return value. This library function may fail and return an error code. + +* Dereferencing "sl", which is known to be "NULL". + +* Event fixed_size_dest: You might overrun the 32-character fixed-size +string "devnm" by copying "tmp" without checking the length. + +Signed-off-by: Nigel Croxon +--- + Monitor.c | 12 ++++++++---- + 1 file changed, 8 insertions(+), 4 deletions(-) + +diff --git a/Monitor.c b/Monitor.c +index 9f1765d..4637729 100644 +--- a/Monitor.c ++++ b/Monitor.c +@@ -570,7 +570,9 @@ static int check_array(struct state *st, struct mdstat_ent *mdstat, + if (!is_container && !md_array_active(fd)) + goto disappeared; + +- fcntl(fd, F_SETFD, FD_CLOEXEC); ++ if (fcntl(fd, F_SETFD, FD_CLOEXEC) < 0) ++ goto out; ++ + if (md_get_array_info(fd, &array) < 0) + goto disappeared; + +@@ -796,7 +798,8 @@ static int add_new_arrays(struct mdstat_ent *mdstat, struct state **statelist, + strcpy(st->parent_devnm, + mse->metadata_version+10); + sl = strchr(st->parent_devnm, '/'); +- *sl = 0; ++ if (sl) ++ *sl = 0; + } else + st->parent_devnm[0] = 0; + *statelist = st; +@@ -1135,7 +1138,7 @@ int Wait(char *dev) + return 2; + } + +- strcpy(devnm, tmp); ++ snprintf(devnm, sizeof(devnm), "%s", tmp); + + while(1) { + struct mdstat_ent *ms = mdstat_read(1, 0); +@@ -1206,7 +1209,8 @@ int WaitClean(char *dev, int verbose) + return 1; + } + +- strcpy(devnm, fd2devnm(fd)); ++ snprintf(devnm, sizeof(devnm), "%s", fd2devnm(fd)); ++ + mdi = sysfs_read(fd, devnm, GET_VERSION|GET_LEVEL|GET_SAFEMODE); + if (!mdi) { + if (verbose) +-- +2.43.0 + diff --git a/0020-mdadm-lib.c-fix-coverity-issues.patch b/0020-mdadm-lib.c-fix-coverity-issues.patch new file mode 100644 index 0000000..fb34e5a --- /dev/null +++ b/0020-mdadm-lib.c-fix-coverity-issues.patch @@ -0,0 +1,43 @@ +From da7aecdf25371e1476da4ec56e9ec5ddf13af5da Mon Sep 17 00:00:00 2001 +From: Nigel Croxon +Date: Tue, 16 Jul 2024 07:20:10 -0400 +Subject: [PATCH] mdadm: lib.c fix coverity issues + +Fixing the following coding errors the coverity tools found: + +* Event fixed_size_dest: You might overrun the 32-character fixed-size +string "devnm" by copying "cp + 1" without checking the length. + +* Event fixed_size_dest: You might overrun the 32-character fixed-size +string "devnm" by copying "cp" without checking the length. + +Signed-off-by: Nigel Croxon +--- + lib.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/lib.c b/lib.c +index 2b09293c..13d4e4f1 100644 +--- a/lib.c ++++ b/lib.c +@@ -109,7 +109,7 @@ char *devid2kname(dev_t devid) + link[n] = 0; + cp = strrchr(link, '/'); + if (cp) { +- strcpy(devnm, cp + 1); ++ snprintf(devnm, sizeof(devnm), "%s", cp + 1); + return devnm; + } + } +@@ -159,7 +159,7 @@ char *devid2devnm(dev_t devid) + ep = strchr(cp, '/'); + if (ep) + *ep = 0; +- strcpy(devnm, cp); ++ snprintf(devnm, sizeof(devnm), "%s", cp); + return devnm; + } + } +-- +2.39.2 + diff --git a/0021-mdadm-msg.c-fix-coverity-issues.patch b/0021-mdadm-msg.c-fix-coverity-issues.patch new file mode 100644 index 0000000..d0690c4 --- /dev/null +++ b/0021-mdadm-msg.c-fix-coverity-issues.patch @@ -0,0 +1,40 @@ +From 87f96c870399cd029933a9742ba72e85e3251c3e Mon Sep 17 00:00:00 2001 +From: Nigel Croxon +Date: Wed, 24 Jul 2024 09:20:28 -0400 +Subject: [PATCH] mdadm: msg.c fix coverity issues + +Fixing the following coding errors the coverity tools found: + +* Event check_return: Calling "fcntl(sfd, 4, fl)" without +checking return value. This library function may fail and +return an error code. + +Signed-off-by: Nigel Croxon +--- + msg.c | 9 ++++++++- + 1 file changed, 8 insertions(+), 1 deletion(-) + +diff --git a/msg.c b/msg.c +index f0772b3f..b6da91d3 100644 +--- a/msg.c ++++ b/msg.c +@@ -176,8 +176,15 @@ int connect_monitor(char *devname) + } + + fl = fcntl(sfd, F_GETFL, 0); ++ if (fl < 0) { ++ close(sfd); ++ return -1; ++ } + fl |= O_NONBLOCK; +- fcntl(sfd, F_SETFL, fl); ++ if (fcntl(sfd, F_SETFL, fl) < 0) { ++ close(sfd); ++ return -1; ++ } + + return sfd; + } +-- +2.39.2 + diff --git a/0022-mdadm-mdopen-fix-coverity-issue-CHECKED_RETURN.patch b/0022-mdadm-mdopen-fix-coverity-issue-CHECKED_RETURN.patch new file mode 100644 index 0000000..6a37600 --- /dev/null +++ b/0022-mdadm-mdopen-fix-coverity-issue-CHECKED_RETURN.patch @@ -0,0 +1,33 @@ +From f34040081c36ff92180674b89c39ddc7bdd47288 Mon Sep 17 00:00:00 2001 +From: Xiao Ni +Date: Fri, 26 Jul 2024 15:14:09 +0800 +Subject: [PATCH] mdadm/mdopen: fix coverity issue CHECKED_RETURN + +It needs to check return values when functions return value. + +Signed-off-by: Xiao Ni +Signed-off-by: Mariusz Tkaczyk +--- + mdopen.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/mdopen.c b/mdopen.c +index eaa59b59..c9fda131 100644 +--- a/mdopen.c ++++ b/mdopen.c +@@ -406,7 +406,11 @@ int create_mddev(char *dev, char *name, int autof, int trustworthy, + perror("chown"); + if (chmod(devname, ci->mode)) + perror("chmod"); +- stat(devname, &stb); ++ if (stat(devname, &stb) < 0) { ++ pr_err("failed to stat %s\n", ++ devname); ++ return -1; ++ } + add_dev(devname, &stb, 0, NULL); + } + if (use_mdp == 1) +-- +2.39.2 + diff --git a/0023-mdadm-super1-fix-coverity-issue-CHECKED_RETURN.patch b/0023-mdadm-super1-fix-coverity-issue-CHECKED_RETURN.patch new file mode 100644 index 0000000..4801213 --- /dev/null +++ b/0023-mdadm-super1-fix-coverity-issue-CHECKED_RETURN.patch @@ -0,0 +1,67 @@ +From eb9834599c8c9764bb3e711b6f291b10797eff27 Mon Sep 17 00:00:00 2001 +From: Xiao Ni +Date: Fri, 26 Jul 2024 15:14:13 +0800 +Subject: [PATCH] mdadm/super1: fix coverity issue CHECKED_RETURN + +It needs to check return value when functions return value. + +Signed-off-by: Xiao Ni +Signed-off-by: Mariusz Tkaczyk +--- + super1.c | 20 ++++++++++++++++---- + 1 file changed, 16 insertions(+), 4 deletions(-) + +diff --git a/super1.c b/super1.c +index 81d29a65..4e4c7bfd 100644 +--- a/super1.c ++++ b/super1.c +@@ -260,7 +260,10 @@ static int aread(struct align_fd *afd, void *buf, int len) + n = read(afd->fd, b, iosize); + if (n <= 0) + return n; +- lseek(afd->fd, len - n, 1); ++ if (lseek(afd->fd, len - n, 1) < 0) { ++ pr_err("lseek fails\n"); ++ return -1; ++ } + if (n > len) + n = len; + memcpy(buf, b, n); +@@ -294,14 +297,20 @@ static int awrite(struct align_fd *afd, void *buf, int len) + n = read(afd->fd, b, iosize); + if (n <= 0) + return n; +- lseek(afd->fd, -n, 1); ++ if (lseek(afd->fd, -n, 1) < 0) { ++ pr_err("lseek fails\n"); ++ return -1; ++ } + } + + memcpy(b, buf, len); + n = write(afd->fd, b, iosize); + if (n <= 0) + return n; +- lseek(afd->fd, len - n, 1); ++ if (lseek(afd->fd, len - n, 1) < 0) { ++ pr_err("lseek fails\n"); ++ return -1; ++ } + return len; + } + +@@ -2667,7 +2676,10 @@ static int locate_bitmap1(struct supertype *st, int fd, int node_num) + } + if (mustfree) + free(sb); +- lseek64(fd, offset<<9, 0); ++ if (lseek64(fd, offset<<9, 0) < 0) { ++ pr_err("lseek fails\n"); ++ ret = -1; ++ } + return ret; + } + +-- +2.39.2 + diff --git a/0024-mdadm-util.c-fix-coverity-issues.patch b/0024-mdadm-util.c-fix-coverity-issues.patch new file mode 100644 index 0000000..996e1ff --- /dev/null +++ b/0024-mdadm-util.c-fix-coverity-issues.patch @@ -0,0 +1,134 @@ +From ea076e7c4bc8b3122ad9d7131098c4b85902a299 Mon Sep 17 00:00:00 2001 +From: Nigel Croxon +Date: Wed, 7 Aug 2024 11:33:23 -0400 +Subject: [PATCH] mdadm: util.c fix coverity issues + +Fixing the following coding errors the coverity tools found: + +* Event check_return: Calling "open" without checking return value +* Event check_return: Calling "lseek(fd, sector_size, 0)" without +checking return value. +* Event leaked_handle: Handle variable "fd" going out of scope leaks +the handle. +* Event leaked_storage: Variable "dir" going out of scope leaks the +storage it points to. +* Event fixed_size_dest: You might overrun the 32-character fixed-size +string "st->devnm" by copying "_devnm" without checking the length. +* Event fixed_size_dest: You might overrun the 32-character fixed-size +string "container" by copying "dev" without checking the length. + +Signed-off-by: Nigel Croxon +--- + util.c | 41 +++++++++++++++++++++++++---------------- + 1 file changed, 25 insertions(+), 16 deletions(-) + +diff --git a/util.c b/util.c +index 83d42833..1cee0feb 100644 +--- a/util.c ++++ b/util.c +@@ -1253,7 +1253,7 @@ struct supertype *super_by_fd(int fd, char **subarrayp) + *subarray++ = '\0'; + subarray = xstrdup(subarray); + } +- strcpy(container, dev); ++ snprintf(container, sizeof(container), "%s", dev); + sysfs_free(sra); + sra = sysfs_read(-1, container, GET_VERSION); + if (sra && sra->text_version[0]) +@@ -1430,7 +1430,8 @@ static int get_gpt_last_partition_end(int fd, unsigned long long *endofpart) + /* skip protective MBR */ + if (!get_dev_sector_size(fd, NULL, §or_size)) + return 0; +- lseek(fd, sector_size, SEEK_SET); ++ if (lseek(fd, sector_size, SEEK_SET) == -1L) ++ return 0; + /* read GPT header */ + if (read(fd, &gpt, 512) != 512) + return 0; +@@ -1451,7 +1452,8 @@ static int get_gpt_last_partition_end(int fd, unsigned long long *endofpart) + part = (struct GPT_part_entry *)buf; + + /* set offset to third block (GPT entries) */ +- lseek(fd, sector_size*2, SEEK_SET); ++ if (lseek(fd, sector_size*2, SEEK_SET) == -1L) ++ return 0; + for (part_nr = 0; part_nr < all_partitions; part_nr++) { + /* read partition entry */ + if (read(fd, buf, entry_size) != (ssize_t)entry_size) +@@ -1486,7 +1488,8 @@ static int get_last_partition_end(int fd, unsigned long long *endofpart) + + BUILD_BUG_ON(sizeof(boot_sect) != 512); + /* read MBR */ +- lseek(fd, 0, 0); ++ if (lseek(fd, 0, 0) == -1L) ++ goto abort; + if (read(fd, &boot_sect, 512) != 512) + goto abort; + +@@ -1715,7 +1718,7 @@ int open_subarray(char *dev, char *subarray, struct supertype *st, int quiet) + dev); + goto close_fd; + } +- strcpy(st->devnm, _devnm); ++ snprintf(st->devnm, sizeof(st->devnm), "%s", _devnm); + + mdi = sysfs_read(fd, st->devnm, GET_VERSION|GET_LEVEL); + if (!mdi) { +@@ -2293,14 +2296,16 @@ void manage_fork_fds(int close_all) + { + DIR *dir; + struct dirent *dirent; ++ int fd = open("/dev/null", O_RDWR); + +- close(0); +- open("/dev/null", O_RDWR); +- ++ if (is_fd_valid(fd)) { ++ dup2(fd, 0); + #ifndef DEBUG + dup2(0, 1); + dup2(0, 2); ++ close_fd(&fd); + #endif ++ } + + if (close_all == 0) + return; +@@ -2319,8 +2324,10 @@ void manage_fork_fds(int close_all) + + fd = strtol(dirent->d_name, NULL, 10); + if (fd > 2) +- close(fd); ++ close_fd(&fd); + } ++ closedir(dir); ++ return; + } + + /* In a systemd/udev world, it is best to get systemd to +@@ -2367,13 +2374,15 @@ void reopen_mddev(int mdfd) + /* Re-open without any O_EXCL, but keep + * the same fd + */ +- char *devnm; +- int fd; +- devnm = fd2devnm(mdfd); +- close(mdfd); +- fd = open_dev(devnm); +- if (fd >= 0 && fd != mdfd) +- dup2(fd, mdfd); ++ char *devnm = fd2devnm(mdfd); ++ int fd = open_dev(devnm); ++ ++ if (!is_fd_valid(fd)) ++ return; ++ ++ dup2(fd, mdfd); ++ ++ close_fd(&fd); + } + + static struct cmap_hooks *cmap_hooks = NULL; +-- +2.39.2 + diff --git a/0025-mdadm-sysfs.c-fix-coverity-issues.patch b/0025-mdadm-sysfs.c-fix-coverity-issues.patch new file mode 100644 index 0000000..f826a6e --- /dev/null +++ b/0025-mdadm-sysfs.c-fix-coverity-issues.patch @@ -0,0 +1,56 @@ +From 18eaf6c5206a37ad059c930d1ee2dbc9b7297513 Mon Sep 17 00:00:00 2001 +From: Nigel Croxon +Date: Thu, 18 Jul 2024 13:05:57 -0400 +Subject: [PATCH] mdadm: sysfs.c fix coverity issues + +Fixing the following coding errors the coverity tools found: + +* Event fixed_size_dest: You might overrun the 32-character +fixed-size string "mdi->sys_name" by copying "devnm" without +checking the length + +* Event fixed_size_dest: You might overrun the 50-character +fixed-size string "sra->text_version" by copying "buf + 9" +without checking the length. + +* Event string_overflow: You might overrun the 32-character +destination string "dev->sys_name" by writing 256 characters +from "de->d_name". + +Signed-off-by: Nigel Croxon +--- + sysfs.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/sysfs.c b/sysfs.c +index 20fe1e9e..b3c8b10d 100644 +--- a/sysfs.c ++++ b/sysfs.c +@@ -139,7 +139,7 @@ int sysfs_init(struct mdinfo *mdi, int fd, char *devnm) + goto out; + if (!S_ISDIR(stb.st_mode)) + goto out; +- strcpy(mdi->sys_name, devnm); ++ strncpy(mdi->sys_name, devnm, sizeof(mdi->sys_name) - 1); + + retval = 0; + out: +@@ -179,6 +179,7 @@ struct mdinfo *sysfs_read(int fd, char *devnm, unsigned long options) + sra->array.major_version = -1; + sra->array.minor_version = -2; + strcpy(sra->text_version, buf+9); ++ sra->text_version[sizeof(sra->text_version) - 1] = '\0'; + } else { + sscanf(buf, "%d.%d", + &sra->array.major_version, +@@ -340,6 +341,7 @@ struct mdinfo *sysfs_read(int fd, char *devnm, unsigned long options) + + } + strcpy(dev->sys_name, de->d_name); ++ dev->sys_name[sizeof(dev->sys_name) - 1] = '\0'; + dev->disk.raid_disk = strtoul(buf, &ep, 10); + if (*ep) dev->disk.raid_disk = -1; + +-- +2.39.2 + diff --git a/mdadm.spec b/mdadm.spec index d72dd4e..c157c38 100644 --- a/mdadm.spec +++ b/mdadm.spec @@ -1,6 +1,6 @@ Name: mdadm Version: 4.2 -Release: 13 +Release: 14 Summary: The software RAID arrays user manage tools License: GPLv2+ URL: http://www.kernel.org/pub/linux/utils/raid/mdadm/ @@ -25,6 +25,16 @@ Patch12: 0012-mdadm-Fix-double-free.patch Patch13: 0013-Fix-memory-leak-in-file-Manage.patch Patch14: 0014-Manage-fix-check-after-dereference-issue.patch Patch15: 0015-Mdmonitor-Fix-segfault.patch +Patch16: 0016-mdadm-Assemble.c-fix-coverity-issues.patch +Patch17: 0017-config.c-Fix-memory-leak-in-load_containers.patch +Patch18: 0018-mapfile.c-Fix-STRING_OVERFLOW-issue.patch +Patch19: 0019-mdadm-Monitor.c-fix-coverity-issues.patch +Patch20: 0020-mdadm-lib.c-fix-coverity-issues.patch +Patch21: 0021-mdadm-msg.c-fix-coverity-issues.patch +Patch22: 0022-mdadm-mdopen-fix-coverity-issue-CHECKED_RETURN.patch +Patch23: 0023-mdadm-super1-fix-coverity-issue-CHECKED_RETURN.patch +Patch24: 0024-mdadm-util.c-fix-coverity-issues.patch +Patch25: 0025-mdadm-sysfs.c-fix-coverity-issues.patch BuildRequires: systemd gcc binutils libudev-devel Requires(post): systemd coreutils @@ -90,6 +100,9 @@ install -d -m 710 %{buildroot}/var/run/mdadm/ %{_mandir}/man*/* %changelog +* Wed Aug 28 2024 wuguanghao - 4.2-14 +- backport bugfix patches from community + * Thu Jul 11 2024 Deyuan Fan - 4.2-13 - Mdmonitor: Fix segfault -- Gitee