diff --git a/fix-handler-out-of-scope-leak.patch b/fix-handler-out-of-scope-leak.patch new file mode 100644 index 0000000000000000000000000000000000000000..c7bec9f1906db1d0df508aa991f3ef1682fe95a8 --- /dev/null +++ b/fix-handler-out-of-scope-leak.patch @@ -0,0 +1,55 @@ +From cebb02175a980bd74d84beeef336dbcba73df19f Mon Sep 17 00:00:00 2001 +From: Oyvind Albrigtsen +Date: Thu, 22 Feb 2024 16:42:01 +0800 +Subject: [PATCH] fix handler out of scope leak, unitialized value and check + that netmaskbits != EOS + +--- + tools/findif.c | 2 +- + tools/storage_mon.c | 10 ++++++++-- + 2 files changed, 9 insertions(+), 3 deletions(-) + +diff --git a/tools/findif.c b/tools/findif.c +index a25395f..ab108a3 100644 +--- a/tools/findif.c ++++ b/tools/findif.c +@@ -669,7 +669,7 @@ main(int argc, char ** argv) { + } + } + +- if (netmaskbits) { ++ if (netmaskbits != NULL && *netmaskbits != EOS) { + best_netmask = netmask; + }else if (best_netmask == 0L) { + /* +diff --git a/tools/storage_mon.c b/tools/storage_mon.c +index 1aae29e..3484ca6 100644 +--- a/tools/storage_mon.c ++++ b/tools/storage_mon.c +@@ -382,7 +382,9 @@ static int write_pid_file(const char *pidfile) + syslog(LOG_ERR, "Failed to write '%s' to %s: %s", pid, pidfile, strerror(errno)); + goto done; + } +- close(fd); ++ if (fd != -1) { ++ close(fd); ++ } + rc = 0; + done: + if (pid != NULL) { +@@ -683,7 +685,11 @@ storage_mon_client(void) + /* greater than 0 : monitoring error. */ + /* -1 : communication system error. */ + /* -2 : Not all checks completed for first device in daemon mode. */ +- rc = atoi(response.message); ++ if (strnlen(response.message, 1)) { ++ rc = atoi(response.message); ++ } else { ++ rc = -1; ++ } + + syslog(LOG_DEBUG, "daemon response[%d]: %s \n", response.hdr.id, response.message); + +-- +2.33.0 + diff --git a/resource-agents.spec b/resource-agents.spec index 71a2c87b3ad6ec7622f5180a808901d9b1c480df..15901fdd1978d013caec3a2d0bae81b6aeb0f08a 100644 --- a/resource-agents.spec +++ b/resource-agents.spec @@ -1,13 +1,14 @@ Name: resource-agents Summary: Open Source HA Reusable Cluster Resource Scripts Version: 4.13.0 -Release: 3 +Release: 4 License: GPLv2+ and LGPLv2+ URL: https://github.com/ClusterLabs/resource-agents Source0: https://github.com/ClusterLabs/resource-agents/archive/v%{version}.tar.gz Patch0000: fix-failed-to-parse-pid-from-pid-file.patch Patch0001: Fix-PRIMARY_IFACE-variable.patch Patch0002: fix-loopback-handling.patch +Patch0003: fix-handler-out-of-scope-leak.patch Obsoletes: heartbeat-resources <= %{version} Provides: heartbeat-resources = %{version} BuildRequires: automake autoconf pkgconfig gcc perl-interpreter perl-generators python3-devel @@ -105,6 +106,9 @@ export CFLAGS="$(echo '%{optflags}')" %{_mandir}/man8/{ocf-tester.8*,ldirectord.8*} %changelog +* Thu Feb 22 2024 bixiaoyan - 4.13.0-4 +- fix handler out of scope leak, unitialized value and check that netmaskbits != EOS + * Tue Nov 7 2023 bixiaoyan - 4.13.0-3 - Fix loopback handling