diff --git a/backport-CVE-2023-49933.patch b/backport-CVE-2023-49933.patch new file mode 100644 index 0000000000000000000000000000000000000000..9b7da4247aa1eba0f3794e4d18dfd97314e0ce75 --- /dev/null +++ b/backport-CVE-2023-49933.patch @@ -0,0 +1,43 @@ +From 9d7c53042c05c6049604257702c900f1748294e1 Mon Sep 17 00:00:00 2001 +From: Tim Wickberg +Date: Wed, 29 Nov 2023 10:33:17 -0700 +Subject: [PATCH] Strict check on message size to prevent message extension + attacks. + +CVE-2023-49933. +--- + NEWS | 2 ++ + src/common/slurm_protocol_api.c | 6 +++--- + 2 files changed, 5 insertions(+), 3 deletions(-) + +diff --git a/src/common/slurm_protocol_api.c b/src/common/slurm_protocol_api.c +index daaca01aabc..e592a7dba0a 100644 +--- a/src/common/slurm_protocol_api.c ++++ b/src/common/slurm_protocol_api.c +@@ -1091,7 +1091,7 @@ extern int slurm_unpack_received_msg(slurm_msg_t *msg, int fd, buf_t *buffer) + + msg->body_offset = get_buf_offset(buffer); + +- if ((header.body_length > remaining_buf(buffer)) || ++ if ((header.body_length != remaining_buf(buffer)) || + _check_hash(buffer, &header, msg, auth_cred) || + (unpack_msg(msg, buffer) != SLURM_SUCCESS)) { + rc = ESLURM_PROTOCOL_INCOMPLETE_PACKET; +@@ -1380,7 +1380,7 @@ List slurm_receive_msgs(int fd, int steps, int timeout) + msg.msg_type = header.msg_type; + msg.flags = header.flags; + +- if ((header.body_length > remaining_buf(buffer)) || ++ if ((header.body_length != remaining_buf(buffer)) || + _check_hash(buffer, &header, &msg, auth_cred) || + (unpack_msg(&msg, buffer) != SLURM_SUCCESS)) { + (void) auth_g_destroy(auth_cred); +@@ -1804,7 +1804,7 @@ int slurm_receive_msg_and_forward(int fd, slurm_addr_t *orig_addr, + msg->msg_type = header.msg_type; + msg->flags = header.flags; + +- if ( (header.body_length > remaining_buf(buffer)) || ++ if ((header.body_length != remaining_buf(buffer)) || + _check_hash(buffer, &header, msg, auth_cred) || + (unpack_msg(msg, buffer) != SLURM_SUCCESS) ) { + (void) auth_g_destroy(auth_cred); diff --git a/backport-CVE-2023-49937.patch b/backport-CVE-2023-49937.patch new file mode 100644 index 0000000000000000000000000000000000000000..1506b101b126ab6bb4a2b3c129952e2a6d4520c8 --- /dev/null +++ b/backport-CVE-2023-49937.patch @@ -0,0 +1,23 @@ +From aefb439697c64ab0bacbea65d14aee92ebc0df29 Mon Sep 17 00:00:00 2001 +From: Tim Wickberg +Date: Tue, 28 Nov 2023 16:50:06 -0700 +Subject: [PATCH] Prevent double-xfree() on error in _unpack_node_reg_resp(). + +CVE-2023-49937. +--- + NEWS | 1 + + src/common/slurm_protocol_pack.c | 1 + + 2 files changed, 2 insertions(+) + +diff --git a/src/common/slurm_protocol_pack.c b/src/common/slurm_protocol_pack.c +index 1bd356687c1..8b0099a9bcf 100644 +--- a/src/common/slurm_protocol_pack.c ++++ b/src/common/slurm_protocol_pack.c +@@ -7719,6 +7719,7 @@ static int _unpack_node_reg_resp( + + unpack_error: + slurm_free_node_reg_resp_msg(msg_ptr); ++ *msg = NULL; + return SLURM_ERROR; + } + diff --git a/slurm.spec b/slurm.spec index b9b3bbff00ed1e4a929bbc8a076c7c718f5dfd2c..4d32c8ed3c19aafeabcd586bb40cc61789b60553 100644 --- a/slurm.spec +++ b/slurm.spec @@ -1,6 +1,6 @@ Name: slurm Version: 21.08.8 -%define rel 57 +%define rel 58 Release: %{rel}%{?dist} Summary: Slurm Workload Manager @@ -71,6 +71,10 @@ Patch52: 0052-fix-sacctmgr-delete-error-with-flags-specified.patch Patch53: 0053-add-slurmrestd-log.patch Patch54: 0054-add-restapi-for-scontrol-reconfigure.patch +# Fix cves +Patch3000: backport-CVE-2023-49933.patch +Patch3001: backport-CVE-2023-49937.patch + # build options .rpmmacros options change to default action # ==================== ==================== ======================== # --prefix %_prefix path install path for commands, libraries, etc. @@ -762,6 +766,9 @@ rm -rf %{buildroot} %systemd_postun_with_restart slurmdbd.service %changelog +* Thu Nov 07 2024 yaoxin - 21.08.8-58 +- Fix CVE-2023-49933 and CVE-2023-49937 + * Fri Jun 21 2024 Xing Liu - 21.08.8-57 - add restapi for scontrol reconfigure