diff --git a/0008-fix-NULL-dereference-in-super_by_fd.patch b/0008-fix-NULL-dereference-in-super_by_fd.patch new file mode 100644 index 0000000000000000000000000000000000000000..427bbd198c042a7cd226ef19bd7719fc8252a5d2 --- /dev/null +++ b/0008-fix-NULL-dereference-in-super_by_fd.patch @@ -0,0 +1,89 @@ +From 5025e5028b39770e76504af0ecb3e06e112d2c35 Mon Sep 17 00:00:00 2001 +From: lixiaokeng +Date: Mon, 12 Dec 2022 16:59:54 +0800 +Subject: [PATCH] Fix NULL dereference in super_by_fd + +When we create 100 partitions (major is 259 not 254) in a raid device, +mdadm may coredump: + +Core was generated by `/usr/sbin/mdadm --detail --export /dev/md1p3'. +Program terminated with signal SIGSEGV, Segmentation fault. +#0 __strlen_sse2 () + at ../sysdeps/x86_64/multiarch/strlen-vec.S:126 +126 movdqu (%rax), %xmm4 +(gdb) bt +#0 __strlen_sse2 () + at ../sysdeps/x86_64/multiarch/strlen-vec.S:126 +#1 0x00007f1944659139 in __strcpy_chk ( + dest=dest@entry=0x55ea8d7c23ac "", src=0x0, + destlen=destlen@entry=32) at strcpy_chk.c:28 +#2 0x000055ea8d10b66d in strcpy (__src=, + __dest=0x55ea8d7c23ac "") + at /usr/include/bits/string_fortified.h:79 +#3 super_by_fd (fd=fd@entry=3, + subarrayp=subarrayp@entry=0x7ffe6a1dff08) at util.c:1289 +#4 0x000055ea8d11b3a6 in Detail ( + dev=0x7ffe6a1e2f22 "/dev/md1p3", c=0x7ffe6a1e1700) + at Detail.c:101 +#5 0x000055ea8d101e61 in misc_list (c=, + ss=, dump_directory=, + ident=, devlist=) + at mdadm.c:1959 +#6 main (argc=, argv=) + at mdadm.c:1629 + +The direct cause is fd2devnm returning NULL, so add a check. +Similarly, add a check in map_by_devnm to avoid coredump. + +Fix issue:https://gitee.com/src-openeuler/mdadm/issues/I68G5I?from=project-issue + +Signed-off-by: Lixiaokeng +Signed-off-by: Wuguanghao +--- + mapfile.c | 4 ++++ + util.c | 7 ++++++- + 2 files changed, 10 insertions(+), 1 deletion(-) + +diff --git a/mapfile.c b/mapfile.c +index 8d7acb3..f72fe0d 100644 +--- a/mapfile.c ++++ b/mapfile.c +@@ -292,6 +292,10 @@ struct map_ent *map_by_uuid(struct map_ent **map, int uuid[4]) + struct map_ent *map_by_devnm(struct map_ent **map, char *devnm) + { + struct map_ent *mp; ++ ++ if (!devnm) ++ return NULL; ++ + if (!*map) + map_read(map); + +diff --git a/util.c b/util.c +index 64dd409..3a84ee3 100644 +--- a/util.c ++++ b/util.c +@@ -1241,6 +1241,11 @@ struct supertype *super_by_fd(int fd, char **subarrayp) + int i; + char *subarray = NULL; + char container[32] = ""; ++ char *devnm = NULL; ++ ++ devnm = fd2devnm(fd); ++ if (!devnm) ++ return NULL; + + sra = sysfs_read(fd, NULL, GET_VERSION); + +@@ -1286,7 +1291,7 @@ struct supertype *super_by_fd(int fd, char **subarrayp) + if (subarrayp) + *subarrayp = subarray; + strcpy(st->container_devnm, container); +- strcpy(st->devnm, fd2devnm(fd)); ++ strcpy(st->devnm, devnm); + } else + free(subarray); + +-- +1.8.3.1 + diff --git a/mdadm.spec b/mdadm.spec index 04404bbea55a55e02bc8d738cbd52ad01d5b7d0c..41845ac49b6a985df41325c9104d655398974430 100644 --- a/mdadm.spec +++ b/mdadm.spec @@ -1,6 +1,6 @@ Name: mdadm Version: 4.2 -Release: 5 +Release: 6 Summary: The software RAID arrays user manage tools License: GPLv2+ URL: http://www.kernel.org/pub/linux/utils/raid/mdadm/ @@ -17,6 +17,7 @@ Patch4: 0004-mdadm-mdcheck_start.service-mdcheck_continue.service.patch Patch5: 0005-Fix-possible-NULL-ptr-dereferences-and-memory-leaks.patch Patch6: 0006-mdadm-Don-t-open-md-device-for-CREATE-and-ASSEMBLE.patch Patch7: 0007-DDF-Fix-NULL-pointer-dereference-in-validate_geometr.patch +Patch8: 0008-fix-NULL-dereference-in-super_by_fd.patch BuildRequires: systemd gcc binutils libudev-devel Requires(post): systemd coreutils @@ -82,6 +83,9 @@ install -d -m 710 %{buildroot}/var/run/mdadm/ %{_mandir}/man*/* %changelog +* Fri Jan 6 2023 Zhiqiang Liu - 4.2-6 +* fix NULL dereference in super_by_fd + * Fri Dec 16 2022 Lixiaokeng - 4.2-5 * fix NULL dereference