From 0399b5651b35e2396ffae919608d5c3974890c65 Mon Sep 17 00:00:00 2001 From: PhsySimon Date: Fri, 11 Oct 2024 20:11:43 +0800 Subject: [PATCH] fix xalarm upgrade not return val, not refuse to send msg when length exceeds 8192,cleanup invalid socket peroidlly --- ...rm-when-sending-msg-and-clean-invali.patch | 24 +++++ ...eanup-invalid-server-socket-peroidly.patch | 90 +++++++++++++++++++ ...t-function-not-refuse-alarm-msg-exce.patch | 76 ++++++++++++++++ ...de-not-return-val-and-fail-when-thre.patch | 71 +++++++++++++++ sysSentry.spec | 12 ++- 5 files changed, 272 insertions(+), 1 deletion(-) create mode 100644 add-log-for-xalarm-when-sending-msg-and-clean-invali.patch create mode 100644 add-xalarm-cleanup-invalid-server-socket-peroidly.patch create mode 100644 fix-xalarm_Report-function-not-refuse-alarm-msg-exce.patch create mode 100644 fix-xalarm_upgrade-not-return-val-and-fail-when-thre.patch diff --git a/add-log-for-xalarm-when-sending-msg-and-clean-invali.patch b/add-log-for-xalarm-when-sending-msg-and-clean-invali.patch new file mode 100644 index 0000000..b8a762f --- /dev/null +++ b/add-log-for-xalarm-when-sending-msg-and-clean-invali.patch @@ -0,0 +1,24 @@ +From ef3aad0ca57d35b0a4fe29a0205596021bae0227 Mon Sep 17 00:00:00 2001 +From: caixiaomeng +Date: Fri, 11 Oct 2024 17:59:54 +0800 +Subject: [PATCH] add log for xalarm when sending msg and clean invalid client + socket + +--- + src/python/xalarm/xalarm_transfer.py | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/python/xalarm/xalarm_transfer.py b/src/python/xalarm/xalarm_transfer.py +index 42137d8..9e867cc 100644 +--- a/src/python/xalarm/xalarm_transfer.py ++++ b/src/python/xalarm/xalarm_transfer.py +@@ -117,4 +117,5 @@ def transmit_alarm(server_sock, epoll, fd_to_socket, bin_data): + epoll.unregister(fileno) + fd_to_socket[fileno].close() + del fd_to_socket[fileno] ++ logging.info(f"cleaned up connection {fileno} for client lost connection.") + +-- +2.27.0 + + diff --git a/add-xalarm-cleanup-invalid-server-socket-peroidly.patch b/add-xalarm-cleanup-invalid-server-socket-peroidly.patch new file mode 100644 index 0000000..5ee845a --- /dev/null +++ b/add-xalarm-cleanup-invalid-server-socket-peroidly.patch @@ -0,0 +1,90 @@ +From 4fa9b250f56dc3f4f431fc091e25d8f2558a9bb2 Mon Sep 17 00:00:00 2001 +From: caixiaomeng +Date: Fri, 11 Oct 2024 18:12:21 +0800 +Subject: [PATCH] add xalarm cleanup invalid server socket peroidly + +--- + src/python/xalarm/xalarm_server.py | 20 +++++++++++++++----- + src/python/xalarm/xalarm_transfer.py | 8 ++++++++ + 2 files changed, 23 insertions(+), 5 deletions(-) + +diff --git a/src/python/xalarm/xalarm_server.py b/src/python/xalarm/xalarm_server.py +index 2882609..f90a0e2 100644 +--- a/src/python/xalarm/xalarm_server.py ++++ b/src/python/xalarm/xalarm_server.py +@@ -22,7 +22,12 @@ import threading + from struct import error as StructParseError + + from .xalarm_api import alarm_bin2stu +-from .xalarm_transfer import check_filter, transmit_alarm, wait_for_connection ++from .xalarm_transfer import ( ++ check_filter, ++ transmit_alarm, ++ wait_for_connection, ++ peroid_task_to_cleanup_connections ++) + + + ALARM_DIR = "/var/run/xalarm" +@@ -66,9 +71,13 @@ def server_loop(alarm_config): + fd_to_socket = {alarm_sock.fileno(): alarm_sock,} + thread_should_stop = False + +- thread = threading.Thread(target=wait_for_connection, args=(alarm_sock, epoll, fd_to_socket, thread_should_stop)) +- thread.daemon = True +- thread.start() ++ conn_thread = threading.Thread(target=wait_for_connection, args=(alarm_sock, epoll, fd_to_socket, thread_should_stop)) ++ conn_thread.daemon = True ++ conn_thread.start() ++ ++ cleanup_thread = threading.Thread(target=peroid_task_to_cleanup_connections, args=(alarm_sock, epoll, fd_to_socket, thread_should_stop)) ++ cleanup_thread.daemon = True ++ cleanup_thread.start() + + while True: + try: +@@ -88,7 +97,8 @@ def server_loop(alarm_config): + logging.error(f"Error server:{e}") + + thread_should_stop = True +- thread.join() ++ conn_thread.join() ++ cleanup_thread.join() + + epoll.unregister(alarm_sock.fileno()) + epoll.close() +diff --git a/src/python/xalarm/xalarm_transfer.py b/src/python/xalarm/xalarm_transfer.py +index 90dccbc..75807e0 100644 +--- a/src/python/xalarm/xalarm_transfer.py ++++ b/src/python/xalarm/xalarm_transfer.py +@@ -17,11 +17,13 @@ Create: 2023-11-02 + import socket + import logging + import select ++from time import sleep + + MIN_ID_NUMBER = 1001 + MAX_ID_NUMBER = 1128 + MAX_CONNECTION_NUM = 100 + TEST_CONNECT_BUFFER_SIZE = 32 ++PEROID_SCANN_TIME = 60 + + + def check_filter(alarm_info, alarm_filter): +@@ -66,6 +68,12 @@ def cleanup_closed_connections(server_sock, epoll, fd_to_socket): + logging.info(f"cleaned up connection {fileno} for client lost connection.") + + ++def peroid_task_to_cleanup_connections(server_sock, epoll, fd_to_socket, thread_should_stop): ++ while not thread_should_stop: ++ sleep(PEROID_SCANN_TIME) ++ cleanup_closed_connections(server_sock, epoll, fd_to_socket) ++ ++ + def wait_for_connection(server_sock, epoll, fd_to_socket, thread_should_stop): + """ + thread function for catch and save client connection +-- +2.27.0 + + diff --git a/fix-xalarm_Report-function-not-refuse-alarm-msg-exce.patch b/fix-xalarm_Report-function-not-refuse-alarm-msg-exce.patch new file mode 100644 index 0000000..1bf5c3b --- /dev/null +++ b/fix-xalarm_Report-function-not-refuse-alarm-msg-exce.patch @@ -0,0 +1,76 @@ +From f6a26ea0759f36ebcaebe05d4d24c7234a110c63 Mon Sep 17 00:00:00 2001 +From: caixiaomeng +Date: Fri, 11 Oct 2024 12:12:53 +0800 +Subject: [PATCH] fix xalarm_Report function not refuse alarm msg exceeds + maximum + +--- + src/libso/xalarm/register_xalarm.c | 5 +++++ + src/python/xalarm/register_xalarm.py | 6 +++--- + src/python/xalarm/sentry_notify.py | 4 ++-- + 3 files changed, 10 insertions(+), 5 deletions(-) + +diff --git a/src/libso/xalarm/register_xalarm.c b/src/libso/xalarm/register_xalarm.c +index 5aff2bc..952a28b 100644 +--- a/src/libso/xalarm/register_xalarm.c ++++ b/src/libso/xalarm/register_xalarm.c +@@ -339,6 +339,11 @@ int xalarm_Report(unsigned short usAlarmId, unsigned char ucAlarmLevel, + return -1; + } + ++ if (pucParas == NULL || (int)strlen(pucParas) > MAX_PARAS_LEN) { ++ fprintf(stderr, "%s: alarm info invalid\n", __func__); ++ return -1; ++ } ++ + if (memset(&info, 0, sizeof(struct alarm_info)) == NULL) { + fprintf(stderr, "%s: memset info failed, ret: %d\n", __func__, ret); + return -1; +diff --git a/src/python/xalarm/register_xalarm.py b/src/python/xalarm/register_xalarm.py +index edd9994..39623bd 100644 +--- a/src/python/xalarm/register_xalarm.py ++++ b/src/python/xalarm/register_xalarm.py +@@ -45,7 +45,7 @@ class AlarmRegister: + return False + + if self.socket is None: +- sys.stderr.write("check_params: scoket create failed\n") ++ sys.stderr.write("check_params: socket create failed\n") + return False + return True + +@@ -151,10 +151,10 @@ def xalarm_unregister(clientId: int) -> None: + def xalarm_upgrade(clientId: int, id_filter: list) -> None: + global ALARM_REGISTER_INFO + if clientId < 0: +- sys.stderr.write("xalarm_unregister: invalid client\n") ++ sys.stderr.write("xalarm_upgrade: invalid client\n") + return + if ALARM_REGISTER_INFO is None: +- sys.stderr.write("xalarm_unregister: alarm has not registered\n") ++ sys.stderr.write("xalarm_upgrade: alarm has not registered\n") + return + ALARM_REGISTER_INFO.id_filter = id_filter + +diff --git a/src/python/xalarm/sentry_notify.py b/src/python/xalarm/sentry_notify.py +index c763a24..5838473 100644 +--- a/src/python/xalarm/sentry_notify.py ++++ b/src/python/xalarm/sentry_notify.py +@@ -27,11 +27,11 @@ ALARM_SOCKET_PERMISSION = 0o700 + + def check_params(alarm_id, alarm_level, alarm_type, puc_paras) -> bool: + if not os.path.exists(DIR_XALARM): +- sys.stderr.write(f"check_params: {DIR_XALARM} not exist, failed") ++ sys.stderr.write(f"check_params: {DIR_XALARM} not exist, failed\n") + return False + + if not os.path.exists(PATH_REPORT_ALARM): +- sys.stderr.write(f"check_params: {PATH_REPORT_ALARM} not exist, failed") ++ sys.stderr.write(f"check_params: {PATH_REPORT_ALARM} not exist, failed\n") + return False + + if (alarm_id < MIN_ALARM_ID or alarm_id > MAX_ALARM_ID or +-- +2.27.0 + + diff --git a/fix-xalarm_upgrade-not-return-val-and-fail-when-thre.patch b/fix-xalarm_upgrade-not-return-val-and-fail-when-thre.patch new file mode 100644 index 0000000..5b1f231 --- /dev/null +++ b/fix-xalarm_upgrade-not-return-val-and-fail-when-thre.patch @@ -0,0 +1,71 @@ +From 624efd60495403743fc251b7d689d920841e44c8 Mon Sep 17 00:00:00 2001 +From: caixiaomeng +Date: Fri, 11 Oct 2024 17:54:04 +0800 +Subject: [PATCH] fix xalarm_upgrade not return val and fail when thread + stopped + +--- + src/libso/xalarm/register_xalarm.c | 11 ++++++++++- + src/python/xalarm/register_xalarm.py | 10 +++++++--- + 2 files changed, 17 insertions(+), 4 deletions(-) + +diff --git a/src/libso/xalarm/register_xalarm.c b/src/libso/xalarm/register_xalarm.c +index 952a28b..6768242 100644 +--- a/src/libso/xalarm/register_xalarm.c ++++ b/src/libso/xalarm/register_xalarm.c +@@ -156,7 +156,11 @@ static void *alarm_recv(void *arg) + continue; + } + printf("recv error len:%d errno:%d\n", recvlen, errno); +- } ++ } else if (recvlen == 0) { ++ printf("connection closed by xalarmd, maybe connections reach max num or service stopped.\n"); ++ g_register_info.thread_should_stop = 1; ++ break; ++ } + } + return NULL; + } +@@ -211,6 +215,11 @@ bool xalarm_Upgrade(struct alarm_subscription_info id_filter, int client_id) + printf("%s: invalid args\n", __func__); + return false; + } ++ ++ if (g_register_info.thread_should_stop) { ++ printf("%s: upgrade failed, alarm thread has stopped\n", __func__); ++ return false; ++ } + set_alarm_id(id_filter); + + return true; +diff --git a/src/python/xalarm/register_xalarm.py b/src/python/xalarm/register_xalarm.py +index 39623bd..2a6dabf 100644 +--- a/src/python/xalarm/register_xalarm.py ++++ b/src/python/xalarm/register_xalarm.py +@@ -148,15 +148,19 @@ def xalarm_unregister(clientId: int) -> None: + ALARM_REGISTER_INFO = None + + +-def xalarm_upgrade(clientId: int, id_filter: list) -> None: ++def xalarm_upgrade(id_filter: list, clientId: int) -> bool: + global ALARM_REGISTER_INFO + if clientId < 0: + sys.stderr.write("xalarm_upgrade: invalid client\n") +- return ++ return False + if ALARM_REGISTER_INFO is None: + sys.stderr.write("xalarm_upgrade: alarm has not registered\n") +- return ++ return False ++ if ALARM_REGISTER_INFO.thread_should_stop: ++ sys.stderr.write("xalarm_upgrade: upgrade failed, alarm thread has stopped\n") ++ return False + ALARM_REGISTER_INFO.id_filter = id_filter ++ return True + + + def xalarm_getid(alarm_info: Xalarm) -> int: +-- +2.27.0 + + diff --git a/sysSentry.spec b/sysSentry.spec index 9e2f631..7776e90 100644 --- a/sysSentry.spec +++ b/sysSentry.spec @@ -4,7 +4,7 @@ Summary: System Inspection Framework Name: sysSentry Version: 1.0.2 -Release: 34 +Release: 35 License: Mulan PSL v2 Group: System Environment/Daemons Source0: https://gitee.com/openeuler/sysSentry/releases/download/v%{version}/%{name}-%{version}.tar.gz @@ -46,6 +46,10 @@ Patch33: add-get_disk_type-and-fix-some-bugs.patch Patch34: ai_block_io-adapt-alarm-module.patch Patch35: diff-disk-type-use-diff-config.patch Patch36: add-parameter-time_range-alarm_id-and-alarm_clear_ti.patch +Patch37: fix-xalarm_Report-function-not-refuse-alarm-msg-exce.patch +Patch38: fix-xalarm_upgrade-not-return-val-and-fail-when-thre.patch +Patch39: add-log-for-xalarm-when-sending-msg-and-clean-invali.patch +Patch40: add-xalarm-cleanup-invalid-server-socket-peroidly.patch BuildRequires: cmake gcc-c++ BuildRequires: python3 python3-setuptools @@ -300,6 +304,12 @@ rm -rf %{buildroot} %attr(0550,root,root) %{python3_sitelib}/sentryPlugins/ai_block_io %changelog +* Fri Oct 11 2024 caixiaomeng - 1.0.2-35 +- Type:bugfix +- CVE:NA +- SUG:NA +- DESC:fix xalarm upgrade not return val, not refuse to send msg when length exceeds 8192,cleanup invalid socket peroidlly + * Fri Oct 11 2024 jinsaihang - 1.0.2-34 - Type:bugfix - CVE:NA -- Gitee