diff --git a/backport-CVE-2025-30472.patch b/backport-CVE-2025-30472.patch deleted file mode 100644 index 17b4c3e4b3e804c0e9e9c11b3b4ef7b30dd6d105..0000000000000000000000000000000000000000 --- a/backport-CVE-2025-30472.patch +++ /dev/null @@ -1,68 +0,0 @@ -From 7839990f9cdf34e55435ed90109e82709032466a Mon Sep 17 00:00:00 2001 -From: Jan Friesse -Date: Mon, 24 Mar 2025 12:05:08 +0100 -Subject: [PATCH] totemsrp: Check size of orf_token msg - -orf_token message is stored into preallocated array on endian convert -so carefully crafted malicious message can lead to crash of corosync. - -Solution is to check message size beforehand. - -Signed-off-by: Jan Friesse -Reviewed-by: Christine Caulfield ---- - exec/totemsrp.c | 18 +++++++++++++++++- - 1 file changed, 17 insertions(+), 1 deletion(-) - -diff --git a/exec/totemsrp.c b/exec/totemsrp.c -index 962d0e2a..364528ce 100644 ---- a/exec/totemsrp.c -+++ b/exec/totemsrp.c -@@ -3679,12 +3679,20 @@ static int check_orf_token_sanity( - const struct totemsrp_instance *instance, - const void *msg, - size_t msg_len, -+ size_t max_msg_len, - int endian_conversion_needed) - { - int rtr_entries; - const struct orf_token *token = (const struct orf_token *)msg; - size_t required_len; - -+ if (msg_len > max_msg_len) { -+ log_printf (instance->totemsrp_log_level_security, -+ "Received orf_token message is too long... ignoring."); -+ -+ return (-1); -+ } -+ - if (msg_len < sizeof(struct orf_token)) { - log_printf (instance->totemsrp_log_level_security, - "Received orf_token message is too short... ignoring."); -@@ -3698,6 +3706,13 @@ static int check_orf_token_sanity( - rtr_entries = token->rtr_list_entries; - } - -+ if (rtr_entries > RETRANSMIT_ENTRIES_MAX) { -+ log_printf (instance->totemsrp_log_level_security, -+ "Received orf_token message rtr_entries is corrupted... ignoring."); -+ -+ return (-1); -+ } -+ - required_len = sizeof(struct orf_token) + rtr_entries * sizeof(struct rtr_item); - if (msg_len < required_len) { - log_printf (instance->totemsrp_log_level_security, -@@ -3868,7 +3883,8 @@ static int message_handler_orf_token ( - "Time since last token %0.4f ms", tv_diff / (float)QB_TIME_NS_IN_MSEC); - #endif - -- if (check_orf_token_sanity(instance, msg, msg_len, endian_conversion_needed) == -1) { -+ if (check_orf_token_sanity(instance, msg, msg_len, sizeof(token_storage), -+ endian_conversion_needed) == -1) { - return (0); - } - --- -2.47.0 - diff --git a/backport-Coverity-2025.3-fixes-without-sam.c.patch b/backport-Coverity-2025.3-fixes-without-sam.c.patch deleted file mode 100644 index 99ba3763dd690c486dec81e646ee11775745973e..0000000000000000000000000000000000000000 --- a/backport-Coverity-2025.3-fixes-without-sam.c.patch +++ /dev/null @@ -1,711 +0,0 @@ -From 18c2d235cb76ed2cd4aca8fb130dc39646b19884 Mon Sep 17 00:00:00 2001 -From: Jan Friesse -Date: Mon, 21 Jul 2025 10:17:58 +0200 -Subject: [PATCH 01/12] cpg: Fix signedness of munmap result - -munmap is signed and return value of zcb_free is also signed so storing -munmap result into unsigned value doesn't make sense. - -Similar issue is fixed in zcb_by_addr_free function. - -Signed-off-by: Jan Friesse -Reviewed-by: Christine Caulfield ---- - exec/cpg.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/exec/cpg.c b/exec/cpg.c -index 0439d142..6a24af81 100644 ---- a/exec/cpg.c -+++ b/exec/cpg.c -@@ -1770,7 +1770,7 @@ static inline int zcb_alloc ( - - static inline int zcb_free (struct zcb_mapped *zcb_mapped) - { -- unsigned int res; -+ int res; - - res = munmap (zcb_mapped->addr, zcb_mapped->size); - qb_list_del (&zcb_mapped->list); -@@ -1782,7 +1782,7 @@ static inline int zcb_by_addr_free (struct cpg_pd *cpd, void *addr) - { - struct qb_list_head *list, *tmp_iter; - struct zcb_mapped *zcb_mapped; -- unsigned int res = 0; -+ int res = 0; - - qb_list_for_each_safe(list, tmp_iter, &(cpd->zcb_mapped_list_head)) { - zcb_mapped = qb_list_entry (list, struct zcb_mapped, list); --- -2.25.1 - -From 6c06a8306aa0548d8614c7482044a33357e9cd52 Mon Sep 17 00:00:00 2001 -From: Jan Friesse -Date: Mon, 21 Jul 2025 10:25:57 +0200 -Subject: [PATCH 02/12] logsys: Fix signedness of get_unblocked - -_logsys_config_subsys_get_unlocked returns signed int so use it for -iterator. - -Also correctly use signed int for result in _logsys_config_subsys_get -function. - -Signed-off-by: Jan Friesse -Reviewed-by: Christine Caulfield ---- - exec/logsys.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/exec/logsys.c b/exec/logsys.c -index 30a4ee60..da64b0b9 100644 ---- a/exec/logsys.c -+++ b/exec/logsys.c -@@ -122,7 +122,7 @@ static int logsys_blackbox_enabled = 1; - - static int _logsys_config_subsys_get_unlocked (const char *subsys) - { -- unsigned int i; -+ int i; - - if (!subsys) { - return LOGSYS_MAX_SUBSYS_COUNT; -@@ -468,7 +468,7 @@ int _logsys_subsys_create (const char *subsys, const char *filename) - - int _logsys_config_subsys_get (const char *subsys) - { -- unsigned int i; -+ int i; - - pthread_mutex_lock (&logsys_config_mutex); - --- -2.25.1 - -From e76a9c71fa64620d7c416f0083d12ef66a741194 Mon Sep 17 00:00:00 2001 -From: Jan Friesse -Date: Mon, 21 Jul 2025 10:32:14 +0200 -Subject: [PATCH 03/12] totempg: Fix signedness for result of mcast_msg - -... and totemsrp_callback_token_create. - -Signed-off-by: Jan Friesse -Reviewed-by: Christine Caulfield ---- - exec/totempg.c | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/exec/totempg.c b/exec/totempg.c -index c30c0775..26051d28 100644 ---- a/exec/totempg.c -+++ b/exec/totempg.c -@@ -1103,7 +1103,7 @@ int totempg_callback_token_create ( - int (*callback_fn) (enum totem_callback_token_type type, const void *), - const void *data) - { -- unsigned int res; -+ int res; - if (totempg_threaded_mode == 1) { - pthread_mutex_lock (&callback_token_mutex); - } -@@ -1239,7 +1239,7 @@ int totempg_groups_mcast_joined ( - unsigned short group_len[MAX_GROUPS_PER_MSG + 1]; - struct iovec iovec_mcast[MAX_GROUPS_PER_MSG + 1 + MAX_IOVECS_FROM_APP]; - int i; -- unsigned int res; -+ int res; - - if (totempg_threaded_mode == 1) { - pthread_mutex_lock (&totempg_mutex); -@@ -1368,7 +1368,7 @@ int totempg_groups_mcast_groups ( - unsigned short group_len[MAX_GROUPS_PER_MSG + 1]; - struct iovec iovec_mcast[MAX_GROUPS_PER_MSG + 1 + MAX_IOVECS_FROM_APP]; - int i; -- unsigned int res; -+ int res; - - if (totempg_threaded_mode == 1) { - pthread_mutex_lock (&totempg_mutex); --- -2.25.1 - -From 79f43112310d9520fde0ac531aa78291e5989020 Mon Sep 17 00:00:00 2001 -From: Jan Friesse -Date: Mon, 21 Jul 2025 12:01:11 +0200 -Subject: [PATCH 04/12] cpg: Don't call cpg_deliver_fn if unset - -Use same behavior for both fragmented and unfragmented messages. - -Signed-off-by: Jan Friesse -Reviewed-by: Christine Caulfield ---- - lib/cpg.c | 14 ++++++++------ - 1 file changed, 8 insertions(+), 6 deletions(-) - -diff --git a/lib/cpg.c b/lib/cpg.c -index b41f31de..b803658a 100644 ---- a/lib/cpg.c -+++ b/lib/cpg.c -@@ -527,12 +527,14 @@ cs_error_t cpg_dispatch ( - assembly_data->assembly_buf_ptr += res_cpg_partial_deliver_callback->fraglen; - - if (res_cpg_partial_deliver_callback->type == LIBCPG_PARTIAL_LAST) { -- cpg_inst_copy.model_v1_data.cpg_deliver_fn (handle, -- &group_name, -- res_cpg_partial_deliver_callback->nodeid, -- res_cpg_partial_deliver_callback->pid, -- assembly_data->assembly_buf, -- res_cpg_partial_deliver_callback->msglen); -+ if (cpg_inst_copy.model_v1_data.cpg_deliver_fn != NULL) { -+ cpg_inst_copy.model_v1_data.cpg_deliver_fn (handle, -+ &group_name, -+ res_cpg_partial_deliver_callback->nodeid, -+ res_cpg_partial_deliver_callback->pid, -+ assembly_data->assembly_buf, -+ res_cpg_partial_deliver_callback->msglen); -+ } - - qb_list_del (&assembly_data->list); - free(assembly_data->assembly_buf); --- -2.25.1 - -From 3b284fba81e6d853bcfd59ae6bdfaf1e44e29053 Mon Sep 17 00:00:00 2001 -From: Jan Friesse -Date: Mon, 21 Jul 2025 17:04:40 +0200 -Subject: [PATCH 05/12] keygen: Enhance read random loop - -- Rewrite goto loop to while loop - this makes coverity error go away - and increase readability -- Properly report used random file (there was hardcoded /dev/random) -- Test read returning 0 (end of file) -- Enhance message with bits needed (unsigned and size_t) - -Signed-off-by: Jan Friesse -Reviewed-by: Christine Caulfield ---- - tools/corosync-keygen.c | 27 +++++++++++++++++---------- - 1 file changed, 17 insertions(+), 10 deletions(-) - -diff --git a/tools/corosync-keygen.c b/tools/corosync-keygen.c -index 243661a3..bf0b7773 100644 ---- a/tools/corosync-keygen.c -+++ b/tools/corosync-keygen.c -@@ -149,16 +149,23 @@ int main (int argc, char *argv[]) - */ - bytes_read = 0; - --retry_read: -- res = read (random_fd, &key[bytes_read], key_len - bytes_read); -- if (res == -1) { -- err (1, "Could not read /dev/random"); -- } -- bytes_read += res; -- if (bytes_read != key_len) { -- printf ("Press keys on your keyboard to generate entropy (%d bits still needed).\n", -- (int)((key_len - bytes_read) * 8)); -- goto retry_read; -+ while (bytes_read < key_len) { -+ res = read (random_fd, &key[bytes_read], key_len - bytes_read); -+ -+ if (res == -1) { -+ err (1, "Could not read %s", random_dev); -+ } -+ -+ if (res == 0) { -+ errx (1, "Unexpected end of %s", random_dev); -+ } -+ -+ bytes_read += res; -+ -+ if (bytes_read != key_len) { -+ printf ("Press keys on your keyboard to generate entropy (%zu bits still needed).\n", -+ (size_t)((key_len - bytes_read) * 8)); -+ } - } - close (random_fd); - --- -2.25.1 - -From 6c1ffc8aa8b8af0b3ee1c314d1fe69c4d76978af Mon Sep 17 00:00:00 2001 -From: Jan Friesse -Date: Tue, 22 Jul 2025 09:39:05 +0200 -Subject: [PATCH 06/12] coverity: Suppress weak_crypto errors - -None of random/rand is used in security context but they are reported by -coverity and makes debugging of real issues pretty hard. - -So this patch uses coverity specific comment to suppress these type -of errors. - -Signed-off-by: Jan Friesse -Reviewed-by: Christine Caulfield ---- - exec/totemsrp.c | 2 ++ - test/cpghum.c | 1 + - test/cpgverify.c | 1 + - test/stress_cpgzc.c | 1 + - 4 files changed, 5 insertions(+) - -diff --git a/exec/totemsrp.c b/exec/totemsrp.c -index 364528ce..35bf971d 100644 ---- a/exec/totemsrp.c -+++ b/exec/totemsrp.c -@@ -3374,6 +3374,7 @@ static void memb_join_message_send (struct totemsrp_instance *instance) - sizeof (struct srp_addr); - - if (instance->totem_config->send_join_timeout) { -+ // coverity[DC.WEAK_CRYPTO:SUPPRESS] random is not used in a security context - usleep (random() % (instance->totem_config->send_join_timeout * 1000)); - } - -@@ -3455,6 +3456,7 @@ static void memb_leave_message_send (struct totemsrp_instance *instance) - - - if (instance->totem_config->send_join_timeout) { -+ // coverity[DC.WEAK_CRYPTO:SUPPRESS] random is not used in a security context - usleep (random() % (instance->totem_config->send_join_timeout * 1000)); - } - instance->stats.memb_join_tx++; -diff --git a/test/cpghum.c b/test/cpghum.c -index fd1e388e..75acf947 100644 ---- a/test/cpghum.c -+++ b/test/cpghum.c -@@ -355,6 +355,7 @@ static void set_packet(int write_size, int counter) - - header->counter = counter; - for (i=0; i<(datalen/4); i++) { -+ // coverity[DC.WEAK_CRYPTO:SUPPRESS] rand is not used in a security context - dataint[i] = rand(); - } - crc = crc32(0, NULL, 0); -diff --git a/test/cpgverify.c b/test/cpgverify.c -index 6d72cfff..01e6fe95 100644 ---- a/test/cpgverify.c -+++ b/test/cpgverify.c -@@ -151,6 +151,7 @@ int main (int argc, char *argv[]) - */ - i = 0; - do { -+ // coverity[DC.WEAK_CRYPTO:SUPPRESS] rand is not used in a security context - msg.msg_size = 100 + rand() % 100000; - iov[1].iov_len = msg.msg_size; - for (j = 0; j < msg.msg_size; j++) { -diff --git a/test/stress_cpgzc.c b/test/stress_cpgzc.c -index ba9499b7..8ae74248 100644 ---- a/test/stress_cpgzc.c -+++ b/test/stress_cpgzc.c -@@ -107,6 +107,7 @@ int main (void) - - for (j = 0; j < ITERATIONS; j++) { - for (i = 0; i < ALLOCATIONS; i++) { -+ // coverity[DC.WEAK_CRYPTO:SUPPRESS] random is not used in a security context - buffer_lens[i] = (random() % MAX_SIZE) + 1; - res = cpg_zcb_alloc ( - handle, --- -2.25.1 - -From 4d601d186566c33644105cd76318da3ee7b847fe Mon Sep 17 00:00:00 2001 -From: Jan Friesse -Date: Tue, 22 Jul 2025 15:36:45 +0200 -Subject: [PATCH 07/12] totemconfig: Suppress coverity no_effect error - -Checking of value < 0 is really not needed for unsigned int but it -makes clear what values are used so add coverity specific comment -to suppress this error. - -Signed-off-by: Jan Friesse -Reviewed-by: Christine Caulfield ---- - exec/totemconfig.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/exec/totemconfig.c b/exec/totemconfig.c -index c9f0424a..cf05510d 100644 ---- a/exec/totemconfig.c -+++ b/exec/totemconfig.c -@@ -405,6 +405,7 @@ int totem_volatile_config_validate ( - goto parse_error; - } - -+ // coverity[NO_EFFECT:SUPPRESS] clarify bounds of token_warning values and defensive programming - if (totem_config->token_warning > 100 || totem_config->token_warning < 0) { - snprintf (local_error_reason, sizeof(local_error_reason), - "The token warning parameter (%d%%) must be between 0 (disabled) and 100.", --- -2.25.1 - -From 105a3538f0816b2f1dd8f8c67155830098e25eac Mon Sep 17 00:00:00 2001 -From: Jan Friesse -Date: Tue, 22 Jul 2025 16:09:51 +0200 -Subject: [PATCH 08/12] totemconfig: Suppress coverity unused_value errors - -All of unused_value error instances are actually example of good -defense programming style and removing them would make code worse and -less ready for future changes so add coverity specific comment -to suppress these errors. - -Signed-off-by: Jan Friesse -Reviewed-by: Christine Caulfield ---- - exec/totempg.c | 2 ++ - lib/cpg.c | 1 + - 2 files changed, 3 insertions(+) - -diff --git a/exec/totempg.c b/exec/totempg.c -index 26051d28..b3ef2ac4 100644 ---- a/exec/totempg.c -+++ b/exec/totempg.c -@@ -942,6 +942,7 @@ static int mcast_msg ( - fragment_size += copy_len; - mcast_packed_msg_lens[mcast_packed_msg_count] += copy_len; - next_fragment = 1; -+ // coverity[UNUSED_VALUE:SUPPRESS] defensive programming - copy_len = 0; - copy_base = 0; - i++; -@@ -1011,6 +1012,7 @@ static int mcast_msg ( - * If the iovec all fit, go to the next iovec - */ - if ((copy_base + copy_len) == iovec[i].iov_len) { -+ // coverity[UNUSED_VALUE:SUPPRESS] defensive programming - copy_len = 0; - copy_base = 0; - i++; -diff --git a/lib/cpg.c b/lib/cpg.c -index b803658a..9964934c 100644 ---- a/lib/cpg.c -+++ b/lib/cpg.c -@@ -499,6 +499,7 @@ cs_error_t cpg_dispatch ( - qb_list_del (&assembly_data->list); - free(assembly_data->assembly_buf); - free(assembly_data); -+ // coverity[UNUSED_VALUE:SUPPRESS] defensive programming - assembly_data = NULL; - } - --- -2.25.1 - -From 63ed602a7818a805c23aeb6b981b19d271bc8f16 Mon Sep 17 00:00:00 2001 -From: Jan Friesse -Date: Tue, 22 Jul 2025 17:31:47 +0200 -Subject: [PATCH 09/12] totempg: Suppress coverity sleep error - -Sleep while holding mutex is really not a problem because -corosync is single threaded and this part is shutdown sequence -so wait is ok. Add coverity specific comment -to suppress this error. - -Signed-off-by: Jan Friesse -Reviewed-by: Christine Caulfield ---- - exec/totempg.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/exec/totempg.c b/exec/totempg.c -index b3ef2ac4..ca16b3a4 100644 ---- a/exec/totempg.c -+++ b/exec/totempg.c -@@ -857,6 +857,7 @@ void totempg_finalize (void) - if (totempg_threaded_mode == 1) { - pthread_mutex_lock (&totempg_mutex); - } -+ // coverity[SLEEP:SUPPRESS] sleep is not a problem because it is shutdown - totemsrp_finalize (totemsrp_context); - if (totempg_threaded_mode == 1) { - pthread_mutex_unlock (&totempg_mutex); --- -2.25.1 - -From c80a9067226a8c133750b696fc4ffeede060fc6c Mon Sep 17 00:00:00 2001 -From: Jan Friesse -Date: Tue, 22 Jul 2025 18:19:27 +0200 -Subject: [PATCH 10/12] cpg: Add comment about potential resource leak - -A full fix for this leak is non-trivial due to a potential race -condition. Adding a detailed comment to document the issue so it is not -overlooked while a proper solution is developed. - -Signed-off-by: Jan Friesse -Reviewed-by: Christine Caulfield ---- - lib/cpg.c | 9 +++++++++ - 1 file changed, 9 insertions(+) - -diff --git a/lib/cpg.c b/lib/cpg.c -index 9964934c..85e9581c 100644 ---- a/lib/cpg.c -+++ b/lib/cpg.c -@@ -998,6 +998,15 @@ cs_error_t cpg_zcb_alloc ( - - error_exit: - hdb_handle_put (&cpg_handle_t_db, handle); -+ /* -+ * Coverity correctly reports an error here. We cannot safely munmap and unlink the file, because -+ * the timing of the failure is the key issue: if a failure occurs before the IPC reply, -+ * the file should be deleted. -+ * However, if the failure happens during the IPC reply, Corosync has already deleted the file. -+ * This means the cpg library could attempt to delete a non-existing file (not a problem) or, -+ * in a theoretical race condition, delete a new file created by another application. -+ * There are multiple possible solutions, but none of them are ready to be implemented yet. -+ */ - return (error); - } - --- -2.25.1 - -From 62f9dc54f87786bacd5009fcffb5604cf9f60d7c Mon Sep 17 00:00:00 2001 -From: Jan Friesse -Date: Wed, 23 Jul 2025 09:58:44 +0200 -Subject: [PATCH 11/12] coroparse: Suppress coverity toctou error - -TOCTOU issue really exists, but it's not a really problem. - -Solution would be to open file and then call fstat, but I don't think -it's really worth the trouble so rather add coverity specific comment -to suppress this error. - -Signed-off-by: Jan Friesse -Reviewed-by: Christine Caulfield ---- - exec/coroparse.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/exec/coroparse.c b/exec/coroparse.c -index 2d3e76c4..a48aaa83 100644 ---- a/exec/coroparse.c -+++ b/exec/coroparse.c -@@ -1753,6 +1753,7 @@ static int read_uidgid_files_into_icmap( - - goto error_exit; - } -+ // coverity[TOCTOU:SUPPRESS] not really problem - res = stat (filename, &stat_buf); - if (res == 0 && S_ISREG(stat_buf.st_mode)) { - --- -2.25.1 - -From 1e8c4974cbb4dd09351f2b9ac6bac6e8d48b6cb3 Mon Sep 17 00:00:00 2001 -From: Jan Friesse -Date: Thu, 24 Jul 2025 13:10:35 +0200 -Subject: [PATCH 12/12] logsys: Remove config mutex - -The logsys component is internal to Corosync and used only by the main -thread. Since Corosync is single-threaded, this mutex is needless -and is removed to avoid unnecessary performance overhead. - -Special thanks to Christine Caulfield for opening -this idea. - -Signed-off-by: Jan Friesse -Reviewed-by: Christine Caulfield ---- - exec/logsys.c | 38 -------------------------------------- - 1 file changed, 38 deletions(-) - -diff --git a/exec/logsys.c b/exec/logsys.c -index da64b0b9..072b4a67 100644 ---- a/exec/logsys.c -+++ b/exec/logsys.c -@@ -106,8 +106,6 @@ static int logsys_system_needs_init = LOGSYS_LOGGER_NEEDS_INIT; - - static struct logsys_logger logsys_loggers[LOGSYS_MAX_SUBSYS_COUNT + 1]; - --static pthread_mutex_t logsys_config_mutex = PTHREAD_MUTEX_INITIALIZER; -- - static int32_t _logsys_config_mode_set_unlocked(int32_t subsysid, uint32_t new_mode); - static void _logsys_config_apply_per_file(int32_t s, const char *filename); - static void _logsys_config_apply_per_subsys(int32_t s); -@@ -342,8 +340,6 @@ int _logsys_system_setup( - - i = LOGSYS_MAX_SUBSYS_COUNT; - -- pthread_mutex_lock (&logsys_config_mutex); -- - snprintf(logsys_loggers[i].subsys, - LOGSYS_MAX_SUBSYS_NAMELEN, - "%s", mainsystem); -@@ -379,8 +375,6 @@ int _logsys_system_setup( - qb_log_ctl(QB_LOG_BLACKBOX, QB_LOG_CONF_ENABLED, QB_FALSE); - - if (logsys_format_set(NULL) == -1) { -- pthread_mutex_unlock (&logsys_config_mutex); -- - return -1; - } - -@@ -404,8 +398,6 @@ int _logsys_system_setup( - } - } - -- pthread_mutex_unlock (&logsys_config_mutex); -- - return (0); - } - -@@ -441,12 +433,9 @@ int _logsys_subsys_create (const char *subsys, const char *filename) - return -1; - } - -- pthread_mutex_lock (&logsys_config_mutex); -- - i = _logsys_config_subsys_get_unlocked (subsys); - if ((i > -1) && (i < LOGSYS_MAX_SUBSYS_COUNT)) { - _logsys_subsys_filename_add(i, filename); -- pthread_mutex_unlock (&logsys_config_mutex); - return i; - } - -@@ -462,7 +451,6 @@ int _logsys_subsys_create (const char *subsys, const char *filename) - i = -1; - } - -- pthread_mutex_unlock (&logsys_config_mutex); - return i; - } - -@@ -470,12 +458,8 @@ int _logsys_config_subsys_get (const char *subsys) - { - int i; - -- pthread_mutex_lock (&logsys_config_mutex); -- - i = _logsys_config_subsys_get_unlocked (subsys); - -- pthread_mutex_unlock (&logsys_config_mutex); -- - return i; - } - -@@ -506,7 +490,6 @@ int logsys_config_mode_set (const char *subsys, unsigned int mode) - { - int i; - -- pthread_mutex_lock (&logsys_config_mutex); - if (subsys != NULL) { - i = _logsys_config_subsys_get_unlocked (subsys); - if (i >= 0) { -@@ -519,8 +502,6 @@ int logsys_config_mode_set (const char *subsys, unsigned int mode) - i = 0; - } - -- pthread_mutex_unlock (&logsys_config_mutex); -- - return i; - } - -@@ -544,8 +525,6 @@ int logsys_config_file_set ( - int i; - int res; - -- pthread_mutex_lock (&logsys_config_mutex); -- - if (subsys != NULL) { - i = _logsys_config_subsys_get_unlocked (subsys); - if (i < 0) { -@@ -562,7 +541,6 @@ int logsys_config_file_set ( - } - } - -- pthread_mutex_unlock (&logsys_config_mutex); - return res; - } - -@@ -667,7 +645,6 @@ int logsys_config_syslog_priority_set ( - { - int i; - -- pthread_mutex_lock (&logsys_config_mutex); - if (subsys != NULL) { - i = _logsys_config_subsys_get_unlocked (subsys); - if (i >= 0) { -@@ -683,7 +660,6 @@ int logsys_config_syslog_priority_set ( - } - i = 0; - } -- pthread_mutex_unlock (&logsys_config_mutex); - - return i; - } -@@ -694,7 +670,6 @@ int logsys_config_logfile_priority_set ( - { - int i; - -- pthread_mutex_lock (&logsys_config_mutex); - if (subsys != NULL) { - i = _logsys_config_subsys_get_unlocked (subsys); - if (i >= 0) { -@@ -709,7 +684,6 @@ int logsys_config_logfile_priority_set ( - } - i = 0; - } -- pthread_mutex_unlock (&logsys_config_mutex); - - return i; - } -@@ -810,12 +784,10 @@ extern int logsys_config_debug_get ( - int i; - - if (subsys != NULL) { -- pthread_mutex_lock (&logsys_config_mutex); - i = _logsys_config_subsys_get_unlocked (subsys); - if (i >= 0) { - debug_level = logsys_loggers[i].debug; - } -- pthread_mutex_unlock (&logsys_config_mutex); - } - return debug_level; - } -@@ -826,7 +798,6 @@ int logsys_config_debug_set ( - { - int i; - -- pthread_mutex_lock (&logsys_config_mutex); - if (subsys != NULL) { - i = _logsys_config_subsys_get_unlocked (subsys); - if (i >= 0) { -@@ -841,7 +812,6 @@ int logsys_config_debug_set ( - } - i = 0; - } -- pthread_mutex_unlock (&logsys_config_mutex); - - return i; - } -@@ -883,11 +853,7 @@ int logsys_thread_start (void) - void logsys_blackbox_set(int enable) - { - -- pthread_mutex_lock (&logsys_config_mutex); -- - logsys_blackbox_enabled = enable; -- -- pthread_mutex_unlock (&logsys_config_mutex); - } - - /* -@@ -917,8 +883,6 @@ cs_error_t logsys_reopen_log_files(void) - - res = CS_OK; - -- pthread_mutex_lock (&logsys_config_mutex); -- - for (i = 0; i <= LOGSYS_MAX_SUBSYS_COUNT; i++) { - if (logsys_loggers[i].target_id <= 0 || logsys_loggers[i].logfile == NULL) { - continue ; -@@ -942,8 +906,6 @@ cs_error_t logsys_reopen_log_files(void) - } - } - } -- -- pthread_mutex_unlock (&logsys_config_mutex); - #else - res = CS_ERR_NOT_SUPPORTED; - #endif --- -2.25.1 - diff --git a/backport-Fix-stack-buffer-overflow-in-remove_whitespace.patch b/backport-Fix-stack-buffer-overflow-in-remove_whitespace.patch deleted file mode 100644 index 571eae9cf4faec05287717e5056580f52a3e517e..0000000000000000000000000000000000000000 --- a/backport-Fix-stack-buffer-overflow-in-remove_whitespace.patch +++ /dev/null @@ -1,28 +0,0 @@ -From 6cc3a242e167d3705a81ba704276533fe1390c79 Mon Sep 17 00:00:00 2001 -From: vikk777 -Date: Wed, 16 Apr 2025 12:27:44 +0300 -Subject: [PATCH] Fix stack buffer overflow in remove_whitespace() - -Signed-off-by: vikk777 -Reviewed-by: Jan Friesse ---- - exec/coroparse.c | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/exec/coroparse.c b/exec/coroparse.c -index b017aca9..6f4adf87 100644 ---- a/exec/coroparse.c -+++ b/exec/coroparse.c -@@ -271,6 +271,9 @@ static char *remove_whitespace(char *string, int remove_colon_and_brace) - char *end; - - start = string; -+ if (*start == '\0') -+ return start; -+ - while (*start == ' ' || *start == '\t' || (unsigned char)*start == 0xA0) - start++; - --- -2.25.1 - diff --git a/backport-coroparse-enhancements.patch b/backport-coroparse-enhancements.patch deleted file mode 100644 index eb2b68a531beed592ead102f5cb8166ee5bcc1e7..0000000000000000000000000000000000000000 --- a/backport-coroparse-enhancements.patch +++ /dev/null @@ -1,1029 +0,0 @@ -From ff1039960a7dae2985b4ba682c5b62440ed88dec Mon Sep 17 00:00:00 2001 -From: Jan Friesse -Date: Thu, 24 Apr 2025 17:01:06 +0200 -Subject: [PATCH 01/13] coroparse: Check emptiness of key name - -Signed-off-by: Jan Friesse -Reviewed-by: Christine Caulfield ---- - exec/coroparse.c | 5 +++++ - 1 file changed, 5 insertions(+) - -diff --git a/exec/coroparse.c b/exec/coroparse.c -index 6f4adf87..d4738b73 100644 ---- a/exec/coroparse.c -+++ b/exec/coroparse.c -@@ -411,6 +411,11 @@ static int parse_section(FILE *fp, - key = remove_whitespace(line, 1); - value = remove_whitespace(loc, 0); - -+ if (strlen(key) == 0) { -+ tmp_error_string = "Key name can't be empty"; -+ goto parse_error; -+ } -+ - if (strlen(path) + strlen(key) + 1 >= ICMAP_KEYNAME_MAXLEN) { - tmp_error_string = "New key makes total cmap path too long"; - goto parse_error; --- -2.25.1 - -From d2983df7ec2c27a70cb070507a23303f67a60504 Mon Sep 17 00:00:00 2001 -From: Jan Friesse -Date: Thu, 24 Apr 2025 16:32:43 +0200 -Subject: [PATCH 02/13] coroparse: Mark path in parse_section as const - -It's expected parse_secion doesn't change path. - -Signed-off-by: Jan Friesse -Reviewed-by: Christine Caulfield ---- - exec/coroparse.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/exec/coroparse.c b/exec/coroparse.c -index d4738b73..feb5bfce 100644 ---- a/exec/coroparse.c -+++ b/exec/coroparse.c -@@ -291,7 +291,7 @@ static char *remove_whitespace(char *string, int remove_colon_and_brace) - static int parse_section(FILE *fp, - const char *fname, - int *line_no, -- char *path, -+ const char *path, - const char **error_string, - int depth, - enum main_cp_cb_data_state state, --- -2.25.1 - -From 68c8086ada2a05b7961b1dc82621410b3b941c6a Mon Sep 17 00:00:00 2001 -From: Jan Friesse -Date: Thu, 24 Apr 2025 16:54:00 +0200 -Subject: [PATCH 03/13] coroparse: Remove unused code - -Setting state for RESOURCES end of section is not needed because -of aab55a004bb12ebe78db341dc56759dfe710c1b2. - -Signed-off-by: Jan Friesse -Reviewed-by: Christine Caulfield ---- - exec/coroparse.c | 10 ---------- - 1 file changed, 10 deletions(-) - -diff --git a/exec/coroparse.c b/exec/coroparse.c -index feb5bfce..966f43c7 100644 ---- a/exec/coroparse.c -+++ b/exec/coroparse.c -@@ -1460,21 +1460,11 @@ static int main_config_parser_cb(const char *path, - case MAIN_CP_CB_DATA_STATE_NODELIST: - case MAIN_CP_CB_DATA_STATE_TOTEM: - case MAIN_CP_CB_DATA_STATE_SYSTEM: -- break; - case MAIN_CP_CB_DATA_STATE_RESOURCES: -- *state = MAIN_CP_CB_DATA_STATE_NORMAL; -- break; - case MAIN_CP_CB_DATA_STATE_RESOURCES_SYSTEM: -- *state = MAIN_CP_CB_DATA_STATE_RESOURCES; -- break; - case MAIN_CP_CB_DATA_STATE_RESOURCES_SYSTEM_MEMUSED: -- *state = MAIN_CP_CB_DATA_STATE_RESOURCES_SYSTEM; -- break; - case MAIN_CP_CB_DATA_STATE_RESOURCES_PROCESS: -- *state = MAIN_CP_CB_DATA_STATE_RESOURCES; -- break; - case MAIN_CP_CB_DATA_STATE_RESOURCES_PROCESS_MEMUSED: -- *state = MAIN_CP_CB_DATA_STATE_RESOURCES_PROCESS; - break; - } - break; --- -2.25.1 - -From da5833e32eea51a0be6fff31e4238c6ad6378f2a Mon Sep 17 00:00:00 2001 -From: Jan Friesse -Date: Thu, 24 Apr 2025 16:33:40 +0200 -Subject: [PATCH 04/13] coroparse: Handle end of special sections - -Special sections totem.interface, logging.logger_subsys, -logging.logging_daemon and nodelist.node executes extra code on end of -section. Previously, any end of section triggered handling, including -subsection one. - -So for example config like: -``` -nodelist { - node { - name: node1 - subs { - key: val - } - } - - node { - name: node2 - ... -``` - -result in node_number increased twice (once for end of "subs" section -and second time for end of "node" section) so node2 got number 2 instead -of 1. - -Same was happening for all other special sections and may result in -crash as reported by vikk777 in -issues #783 and #784. - -Solution is to execute extra code only for real end of section and not -for subsection. - -This patch fixes only main problem but it creates keys without -subsection name what is not optimal. - -Signed-off-by: Jan Friesse -Reviewed-by: Christine Caulfield ---- - exec/coroparse.c | 28 ++++++++++++++++++++++++++++ - 1 file changed, 28 insertions(+) - -diff --git a/exec/coroparse.c b/exec/coroparse.c -index 966f43c7..a3286b81 100644 ---- a/exec/coroparse.c -+++ b/exec/coroparse.c -@@ -1206,6 +1206,13 @@ static int main_config_parser_cb(const char *path, - case PARSER_CB_SECTION_END: - switch (*state) { - case MAIN_CP_CB_DATA_STATE_INTERFACE: -+ if (strcmp(path, "totem.interface") != 0) { -+ /* -+ * Process only end of totem.interface section, not subsections -+ */ -+ break; -+ } -+ - /* - * Create new interface section - */ -@@ -1336,6 +1343,13 @@ static int main_config_parser_cb(const char *path, - - break; - case MAIN_CP_CB_DATA_STATE_LOGGER_SUBSYS: -+ if (strcmp(path, "logging.logger_subsys") != 0) { -+ /* -+ * Process only end of logging.logger_subsys section, not subsections -+ */ -+ break; -+ } -+ - if (data->subsys == NULL) { - *error_string = "No subsys key in logger_subsys directive"; - -@@ -1369,6 +1383,13 @@ static int main_config_parser_cb(const char *path, - } - break; - case MAIN_CP_CB_DATA_STATE_LOGGING_DAEMON: -+ if (strcmp(path, "logging.logging_daemon") != 0) { -+ /* -+ * Process only end of logging.logging_daemon section, not subsections -+ */ -+ break; -+ } -+ - if (data->logging_daemon_name == NULL) { - *error_string = "No name key in logging_daemon directive"; - -@@ -1449,6 +1470,13 @@ static int main_config_parser_cb(const char *path, - } - break; - case MAIN_CP_CB_DATA_STATE_NODELIST_NODE: -+ if (strcmp(path, "nodelist.node") != 0) { -+ /* -+ * Process only end of nodelist.node section, not subsections -+ */ -+ break; -+ } -+ - data->node_number++; - break; - case MAIN_CP_CB_DATA_STATE_NORMAL: --- -2.25.1 - -From ee8f6e02a14b6e23718e98820e0f9de77f4370d2 Mon Sep 17 00:00:00 2001 -From: Jan Friesse -Date: Thu, 24 Apr 2025 18:29:46 +0200 -Subject: [PATCH 05/13] coroparse: Store subsections of logger_subsys - -Store full path instead of just key name. - -Signed-off-by: Jan Friesse -Reviewed-by: Christine Caulfield ---- - exec/coroparse.c | 13 +++++++++++-- - 1 file changed, 11 insertions(+), 2 deletions(-) - -diff --git a/exec/coroparse.c b/exec/coroparse.c -index a3286b81..d5f58435 100644 ---- a/exec/coroparse.c -+++ b/exec/coroparse.c -@@ -608,6 +608,7 @@ static int main_config_parser_cb(const char *path, - struct qb_list_head *iter, *tmp_iter; - int uid, gid; - cs_error_t cs_err; -+ const char *path_prefix; - - cs_err = CS_OK; - -@@ -940,7 +941,7 @@ static int main_config_parser_cb(const char *path, - } - break; - case MAIN_CP_CB_DATA_STATE_LOGGER_SUBSYS: -- if (strcmp(key, "subsys") == 0) { -+ if (strcmp(path, "logging.logger_subsys.subsys") == 0) { - data->subsys = strdup(value); - if (data->subsys == NULL) { - *error_string = "Can't alloc memory"; -@@ -948,6 +949,14 @@ static int main_config_parser_cb(const char *path, - return (0); - } - } else { -+ path_prefix = "logging.logger_subsys."; -+ if (strlen(path) < strlen(path_prefix) || -+ strncmp(path, path_prefix, strlen(path_prefix)) != 0) { -+ *error_string = "Internal error - incorrect path prefix for logger subsys state"; -+ -+ return (0); -+ } -+ - kv_item = malloc(sizeof(*kv_item)); - if (kv_item == NULL) { - *error_string = "Can't alloc memory"; -@@ -956,7 +965,7 @@ static int main_config_parser_cb(const char *path, - } - memset(kv_item, 0, sizeof(*kv_item)); - -- kv_item->key = strdup(key); -+ kv_item->key = strdup(path + strlen(path_prefix)); - kv_item->value = strdup(value); - if (kv_item->key == NULL || kv_item->value == NULL) { - free(kv_item->key); --- -2.25.1 - -From e40a570f52482297ff4f4e4187b6144f19a146aa Mon Sep 17 00:00:00 2001 -From: Jan Friesse -Date: Thu, 24 Apr 2025 18:30:37 +0200 -Subject: [PATCH 06/13] coroparse: Store subsections of logging_daemon - -Store full path instead of just key name. - -Signed-off-by: Jan Friesse -Reviewed-by: Christine Caulfield ---- - exec/coroparse.c | 14 +++++++++++--- - 1 file changed, 11 insertions(+), 3 deletions(-) - -diff --git a/exec/coroparse.c b/exec/coroparse.c -index d5f58435..934660de 100644 ---- a/exec/coroparse.c -+++ b/exec/coroparse.c -@@ -981,14 +981,14 @@ static int main_config_parser_cb(const char *path, - add_as_string = 0; - break; - case MAIN_CP_CB_DATA_STATE_LOGGING_DAEMON: -- if (strcmp(key, "subsys") == 0) { -+ if (strcmp(path, "logging.logging_daemon.subsys") == 0) { - data->subsys = strdup(value); - if (data->subsys == NULL) { - *error_string = "Can't alloc memory"; - - return (0); - } -- } else if (strcmp(key, "name") == 0) { -+ } else if (strcmp(path, "logging.logging_daemon.name") == 0) { - data->logging_daemon_name = strdup(value); - if (data->logging_daemon_name == NULL) { - *error_string = "Can't alloc memory"; -@@ -996,6 +996,14 @@ static int main_config_parser_cb(const char *path, - return (0); - } - } else { -+ path_prefix = "logging.logging_daemon."; -+ if (strlen(path) < strlen(path_prefix) || -+ strncmp(path, path_prefix, strlen(path_prefix)) != 0) { -+ *error_string = "Internal error - incorrect path prefix for logging daemon state"; -+ -+ return (0); -+ } -+ - kv_item = malloc(sizeof(*kv_item)); - if (kv_item == NULL) { - *error_string = "Can't alloc memory"; -@@ -1004,7 +1012,7 @@ static int main_config_parser_cb(const char *path, - } - memset(kv_item, 0, sizeof(*kv_item)); - -- kv_item->key = strdup(key); -+ kv_item->key = strdup(path + strlen(path_prefix)); - kv_item->value = strdup(value); - if (kv_item->key == NULL || kv_item->value == NULL) { - free(kv_item->key); --- -2.25.1 - -From a14311a5a4ce7249351fcc042b7435ee1b69caa4 Mon Sep 17 00:00:00 2001 -From: Jan Friesse -Date: Fri, 25 Apr 2025 08:55:24 +0200 -Subject: [PATCH 07/13] coroparse: Don't allow sections within uidgid - -Unify behavior with uidgid files and solve problem with incorrect prefix -if subsections were used. - -Signed-off-by: Jan Friesse -Reviewed-by: Christine Caulfield ---- - exec/coroparse.c | 10 ++++++++-- - 1 file changed, 8 insertions(+), 2 deletions(-) - -diff --git a/exec/coroparse.c b/exec/coroparse.c -index 934660de..3ee5266c 100644 ---- a/exec/coroparse.c -+++ b/exec/coroparse.c -@@ -1028,7 +1028,7 @@ static int main_config_parser_cb(const char *path, - add_as_string = 0; - break; - case MAIN_CP_CB_DATA_STATE_UIDGID: -- if (strcmp(key, "uid") == 0) { -+ if (strcmp(path, "uidgid.uid") == 0) { - uid = uid_determine(value); - if (uid == -1) { - *error_string = error_string_response; -@@ -1040,7 +1040,7 @@ static int main_config_parser_cb(const char *path, - goto icmap_set_error; - } - add_as_string = 0; -- } else if (strcmp(key, "gid") == 0) { -+ } else if (strcmp(path, "uidgid.gid") == 0) { - gid = gid_determine(value); - if (gid == -1) { - *error_string = error_string_response; -@@ -1219,6 +1219,12 @@ static int main_config_parser_cb(const char *path, - if (strcmp(path, "resources.process.memory_used") == 0) { - *state = MAIN_CP_CB_DATA_STATE_RESOURCES_PROCESS_MEMUSED; - } -+ -+ if (*state == MAIN_CP_CB_DATA_STATE_UIDGID && strcmp(path, "uidgid") != 0) { -+ *error_string = "Subsections are not allowed within uidgid section"; -+ -+ return (0); -+ }; - break; - case PARSER_CB_SECTION_END: - switch (*state) { --- -2.25.1 - -From 8100d953e05a52b7d98ff6ad99a5b02d0ae6fcb9 Mon Sep 17 00:00:00 2001 -From: Jan Friesse -Date: Fri, 25 Apr 2025 09:01:31 +0200 -Subject: [PATCH 08/13] coroparse: Don't allow sections within member - -Solve problem with incorrect prefix if subsections were used. - -Signed-off-by: Jan Friesse -Reviewed-by: Christine Caulfield ---- - exec/coroparse.c | 8 +++++++- - 1 file changed, 7 insertions(+), 1 deletion(-) - -diff --git a/exec/coroparse.c b/exec/coroparse.c -index 3ee5266c..a385ce0a 100644 ---- a/exec/coroparse.c -+++ b/exec/coroparse.c -@@ -1058,7 +1058,7 @@ static int main_config_parser_cb(const char *path, - } - break; - case MAIN_CP_CB_DATA_STATE_MEMBER: -- if (strcmp(key, "memberaddr") != 0) { -+ if (strcmp(path, "totem.interface.member.memberaddr") != 0) { - *error_string = "Only memberaddr is allowed in member section"; - - return (0); -@@ -1225,6 +1225,12 @@ static int main_config_parser_cb(const char *path, - - return (0); - }; -+ -+ if (*state == MAIN_CP_CB_DATA_STATE_MEMBER && strcmp(path, "totem.interface.member") != 0) { -+ *error_string = "Subsections are not allowed within totem.interface.member section"; -+ -+ return (0); -+ }; - break; - case PARSER_CB_SECTION_END: - switch (*state) { --- -2.25.1 - -From 62cbfb3d6d813804dee35c4afc5dbf693ef3fdf9 Mon Sep 17 00:00:00 2001 -From: Jan Friesse -Date: Fri, 25 Apr 2025 09:25:31 +0200 -Subject: [PATCH 09/13] coroparse: Store key with prefix for nodelist.node - -Config file like: -``` -nodelist { - node { - nodeid: 1 - subsection { - nodeid: 2 - } - } -... -``` -was parsed incorrectly and subsection nodeid (2) was used instead of -node section nodeid (1). - -Solution is to properly check key path instead of just key name and -use key path - "nodelist.node." prefix as new key name. - -Signed-off-by: Jan Friesse -Reviewed-by: Christine Caulfield ---- - exec/coroparse.c | 15 ++++++++++++--- - 1 file changed, 12 insertions(+), 3 deletions(-) - -diff --git a/exec/coroparse.c b/exec/coroparse.c -index a385ce0a..96b4f9bd 100644 ---- a/exec/coroparse.c -+++ b/exec/coroparse.c -@@ -1089,9 +1089,18 @@ static int main_config_parser_cb(const char *path, - case MAIN_CP_CB_DATA_STATE_NODELIST: - break; - case MAIN_CP_CB_DATA_STATE_NODELIST_NODE: -- snprintf(key_name, ICMAP_KEYNAME_MAXLEN, "nodelist.node.%u.%s", data->node_number, key); -- if ((strcmp(key, "nodeid") == 0) || -- (strcmp(key, "quorum_votes") == 0)) { -+ path_prefix = "nodelist.node."; -+ if (strlen(path) < strlen(path_prefix) || -+ strncmp(path, path_prefix, strlen(path_prefix)) != 0) { -+ *error_string = "Internal error - incorrect path prefix for nodelist node state"; -+ -+ return (0); -+ } -+ -+ snprintf(key_name, ICMAP_KEYNAME_MAXLEN, "nodelist.node.%u.%s", data->node_number, -+ path + strlen(path_prefix)); -+ if ((strcmp(path, "nodelist.node.nodeid") == 0) || -+ (strcmp(path, "nodelist.node.quorum_votes") == 0)) { - val_type = ICMAP_VALUETYPE_UINT32; - if (safe_atoq(value, &val, val_type) != 0) { - goto atoi_error; --- -2.25.1 - -From efb3bc2b06a180f22650bc30515670b6ec1a7d08 Mon Sep 17 00:00:00 2001 -From: Jan Friesse -Date: Fri, 25 Apr 2025 10:24:41 +0200 -Subject: [PATCH 10/13] coroparse: Fix memory leaks - -Previously, when parsing error happened, parser callback data were not -freed. This was not a big problem when reload was not implemented, but -it might be problem with reload. - -Solution is to add new callback type PARSER_CB_CLEANUP which is called -either on error or end of parsing if there is no error. Callback is -responsible for cleaning all allocated memory. - -To make such callback work reliably, all variables must be set to NULL -on cleanup (example is data->subsys) and linked list must be -reinitialized. - -Another source of possible leak is strdup of some keys in -(like totem.interface.bindnetaddr, but there is -more similar examples) without previously freeing it. -This is problem if bindnetaddr is defined multiple times. - -Signed-off-by: Jan Friesse -Reviewed-by: Christine Caulfield ---- - exec/coroparse.c | 50 ++++++++++++++++++++++++++++++++++++++++++++---- - 1 file changed, 46 insertions(+), 4 deletions(-) - -diff --git a/exec/coroparse.c b/exec/coroparse.c -index 96b4f9bd..fafec606 100644 ---- a/exec/coroparse.c -+++ b/exec/coroparse.c -@@ -70,6 +70,7 @@ enum parser_cb_type { - PARSER_CB_SECTION_START, - PARSER_CB_SECTION_END, - PARSER_CB_ITEM, -+ PARSER_CB_CLEANUP, - }; - - enum main_cp_cb_data_state { -@@ -471,6 +472,7 @@ static int parse_section(FILE *fp, - - if (strcmp(path, "") == 0) { - parser_cb("", NULL, NULL, &state, PARSER_CB_END, error_string, config_map, user_data); -+ parser_cb("", NULL, NULL, &state, PARSER_CB_CLEANUP, error_string, config_map, user_data); - } - - return 0; -@@ -483,6 +485,8 @@ parse_error: - *error_string = formated_err; - } - -+ parser_cb("", NULL, NULL, &state, PARSER_CB_CLEANUP, error_string, config_map, user_data); -+ - return -1; - } - -@@ -637,6 +641,31 @@ static int main_config_parser_cb(const char *path, - break; - case PARSER_CB_END: - break; -+ case PARSER_CB_CLEANUP: -+ free(data->bindnetaddr); -+ free(data->mcastaddr); -+ free(data->broadcast); -+ free(data->knet_transport); -+ -+ qb_list_for_each_safe(iter, tmp_iter, &(data->logger_subsys_items_head)) { -+ kv_item = qb_list_entry(iter, struct key_value_list_item, list); -+ -+ free(kv_item->value); -+ free(kv_item->key); -+ free(kv_item); -+ } -+ -+ free(data->subsys); -+ free(data->logging_daemon_name); -+ -+ qb_list_for_each_safe(iter, tmp_iter, &(data->member_items_head)) { -+ kv_item = qb_list_entry(iter, struct key_value_list_item, list); -+ -+ free(kv_item->value); -+ free(kv_item->key); -+ free(kv_item); -+ } -+ break; - case PARSER_CB_ITEM: - add_as_string = 1; - -@@ -867,14 +896,17 @@ static int main_config_parser_cb(const char *path, - add_as_string = 0; - } - if (strcmp(path, "totem.interface.bindnetaddr") == 0) { -+ free(data->bindnetaddr); - data->bindnetaddr = strdup(value); - add_as_string = 0; - } - if (strcmp(path, "totem.interface.mcastaddr") == 0) { -+ free(data->mcastaddr); - data->mcastaddr = strdup(value); - add_as_string = 0; - } - if (strcmp(path, "totem.interface.broadcast") == 0) { -+ free(data->broadcast); - data->broadcast = strdup(value); - add_as_string = 0; - } -@@ -935,13 +967,14 @@ static int main_config_parser_cb(const char *path, - add_as_string = 0; - } - if (strcmp(path, "totem.interface.knet_transport") == 0) { -- val_type = ICMAP_VALUETYPE_STRING; -+ free(data->knet_transport); - data->knet_transport = strdup(value); - add_as_string = 0; - } - break; - case MAIN_CP_CB_DATA_STATE_LOGGER_SUBSYS: - if (strcmp(path, "logging.logger_subsys.subsys") == 0) { -+ free(data->subsys); - data->subsys = strdup(value); - if (data->subsys == NULL) { - *error_string = "Can't alloc memory"; -@@ -982,6 +1015,7 @@ static int main_config_parser_cb(const char *path, - break; - case MAIN_CP_CB_DATA_STATE_LOGGING_DAEMON: - if (strcmp(path, "logging.logging_daemon.subsys") == 0) { -+ free(data->subsys); - data->subsys = strdup(value); - if (data->subsys == NULL) { - *error_string = "Can't alloc memory"; -@@ -989,6 +1023,7 @@ static int main_config_parser_cb(const char *path, - return (0); - } - } else if (strcmp(path, "logging.logging_daemon.name") == 0) { -+ free(data->logging_daemon_name); - data->logging_daemon_name = strdup(value); - if (data->logging_daemon_name == NULL) { - *error_string = "Can't alloc memory"; -@@ -1354,6 +1389,7 @@ static int main_config_parser_cb(const char *path, - data->linknumber); - cs_err = icmap_set_string_r(config_map, key_name, data->knet_transport); - free(data->knet_transport); -+ data->knet_transport = NULL; - - if (cs_err != CS_OK) { - goto icmap_set_error; -@@ -1379,6 +1415,8 @@ static int main_config_parser_cb(const char *path, - } - } - -+ qb_list_init(&data->member_items_head); -+ - break; - case MAIN_CP_CB_DATA_STATE_LOGGER_SUBSYS: - if (strcmp(path, "logging.logger_subsys") != 0) { -@@ -1414,7 +1452,9 @@ static int main_config_parser_cb(const char *path, - data->subsys); - cs_err = icmap_set_string_r(config_map, key_name, data->subsys); - -+ qb_list_init(&data->logger_subsys_items_head); - free(data->subsys); -+ data->subsys = NULL; - - if (cs_err != CS_OK) { - goto icmap_set_error; -@@ -1489,9 +1529,6 @@ static int main_config_parser_cb(const char *path, - cs_err = icmap_set_string_r(config_map, key_name, data->subsys); - - if (cs_err != CS_OK) { -- free(data->subsys); -- free(data->logging_daemon_name); -- - goto icmap_set_error; - } - snprintf(key_name, ICMAP_KEYNAME_MAXLEN, "logging.logging_daemon.%s.%s.name", -@@ -1500,8 +1537,11 @@ static int main_config_parser_cb(const char *path, - } - } - -+ qb_list_init(&data->logger_subsys_items_head); - free(data->subsys); -+ data->subsys = NULL; - free(data->logging_daemon_name); -+ data->logging_daemon_name = NULL; - - if (cs_err != CS_OK) { - goto icmap_set_error; -@@ -1587,6 +1627,8 @@ static int uidgid_config_parser_cb(const char *path, - break; - case PARSER_CB_END: - break; -+ case PARSER_CB_CLEANUP: -+ break; - case PARSER_CB_ITEM: - if (strcmp(path, "uidgid.uid") == 0) { - uid = uid_determine(value); --- -2.25.1 - -From 10cf367e9fd6152f98a7471f0882871d2041efab Mon Sep 17 00:00:00 2001 -From: Jan Friesse -Date: Fri, 25 Apr 2025 13:17:15 +0200 -Subject: [PATCH 11/13] coroparse: Initialize logger_subsys_items_head - -Using memset is not a valid initialization method for list so use -qb_list_init. - -Big thanks for vikk777 for test and -reporting the problem. - -Signed-off-by: Jan Friesse -Reviewed-by: Christine Caulfield ---- - exec/coroparse.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/exec/coroparse.c b/exec/coroparse.c -index fafec606..76f86c55 100644 ---- a/exec/coroparse.c -+++ b/exec/coroparse.c -@@ -637,6 +637,8 @@ static int main_config_parser_cb(const char *path, - switch (type) { - case PARSER_CB_START: - memset(data, 0, sizeof(struct main_cp_cb_data)); -+ qb_list_init(&data->logger_subsys_items_head); -+ qb_list_init(&data->member_items_head); - *state = MAIN_CP_CB_DATA_STATE_NORMAL; - break; - case PARSER_CB_END: --- -2.25.1 - -From e321d1b233ce1a57063da7e3dad94a0b2de1842e Mon Sep 17 00:00:00 2001 -From: Jan Friesse -Date: Fri, 25 Apr 2025 15:48:54 +0200 -Subject: [PATCH 12/13] coroparse: Remove kv_items from list - -qb_list_init is called only on successful list traversal and without -removing successfully processed items cleanup access them again -resulting in use-after-free error. - -Signed-off-by: Jan Friesse -Reviewed-by: Christine Caulfield ---- - exec/coroparse.c | 5 +++++ - 1 file changed, 5 insertions(+) - -diff --git a/exec/coroparse.c b/exec/coroparse.c -index 76f86c55..0a1eaa2f 100644 ---- a/exec/coroparse.c -+++ b/exec/coroparse.c -@@ -651,6 +651,7 @@ static int main_config_parser_cb(const char *path, - - qb_list_for_each_safe(iter, tmp_iter, &(data->logger_subsys_items_head)) { - kv_item = qb_list_entry(iter, struct key_value_list_item, list); -+ qb_list_del(&kv_item->list); - - free(kv_item->value); - free(kv_item->key); -@@ -662,6 +663,7 @@ static int main_config_parser_cb(const char *path, - - qb_list_for_each_safe(iter, tmp_iter, &(data->member_items_head)) { - kv_item = qb_list_entry(iter, struct key_value_list_item, list); -+ qb_list_del(&kv_item->list); - - free(kv_item->value); - free(kv_item->key); -@@ -1402,6 +1404,7 @@ static int main_config_parser_cb(const char *path, - - qb_list_for_each_safe(iter, tmp_iter, &(data->member_items_head)) { - kv_item = qb_list_entry(iter, struct key_value_list_item, list); -+ qb_list_del(&kv_item->list); - - snprintf(key_name, ICMAP_KEYNAME_MAXLEN, "totem.interface.%u.member.%u", - data->linknumber, ii); -@@ -1436,6 +1439,7 @@ static int main_config_parser_cb(const char *path, - - qb_list_for_each_safe(iter, tmp_iter, &(data->logger_subsys_items_head)) { - kv_item = qb_list_entry(iter, struct key_value_list_item, list); -+ qb_list_del(&kv_item->list); - - snprintf(key_name, ICMAP_KEYNAME_MAXLEN, "logging.logger_subsys.%s.%s", - data->subsys, kv_item->key); -@@ -1478,6 +1482,7 @@ static int main_config_parser_cb(const char *path, - - qb_list_for_each_safe(iter, tmp_iter, &(data->logger_subsys_items_head)) { - kv_item = qb_list_entry(iter, struct key_value_list_item, list); -+ qb_list_del(&kv_item->list); - - if (data->subsys == NULL) { - if (strcmp(data->logging_daemon_name, "corosync") == 0) { --- -2.25.1 - -From 7e643af101ca881447a9ea5e4b5eb2d6787c5128 Mon Sep 17 00:00:00 2001 -From: Jan Friesse -Date: Fri, 25 Apr 2025 16:13:24 +0200 -Subject: [PATCH 13/13] coroparse: Implement handler for str_to_ull error - -Previously atoi_error handler was used for both safe_atoq and str_to_ull -errors. This is wrong, because str_to_ull doesn't define val_type so -safe_atoq_range assert either failed or error message contained invalid -integer ranges. - -Example of such file is -``` -totem { - version: 2 - config_version: c42 -... -``` - -which results in abort. - -Solution is to split safe_atoq and str_to_ull error handling, first one -displaying range and second one doesn't. - -Signed-off-by: Jan Friesse -Reviewed-by: Christine Caulfield ---- - exec/coroparse.c | 59 +++++++++++++++++++++++++++++++----------------- - 1 file changed, 38 insertions(+), 21 deletions(-) - -diff --git a/exec/coroparse.c b/exec/coroparse.c -index 0a1eaa2f..e90e9b80 100644 ---- a/exec/coroparse.c -+++ b/exec/coroparse.c -@@ -681,7 +681,7 @@ static int main_config_parser_cb(const char *path, - (strcmp(path, "pload.size") == 0)) { - val_type = ICMAP_VALUETYPE_UINT32; - if (safe_atoq(value, &val, val_type) != 0) { -- goto atoi_error; -+ goto safe_atoq_error; - } - if ((cs_err = icmap_set_uint32_r(config_map, path, val)) != CS_OK) { - goto icmap_set_error; -@@ -696,7 +696,7 @@ static int main_config_parser_cb(const char *path, - (strcmp(path, "quorum.leaving_timeout") == 0)) { - val_type = ICMAP_VALUETYPE_UINT32; - if (safe_atoq(value, &val, val_type) != 0) { -- goto atoi_error; -+ goto safe_atoq_error; - } - if ((cs_err = icmap_set_uint32_r(config_map, path, val)) != CS_OK) { - goto icmap_set_error; -@@ -712,7 +712,7 @@ static int main_config_parser_cb(const char *path, - (strcmp(path, "quorum.last_man_standing") == 0)) { - val_type = ICMAP_VALUETYPE_UINT8; - if (safe_atoq(value, &val, val_type) != 0) { -- goto atoi_error; -+ goto safe_atoq_error; - } - if ((cs_err = icmap_set_uint8_r(config_map, path, val)) != CS_OK) { - goto icmap_set_error; -@@ -726,7 +726,7 @@ static int main_config_parser_cb(const char *path, - (strcmp(path, "quorum.device.votes") == 0)) { - val_type = ICMAP_VALUETYPE_UINT32; - if (safe_atoq(value, &val, val_type) != 0) { -- goto atoi_error; -+ goto safe_atoq_error; - } - if ((cs_err = icmap_set_uint32_r(config_map, path, val)) != CS_OK) { - goto icmap_set_error; -@@ -736,7 +736,7 @@ static int main_config_parser_cb(const char *path, - if ((strcmp(path, "quorum.device.master_wins") == 0)) { - val_type = ICMAP_VALUETYPE_UINT8; - if (safe_atoq(value, &val, val_type) != 0) { -- goto atoi_error; -+ goto safe_atoq_error; - } - if ((cs_err = icmap_set_uint8_r(config_map, path, val)) != CS_OK) { - goto icmap_set_error; -@@ -777,7 +777,7 @@ static int main_config_parser_cb(const char *path, - (strcmp(path, "totem.netmtu") == 0)) { - val_type = ICMAP_VALUETYPE_UINT32; - if (safe_atoq(value, &val, val_type) != 0) { -- goto atoi_error; -+ goto safe_atoq_error; - } - if ((cs_err = icmap_set_uint32_r(config_map,path, val)) != CS_OK) { - goto icmap_set_error; -@@ -787,7 +787,7 @@ static int main_config_parser_cb(const char *path, - if (strcmp(path, "totem.knet_compression_level") == 0) { - val_type = ICMAP_VALUETYPE_INT32; - if (safe_atoq(value, &val, val_type) != 0) { -- goto atoi_error; -+ goto safe_atoq_error; - } - if ((cs_err = icmap_set_int32_r(config_map, path, val)) != CS_OK) { - goto icmap_set_error; -@@ -796,7 +796,7 @@ static int main_config_parser_cb(const char *path, - } - if (strcmp(path, "totem.config_version") == 0) { - if (str_to_ull(value, &ull) != 0) { -- goto atoi_error; -+ goto str_to_ull_error; - } - if ((cs_err = icmap_set_uint64_r(config_map, path, ull)) != CS_OK) { - goto icmap_set_error; -@@ -893,7 +893,7 @@ static int main_config_parser_cb(const char *path, - if (strcmp(path, "totem.interface.linknumber") == 0) { - val_type = ICMAP_VALUETYPE_UINT8; - if (safe_atoq(value, &val, val_type) != 0) { -- goto atoi_error; -+ goto safe_atoq_error; - } - - data->linknumber = val; -@@ -917,7 +917,7 @@ static int main_config_parser_cb(const char *path, - if (strcmp(path, "totem.interface.mcastport") == 0) { - val_type = ICMAP_VALUETYPE_UINT16; - if (safe_atoq(value, &val, val_type) != 0) { -- goto atoi_error; -+ goto safe_atoq_error; - } - data->mcastport = val; - add_as_string = 0; -@@ -925,7 +925,7 @@ static int main_config_parser_cb(const char *path, - if (strcmp(path, "totem.interface.ttl") == 0) { - val_type = ICMAP_VALUETYPE_UINT8; - if (safe_atoq(value, &val, val_type) != 0) { -- goto atoi_error; -+ goto safe_atoq_error; - } - data->ttl = val; - add_as_string = 0; -@@ -933,7 +933,7 @@ static int main_config_parser_cb(const char *path, - if (strcmp(path, "totem.interface.knet_link_priority") == 0) { - val_type = ICMAP_VALUETYPE_UINT8; - if (safe_atoq(value, &val, val_type) != 0) { -- goto atoi_error; -+ goto safe_atoq_error; - } - data->knet_link_priority = val; - add_as_string = 0; -@@ -941,7 +941,7 @@ static int main_config_parser_cb(const char *path, - if (strcmp(path, "totem.interface.knet_ping_interval") == 0) { - val_type = ICMAP_VALUETYPE_UINT32; - if (safe_atoq(value, &val, val_type) != 0) { -- goto atoi_error; -+ goto safe_atoq_error; - } - data->knet_ping_interval = val; - add_as_string = 0; -@@ -949,7 +949,7 @@ static int main_config_parser_cb(const char *path, - if (strcmp(path, "totem.interface.knet_ping_timeout") == 0) { - val_type = ICMAP_VALUETYPE_UINT32; - if (safe_atoq(value, &val, val_type) != 0) { -- goto atoi_error; -+ goto safe_atoq_error; - } - data->knet_ping_timeout = val; - add_as_string = 0; -@@ -957,7 +957,7 @@ static int main_config_parser_cb(const char *path, - if (strcmp(path, "totem.interface.knet_ping_precision") == 0) { - val_type = ICMAP_VALUETYPE_UINT32; - if (safe_atoq(value, &val, val_type) != 0) { -- goto atoi_error; -+ goto safe_atoq_error; - } - data->knet_ping_precision = val; - add_as_string = 0; -@@ -965,7 +965,7 @@ static int main_config_parser_cb(const char *path, - if (strcmp(path, "totem.interface.knet_pong_count") == 0) { - val_type = ICMAP_VALUETYPE_UINT32; - if (safe_atoq(value, &val, val_type) != 0) { -- goto atoi_error; -+ goto safe_atoq_error; - } - data->knet_pong_count = val; - add_as_string = 0; -@@ -1142,7 +1142,7 @@ static int main_config_parser_cb(const char *path, - (strcmp(path, "nodelist.node.quorum_votes") == 0)) { - val_type = ICMAP_VALUETYPE_UINT32; - if (safe_atoq(value, &val, val_type) != 0) { -- goto atoi_error; -+ goto safe_atoq_error; - } - - if ((cs_err = icmap_set_uint32_r(config_map, key_name, val)) != CS_OK) { -@@ -1162,7 +1162,7 @@ static int main_config_parser_cb(const char *path, - if (strcmp(key, "watchdog_timeout") == 0) { - val_type = ICMAP_VALUETYPE_UINT32; - if (safe_atoq(value, &val, val_type) != 0) { -- goto atoi_error; -+ goto safe_atoq_error; - } - if ((cs_err = icmap_set_uint32_r(config_map,path, val)) != CS_OK) { - goto icmap_set_error; -@@ -1174,7 +1174,7 @@ static int main_config_parser_cb(const char *path, - case MAIN_CP_CB_DATA_STATE_RESOURCES_SYSTEM_MEMUSED: - if (strcmp(key, "poll_period") == 0) { - if (str_to_ull(value, &ull) != 0) { -- goto atoi_error; -+ goto str_to_ull_error; - } - if ((cs_err = icmap_set_uint64_r(config_map,path, ull)) != CS_OK) { - goto icmap_set_error; -@@ -1186,7 +1186,7 @@ static int main_config_parser_cb(const char *path, - case MAIN_CP_CB_DATA_STATE_RESOURCES_PROCESS_MEMUSED: - if (strcmp(key, "poll_period") == 0) { - if (str_to_ull(value, &ull) != 0) { -- goto atoi_error; -+ goto str_to_ull_error; - } - if ((cs_err = icmap_set_uint64_r(config_map,path, ull)) != CS_OK) { - goto icmap_set_error; -@@ -1585,7 +1585,10 @@ static int main_config_parser_cb(const char *path, - - return (1); - --atoi_error: -+safe_atoq_error: -+ /* -+ * For integers supported by safe_atoq display range -+ */ - min_val = max_val = 0; - /* - * This is really assert, because developer ether doesn't set val_type correctly or -@@ -1603,6 +1606,20 @@ atoi_error: - - return (0); - -+str_to_ull_error: -+ /* -+ * For integers not supported by safe_atoq (64-bit int) -+ */ -+ if (snprintf(formated_err, sizeof(formated_err), -+ "Value of key \"%s\" is expected to be unsigned integer, but \"%s\" was given", -+ key_name, value) >= sizeof(formated_err)) { -+ *error_string = "Can't format parser error message"; -+ } else { -+ *error_string = formated_err; -+ } -+ -+ return (0); -+ - icmap_set_error: - if (snprintf(formated_err, sizeof(formated_err), - "Can't store key \"%s\" into icmap, returned error is %s", --- -2.25.1 - - - diff --git a/corosync-3.1.10.tar.gz b/corosync-3.1.10.tar.gz new file mode 100644 index 0000000000000000000000000000000000000000..398b21ce45cd25bd27de3708ec96f4eaa4360f13 Binary files /dev/null and b/corosync-3.1.10.tar.gz differ diff --git a/corosync-3.1.9.tar.gz b/corosync-3.1.9.tar.gz deleted file mode 100644 index 32cac0f5c72bc92952c8acccf62c5caa204d2482..0000000000000000000000000000000000000000 Binary files a/corosync-3.1.9.tar.gz and /dev/null differ diff --git a/corosync.spec b/corosync.spec index 8f736baf9251b390899c4697ac3727b80cf38dac..bf682765907958121c28a768c2ee8bd79c436d8c 100644 --- a/corosync.spec +++ b/corosync.spec @@ -17,15 +17,12 @@ Name: corosync Summary: The Corosync Cluster Engine and Application Programming Interfaces -Version: 3.1.9 -Release: 4 +Version: 3.1.10 +Release: 1 License: BSD-3-Clause URL: http://corosync.github.io/corosync/ Source0: http://build.clusterlabs.org/corosync/releases/%{name}-%{version}%{?gittarver}.tar.gz -Patch0: backport-CVE-2025-30472.patch -Patch1: backport-Fix-stack-buffer-overflow-in-remove_whitespace.patch -Patch2: backport-coroparse-enhancements.patch -Patch3: backport-Coverity-2025.3-fixes-without-sam.c.patch + # Runtime bits # The automatic dependency overridden in favor of explicit version lock Requires: corosynclib = %{version}-%{release} @@ -291,6 +288,11 @@ network splits) %endif %changelog +* Mon Nov 17 2025 zouzhimin - 3.1.10-1 +- update package to version 3.1.10 +- rust: fix fd_get() pointer dereference +- allow to use dscp for traffic prioritization + * Tue Aug 26 2025 zouzhimin - 3.1.9-4 - Coverity 2025.3 fixes without sam.c - cpg: Fix signedness of munmap result