Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Revert "libatalk: Restore invalid metadata cleanup in ad_open.c" #997

Closed
wants to merge 2 commits into from
Closed

Revert "libatalk: Restore invalid metadata cleanup in ad_open.c" #997

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
eeaa7a8
Revert "libatalk: Restore invalid metadata cleanup in ad_open.c, GitH…
rdmark May 18, 2024
633b4a8
Update NEWS
rdmark May 18, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 0 additions & 1 deletion NEWS
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,6 @@ Changes in 3.2.0
* NEW: docs: Generate a manual appendix with build instructions, GitHub #791
* UPD: docs: Document libraries, init scripts in manual, GitHub #808
* FIX: afpd: Prevent theoretical crash in FPSetACL, GitHub #364
* FIX: libatalk: Restore invalid EA metadata cleanup, GitHub #400
* FIX: Shore up error handling and type safety, GItHub #952
* UPD: Rewrite the afpstats script in Perl, GitHub #893
And, improve the formatting of the standard output.
Expand Down
24 changes: 20 additions & 4 deletions libatalk/adouble/ad_open.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -804,6 +804,14 @@ static int ad_header_read_ea(const char *path, struct adouble *ad, const struct
EC_FAIL;
}

/*
* Since recent CVE fixes have introduced new behavior regarding
* ad_entry() output. For now, we will AFP_ASSERT() in EC_CLEANUP to prevent
* altering on-disk info. This does introduce an avenue to DOS
* the netatalk server by locally writing garbage to the EA. At this
* point, the outcome is an acceptable risk to prevent unintended
* changes to metadata.
*/
if (nentries != ADEID_NUM_EA
|| !ad_entry(ad, ADEID_FINDERI)
|| !ad_entry(ad, ADEID_COMMENT)
Expand All @@ -813,6 +821,12 @@ static int ad_header_read_ea(const char *path, struct adouble *ad, const struct
|| !ad_entry(ad, ADEID_PRIVINO)
|| !ad_entry(ad, ADEID_PRIVSYN)
|| !ad_entry(ad, ADEID_PRIVID)) {
LOG(log_error, logtype_ad,
"ad_header_read_ea(\"%s\"): invalid metadata EA "
"this is now being treated as a fatal error. "
"if you see this log entry, please file a bug ticket "
"with your upstream vendor and attach the generated "
"core file.", path ? fullpathname(path) : "UNKNOWN");

errno = EINVAL;
EC_FAIL;
Expand All @@ -826,17 +840,19 @@ static int ad_header_read_ea(const char *path, struct adouble *ad, const struct
ad_setentryoff(ad, ADEID_RFORK, ADEDOFF_RFORK_OSX);
#endif

// TODO: Remove the assert and restore the branch for cleaning up invalid metadata
// https://github.com/Netatalk/netatalk/issues/400
EC_CLEANUP:
AFP_ASSERT(!(ret != 0 && errno == EINVAL));
#if 0
if (ret != 0 && errno == EINVAL) {
become_root();
(void)sys_removexattr(path, AD_EA_META);
unbecome_root();
LOG(log_error, logtype_ad,
"ad_header_read_ea(%s, %d): deleted invalid metadata EA",
path ? fullpathname(path) : "UNKNOWN", nentries);

LOG(log_error, logtype_ad, "ad_header_read_ea(\"%s\"): deleted invalid metadata EA", fullpathname(path), nentries);
errno = ENOENT;
}
#endif
EC_EXIT;
}

Expand Down
Loading