fix CVE-2021-24032

2021-03-16 16:57:46 +08:00 · 2021-03-16 16:57:46 +08:00 · 6984b6b1f9
commit 6984b6b1f9
parent 98918399ee
2 changed files with 101 additions and 1 deletions
--- a/backport-CVE-2021-24032.patch
+++ b/backport-CVE-2021-24032.patch
@ -0,0 +1,92 @@
+From a774c5797399040af62db21d8a9b9769e005430e Mon Sep 17 00:00:00 2001
+From: "W. Felix Handte" <w@felixhandte.com>
+Date: Thu, 11 Feb 2021 15:50:13 -0500
+Subject: [PATCH] Use umask() to Constrain Created File Permissions
+
+This commit addresses #2491.
+
+Note that a downside of this solution is that it is global: `umask()` affects
+all file creation calls in the process. I believe this is safe since
+`fileio.c` functions should only ever be used in the zstd binary, and these
+are (almost) the only files ever created by zstd, and AIUI they're only
+created in a single thread. So we can get away with messing with global state.
+
+Note that this doesn't change the permissions of files created by `dibio.c`.
+I'm not sure what those should be...
+---
+ programs/fileio.c | 9 +++------
+ programs/util.c   | 9 +++++++++
+ programs/util.h   | 8 +++++++-
+ 3 files changed, 19 insertions(+), 7 deletions(-)
+
+diff --git a/programs/fileio.c b/programs/fileio.c
+index d72879d..f452984 100644
+--- a/programs/fileio.c
+++ b/programs/fileio.c
+@@ -611,14 +611,11 @@ FIO_openDstFile(FIO_prefs_t* const prefs,
+             FIO_remove(dstFileName);
+     }   }
+ 
+-    {   FILE* const f = fopen( dstFileName, "wb" );
+    {   const int old_umask = UTIL_umask(0177); /* u-x,go-rwx */
+        FILE* const f = fopen( dstFileName, "wb" );
+        UTIL_umask(old_umask);
+         if (f == NULL) {
+             DISPLAYLEVEL(1, "zstd: %s: %s\n", dstFileName, strerror(errno));
+-        } else if (srcFileName != NULL
+-               && strcmp (srcFileName, stdinmark)
+-               && strcmp(dstFileName, nulmark) ) {
+-            /* reduce rights on newly created dst file while compression is ongoing */
+-            UTIL_chmod(dstFileName, 00600);
+         }
+         return f;
+     }
+diff --git a/programs/util.c b/programs/util.c
+index ab1abd3..9506972 100644
+--- a/programs/util.c
+++ b/programs/util.c
+@@ -137,6 +137,15 @@ int UTIL_chmod(char const* filename, mode_t permissions)
+     return chmod(filename, permissions);
+ }
+ 
+int UTIL_umask(int mode) {
+#if PLATFORM_POSIX_VERSION > 0
+    return umask(mode);
+#else
+    /* do nothing, fake return value */
+    return mode;
+#endif
+}
+
+ int UTIL_setFileStat(const char *filename, stat_t *statbuf)
+ {
+     int res = 0;
+diff --git a/programs/util.h b/programs/util.h
+index 8e187e4..3bc7e1c 100644
+--- a/programs/util.h
+++ b/programs/util.h
+@@ -22,7 +22,7 @@ extern "C" {
+ #include "platform.h"     /* PLATFORM_POSIX_VERSION, ZSTD_NANOSLEEP_SUPPORT, ZSTD_SETPRIORITY_SUPPORT */
+ #include <stddef.h>       /* size_t, ptrdiff_t */
+ #include <sys/types.h>    /* stat, utime */
+-#include <sys/stat.h>     /* stat, chmod */
+#include <sys/stat.h>     /* stat, chmod, umask */
+ #include "../lib/common/mem.h"          /* U64 */
+ 
+ 
+@@ -119,6 +119,12 @@ U64 UTIL_getTotalFileSize(const char* const * fileNamesTable, unsigned nbFiles);
+ int UTIL_getFileStat(const char* infilename, stat_t* statbuf);
+ int UTIL_setFileStat(const char* filename, stat_t* statbuf);
+ int UTIL_chmod(char const* filename, mode_t permissions);   /*< like chmod, but avoid changing permission of /dev/null */
+
+/**
+ * Wraps umask(). Does nothing when the platform doesn't have that concept.
+ */
+int UTIL_umask(int mode);
+
+ int UTIL_compareStr(const void *p1, const void *p2);
+ const char* UTIL_getFileExtension(const char* infilename);
+ 
+-- 
+1.8.3.1
+
--- a/zstd.spec
+++ b/zstd.spec
@ -2,12 +2,14 @@

 Name:            zstd
 Version:         1.4.5
-Release:	0
+Release:	 1
 Summary:         A fast lossless compression algorithm
 License:         BSD and GPLv2
 URL:             https://github.com/facebook/zstd
 Source0:         https://github.com/facebook/zstd/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz

+Patch6000:       backport-CVE-2021-24032.patch
+
 BuildRequires:   gtest-devel gcc-c++ pkg-config

 Provides:        libzstd
@ -87,6 +89,12 @@ install -D -m644 programs/zstd.1 %{buildroot}%{_mandir}/man1/pzstd.1
 %{_mandir}/man1/*.1*

 %changelog
+* Tue Mar 16 2021 shixuantong<shixuantong@huawei.com> - 1.4.5-1
+- Type:CVE
+- CVE:CVE-2021-24032
+- SUG:NA
+- DESC:fix CVE-2021-24032
+
 * Sat Jun 20 2020 maqiang<maqiang42@huawei.com> -1.4.5
 - Type:Update 
 - ID: