New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

libradosstriper: fix format injection vulnerability #15674

Merged
merged 1 commit into from Jul 17, 2017

Conversation

Projects
None yet
6 participants
@chardan
Contributor

chardan commented Jun 13, 2017

@chardan

This comment has been minimized.

Contributor

chardan commented Jun 13, 2017

As suggested, I'm looking for other situations where format strings can leak in from the outside world, but that will take some time.

@liewegas liewegas changed the title from Patch from Stan K addressing 20240 (format injection vulnerability) to libradosstriper: fix format injection vulnerability Jun 14, 2017

@ceph-jenkins

This comment has been minimized.

Collaborator

ceph-jenkins commented Jun 14, 2017

Can one of the admins verify this patch?

@liewegas

This comment has been minimized.

Member

liewegas commented Jun 14, 2017

jenkins test this please

@chardan

This comment has been minimized.

Contributor

chardan commented Jun 14, 2017

I think this patch should address the submitter's situation.

@dmick

This comment has been minimized.

Member

dmick commented Jun 14, 2017

ok to test

@tchaikov tchaikov added the needs-qa label Jun 15, 2017

@@ -12,6 +12,8 @@
*
*/
#include <boost/algorithm/string/replace.hpp>

This comment has been minimized.

@tchaikov

tchaikov Jun 15, 2017

Contributor

@chardan

the commit message should look like:

Fixes: http://tracker.ceph.com/issues/20240
SIgned-off-by: Stan K <stan's email>

and we need to have Stan's email, assuming he agrees to contribute his patch to Ceph.

This comment has been minimized.

@smithfarm

smithfarm Jun 15, 2017

Contributor

@chardan And the top line of the commit message could be libradosstriper: remove format injection vulnerability . . . the entire commit message might then look like this:

libradosstriper: remove format injection vulnerability

Fixes: http://tracker.ceph.com/issues/20240
SIgned-off-by: Stan K <stan's email>
@tchaikov

This comment has been minimized.

Contributor

tchaikov commented Jun 16, 2017

@chardan

This comment has been minimized.

Contributor

chardan commented Jun 18, 2017

...waiting to hear back from the author...

@tchaikov

This comment has been minimized.

Contributor

tchaikov commented Jun 19, 2017

@chardan, Stan K already replied over the ticket, see http://tracker.ceph.com/issues/20240

libradosstriper: remove format injection vulnerability
Fixes: http://tracker.ceph.com/issues/20240

Signed-off-by: Stan K <redrampage@selectel.ru>
@chardan

This comment has been minimized.

Contributor

chardan commented Jul 17, 2017

@tchaikov Could you please peek at this? Thanks.

@tchaikov tchaikov added this to the luminous milestone Jul 17, 2017

@tchaikov tchaikov added the needs-qa label Jul 17, 2017

@tchaikov tchaikov merged commit 2d4aabf into ceph:master Jul 17, 2017

4 checks passed

Signed-off-by all commits in this PR are signed
Details
Unmodified Submodules submodules for project are unmodified
Details
arm64 make check arm64 make check succeeded
Details
make check make check succeeded
Details
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment