mdadm: Backport fix for CVE-2023-28938

Upstream-Status: Backport from [https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/patch/?id=7d374a1869d3a84971d027a7f4233878c8f25a62]
CVE: CVE-2023-28938
Signed-off-by: Ashish Sharma <asharma@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>

diff --git a/meta/recipes-extended/mdadm/files/CVE-2023-28938.patch b/meta/recipes-extended/mdadm/files/CVE-2023-28938.patch
new file mode 100644 (file)
index 0000000..1e2990d
--- /dev/null
+++ b/meta/recipes-extended/mdadm/files/CVE-2023-28938.patch
@@ -0,0 +1,80 @@
+From 7d374a1869d3a84971d027a7f4233878c8f25a62 Mon Sep 17 00:00:00 2001
+From: Mateusz Grzonka <mateusz.grzonka@intel.com>
+Date: Tue, 27 Jul 2021 10:25:18 +0200
+Subject: Fix memory leak after "mdadm --detail"
+
+Signed-off-by: Mateusz Grzonka <mateusz.grzonka@intel.com>
+Signed-off-by: Jes Sorensen <jsorensen@fb.com>
+---
+Upstream-Status: Backport from [https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/patch/?id=7d374a1869d3a84971d027a7f4233878c8f25a62]
+CVE: CVE-2023-28938
+Signed-off-by: Ashish Sharma <asharma@mvista.com>
+ 
+ Detail.c | 20 +++++++++-----------
+ 1 file changed, 9 insertions(+), 11 deletions(-)
+
+diff --git a/Detail.c b/Detail.c
+index ad56344f..d3af0ab5 100644
+--- a/Detail.c
++++ b/Detail.c
+@@ -66,11 +66,11 @@ int Detail(char *dev, struct context *c)
+       int spares = 0;
+       struct stat stb;
+       int failed = 0;
+-      struct supertype *st;
++      struct supertype *st = NULL;
+       char *subarray = NULL;
+       int max_disks = MD_SB_DISKS; /* just a default */
+       struct mdinfo *info = NULL;
+-      struct mdinfo *sra;
++      struct mdinfo *sra = NULL;
+       struct mdinfo *subdev;
+       char *member = NULL;
+       char *container = NULL;
+@@ -93,8 +93,7 @@ int Detail(char *dev, struct context *c)
+       if (!sra) {
+               if (md_get_array_info(fd, &array)) {
+                       pr_err("%s does not appear to be an md device\n", dev);
+-                      close(fd);
+-                      return rv;
++                      goto out;
+               }
+       }
+       external = (sra != NULL && sra->array.major_version == -1 &&
+@@ -108,16 +107,13 @@ int Detail(char *dev, struct context *c)
+                           sra->devs == NULL) {
+                               pr_err("Array associated with md device %s does not exist.\n",
+                                      dev);
+-                              close(fd);
+-                              sysfs_free(sra);
+-                              return rv;
++                              goto out;
+                       }
+                       array = sra->array;
+               } else {
+                       pr_err("cannot get array detail for %s: %s\n",
+                              dev, strerror(errno));
+-                      close(fd);
+-                      return rv;
++                      goto out;
+               }
+       }
+ 
+@@ -827,10 +823,12 @@ out:
+       close(fd);
+       free(subarray);
+       free(avail);
+-      for (d = 0; d < n_devices; d++)
+-              free(devices[d]);
++      if (devices)
++              for (d = 0; d < n_devices; d++)
++                      free(devices[d]);
+       free(devices);
+       sysfs_free(sra);
++      free(st);
+       return rv;
+ }
+ 
+-- 
+cgit 
+

diff --git a/meta/recipes-extended/mdadm/mdadm_4.1.bb b/meta/recipes-extended/mdadm/mdadm_4.1.bb
index 5238a41df20f9214f9cdf7966b833b1fb9fcb092..ca326fd1cb1be4c7e960de92bb8591774954cb68 100644 (file)
--- a/meta/recipes-extended/mdadm/mdadm_4.1.bb
+++ b/meta/recipes-extended/mdadm/mdadm_4.1.bb
@@ -25,6 +25,7 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/utils/raid/mdadm/${BPN}-${PV}.tar.xz \
            file://include_sysmacros.patch \
            file://0001-mdadm-skip-test-11spare-migration.patch \
            file://CVE-2023-28736.patch \
+           file://CVE-2023-28938.patch \
            "
 
 SRC_URI[md5sum] = "51bf3651bd73a06c413a2f964f299598"