From 8d58a84164aacde197a75b8f6a51d03601c76042 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Dec 17 2019 14:45:32 +0000 Subject: import open-vm-tools-10.3.0-2.el7_7.1 --- diff --git a/SOURCES/ovt-End-VGAuth-impersonation-in-the.patch b/SOURCES/ovt-End-VGAuth-impersonation-in-the.patch new file mode 100644 index 0000000..b2167f3 --- /dev/null +++ b/SOURCES/ovt-End-VGAuth-impersonation-in-the.patch @@ -0,0 +1,112 @@ +From 6c240f1d7c3e348af0aa95d5dfba08e95601fcc8 Mon Sep 17 00:00:00 2001 +From: Cathy Avery +Date: Fri, 15 Nov 2019 14:49:07 +0100 +Subject: [PATCH 2/3] End VGAuth impersonation in the + +RH-Author: Cathy Avery +Message-id: <20191115144908.7669-3-cavery@redhat.com> +Patchwork-id: 92390 +O-Subject: [RHEL7.7.z open-vm-tools PATCH 2/3] End VGAuth impersonation in the case of error. +Bugzilla: 1772825 +RH-Acked-by: Vitaly Kuznetsov +RH-Acked-by: Eduardo Otubo + +commit 7b874f37f970aab2adddb063a8363594f47abf70 +Author: Oliver Kurth +Date: Tue Sep 4 15:40:58 2018 -0700 + + End VGAuth impersonation in the case of error. + + * In GuestAuthPasswordAuthenticateImpersonate(): + When VGAuth_UserHandleAccessToken fails, unimpersonation is not + being done. This can cause issues. Fixed it. + + * In GuestAuthSAMLAuthenticateAndImpersonate(), fixed the following issues: + The 'newHandle' is not being freed which causes a memory leak. + When VGAuth_UserHandleAccessToken fails, unimpersonation is not + being done. + +Signed-off-by: Cathy Avery +Signed-off-by: Miroslav Rezanina +--- + services/plugins/vix/vixTools.c | 25 +++++++++++++++++++++++-- + 1 file changed, 23 insertions(+), 2 deletions(-) + +diff --git a/services/plugins/vix/vixTools.c b/services/plugins/vix/vixTools.c +index 7ed9f43..3d327e4 100644 +--- a/services/plugins/vix/vixTools.c ++++ b/services/plugins/vix/vixTools.c +@@ -11392,6 +11392,7 @@ GuestAuthPasswordAuthenticateImpersonate( + VGAuthError vgErr; + VGAuthUserHandle *newHandle = NULL; + VGAuthExtraParams extraParams[1]; ++ Bool impersonated = FALSE; + + extraParams[0].name = VGAUTH_PARAM_LOAD_USER_PROFILE; + extraParams[0].value = VGAUTH_PARAM_VALUE_TRUE; +@@ -11427,6 +11428,8 @@ GuestAuthPasswordAuthenticateImpersonate( + goto done; + } + ++ impersonated = TRUE; ++ + #ifdef _WIN32 + // this is making a copy of the token, be sure to close it + vgErr = VGAuth_UserHandleAccessToken(ctx, newHandle, userToken); +@@ -11446,6 +11449,10 @@ done: + Util_ZeroFreeString(password); + + if (VIX_OK != err) { ++ if (impersonated) { ++ vgErr = VGAuth_EndImpersonation(ctx); ++ ASSERT(vgErr == VGAUTH_E_OK); ++ } + VGAuth_UserHandleFree(newHandle); + newHandle = NULL; + } +@@ -11480,12 +11487,13 @@ GuestAuthSAMLAuthenticateAndImpersonate( + { + #if SUPPORT_VGAUTH + VixError err; +- char *token; +- char *username; ++ char *token = NULL; ++ char *username = NULL; + VGAuthContext *ctx = NULL; + VGAuthError vgErr; + VGAuthUserHandle *newHandle = NULL; + VGAuthExtraParams extraParams[1]; ++ Bool impersonated = FALSE; + + extraParams[0].name = VGAUTH_PARAM_LOAD_USER_PROFILE; + extraParams[0].value = VGAUTH_PARAM_VALUE_TRUE; +@@ -11577,6 +11585,8 @@ impersonate: + goto done; + } + ++ impersonated = TRUE; ++ + #ifdef _WIN32 + // this is making a copy of the token, be sure to close it + vgErr = VGAuth_UserHandleAccessToken(ctx, newHandle, userToken); +@@ -11592,6 +11602,17 @@ impersonate: + err = VIX_OK; + + done: ++ Util_ZeroFreeString(token); ++ Util_ZeroFreeString(username); ++ ++ if (VIX_OK != err) { ++ if (impersonated) { ++ vgErr = VGAuth_EndImpersonation(ctx); ++ ASSERT(vgErr == VGAUTH_E_OK); ++ } ++ VGAuth_UserHandleFree(newHandle); ++ newHandle = NULL; ++ } + + return err; + #else +-- +1.8.3.1 + diff --git a/SOURCES/ovt-Fix-leaks-in-ListAliases-and.patch b/SOURCES/ovt-Fix-leaks-in-ListAliases-and.patch new file mode 100644 index 0000000..a7a0e64 --- /dev/null +++ b/SOURCES/ovt-Fix-leaks-in-ListAliases-and.patch @@ -0,0 +1,84 @@ +From e2d98f99494ce748bd0e77d9bc1f52663936faa1 Mon Sep 17 00:00:00 2001 +From: Cathy Avery +Date: Fri, 15 Nov 2019 14:49:08 +0100 +Subject: [PATCH 3/3] Fix leaks in ListAliases and + +RH-Author: Cathy Avery +Message-id: <20191115144908.7669-4-cavery@redhat.com> +Patchwork-id: 92389 +O-Subject: [RHEL7.7.z open-vm-tools PATCH 3/3] Fix leaks in ListAliases and ListMappedAliases (9bc72f0b09702754b429115658a85223cb3058bd from devel) +Bugzilla: 1772825 +RH-Acked-by: Vitaly Kuznetsov +RH-Acked-by: Eduardo Otubo + +commit 26b9edbeb79d1c67b9ae73a0c97c48999c1fb503 (origin/stable-10.3.10-vix-memory-leaks) +Author: Oliver Kurth +Date: Wed Oct 2 17:48:35 2019 -0700 + + Fix leaks in ListAliases and ListMappedAliases (9bc72f0b09702754b429115658a85223cb3058bd from devel) + +Signed-off-by: Cathy Avery +Signed-off-by: Miroslav Rezanina +--- + services/plugins/vix/vixTools.c | 10 ++++++++-- + 1 file changed, 8 insertions(+), 2 deletions(-) + +diff --git a/services/plugins/vix/vixTools.c b/services/plugins/vix/vixTools.c +index 3d327e4..a30ef6b 100644 +--- a/services/plugins/vix/vixTools.c ++++ b/services/plugins/vix/vixTools.c +@@ -9463,7 +9463,6 @@ VixToolsListAuthAliases(VixCommandRequestHeader *requestMsg, // IN + char *endDestPtr; + char *tmpBuf = NULL; + char *tmpBuf2 = NULL; +- char *recordBuf; + size_t recordSize; + char *escapedStr = NULL; + char *escapedStr2 = NULL; +@@ -9522,6 +9521,8 @@ VixToolsListAuthAliases(VixCommandRequestHeader *requestMsg, // IN + destPtr += Str_Sprintf(destPtr, endDestPtr - destPtr, "%s", + VIX_XML_ESCAPED_TAG); + for (i = 0; i < num; i++) { ++ char *recordBuf = NULL; ++ + escapedStr = VixToolsEscapeXMLString(uaList[i].pemCert); + if (escapedStr == NULL) { + err = VIX_E_OUT_OF_MEMORY; +@@ -9592,6 +9593,8 @@ VixToolsListAuthAliases(VixCommandRequestHeader *requestMsg, // IN + Log("%s: ListAuth list results too large, truncating", __FUNCTION__); + goto abort; + } ++ free(recordBuf); ++ recordBuf = NULL; + } + + *result = resultBuffer; +@@ -9659,7 +9662,6 @@ VixToolsListMappedAliases(VixCommandRequestHeader *requestMsg, // IN + char *endDestPtr; + char *tmpBuf = NULL; + char *tmpBuf2 = NULL; +- char *recordBuf; + char *escapedStr = NULL; + char *escapedStr2 = NULL; + size_t recordSize; +@@ -9712,6 +9714,8 @@ VixToolsListMappedAliases(VixCommandRequestHeader *requestMsg, // IN + destPtr += Str_Sprintf(destPtr, endDestPtr - destPtr, "%s", + VIX_XML_ESCAPED_TAG); + for (i = 0; i < num; i++) { ++ char *recordBuf = NULL; ++ + escapedStr = VixToolsEscapeXMLString(maList[i].pemCert); + if (escapedStr == NULL) { + err = VIX_E_OUT_OF_MEMORY; +@@ -9780,6 +9784,8 @@ VixToolsListMappedAliases(VixCommandRequestHeader *requestMsg, // IN + Log("%s: ListMapped results too large, truncating", __FUNCTION__); + goto abort; + } ++ free(recordBuf); ++ recordBuf = NULL; + } + + *result = resultBuffer; +-- +1.8.3.1 + diff --git a/SOURCES/ovt-Fix-memory-leaks-in-vix-tools.patch b/SOURCES/ovt-Fix-memory-leaks-in-vix-tools.patch new file mode 100644 index 0000000..3578e65 --- /dev/null +++ b/SOURCES/ovt-Fix-memory-leaks-in-vix-tools.patch @@ -0,0 +1,102 @@ +From 4e5eb0a6c6996229f4daf3c23398cf62b910637d Mon Sep 17 00:00:00 2001 +From: Cathy Avery +Date: Fri, 15 Nov 2019 14:49:06 +0100 +Subject: [PATCH 1/3] Fix memory leaks in 'vix' tools + +RH-Author: Cathy Avery +Message-id: <20191115144908.7669-2-cavery@redhat.com> +Patchwork-id: 92388 +O-Subject: [RHEL7.7.z open-vm-tools PATCH 1/3] Fix memory leaks in 'vix' tools plugin. +Bugzilla: 1772825 +RH-Acked-by: Vitaly Kuznetsov +RH-Acked-by: Eduardo Otubo + +commit 015db4c06a8be65eb96cf62421e8b5366993452f +Author: Oliver Kurth +Date: Wed Aug 29 13:29:45 2018 -0700 + + Fix memory leaks in 'vix' tools plugin. + + * vix plugin retrieves the power script file paths from the + config file but doesn't free them and this causes a memory leak. + Fixed the code to free the filepaths. + + * In GuestAuthPasswordAuthenticateImpersonate function, the VGAuth + handle is not freed when the impersonation fails. Fixed the + code to call VGAuth_UserHandleFree in the error path. + + Note: I executed one guest operation with wrong credentials. + Every failure leaks 75 bytes of memory. (in Centos 64-bit VM) + + * Fixed another minor issue in the code. At couple of places in + the code, replaced 'err' with 'vgErr' for storing the return value + of VGAuth_UserHandleAccessToken. + +Signed-off-by: Cathy Avery +Signed-off-by: Miroslav Rezanina +--- + services/plugins/vix/vixTools.c | 20 ++++++++++++++------ + 1 file changed, 14 insertions(+), 6 deletions(-) + +diff --git a/services/plugins/vix/vixTools.c b/services/plugins/vix/vixTools.c +index 7997fee..7ed9f43 100644 +--- a/services/plugins/vix/vixTools.c ++++ b/services/plugins/vix/vixTools.c +@@ -2438,10 +2438,10 @@ VixTools_GetToolsPropertiesImpl(GKeyFile *confDictRef, // IN + char *guestName; + int osFamily; + char *packageList = NULL; +- const char *powerOffScript = NULL; +- const char *powerOnScript = NULL; +- const char *resumeScript = NULL; +- const char *suspendScript = NULL; ++ char *powerOffScript = NULL; ++ char *powerOnScript = NULL; ++ char *resumeScript = NULL; ++ char *suspendScript = NULL; + char *osName = NULL; + char *osNameFull = NULL; + Bool foundHostName; +@@ -2642,6 +2642,10 @@ abort: + free(tempDir); + free(osName); + free(osNameFull); ++ free(suspendScript); ++ free(resumeScript); ++ free(powerOnScript); ++ free(powerOffScript); + #else + /* + * FreeBSD. We do not require all the properties above. +@@ -11425,7 +11429,7 @@ GuestAuthPasswordAuthenticateImpersonate( + + #ifdef _WIN32 + // this is making a copy of the token, be sure to close it +- err = VGAuth_UserHandleAccessToken(ctx, newHandle, userToken); ++ vgErr = VGAuth_UserHandleAccessToken(ctx, newHandle, userToken); + if (VGAUTH_FAILED(vgErr)) { + err = VixToolsTranslateVGAuthError(vgErr); + goto done; +@@ -11441,6 +11445,10 @@ done: + free(username); + Util_ZeroFreeString(password); + ++ if (VIX_OK != err) { ++ VGAuth_UserHandleFree(newHandle); ++ newHandle = NULL; ++ } + return err; + #else + return VIX_E_NOT_SUPPORTED; +@@ -11571,7 +11579,7 @@ impersonate: + + #ifdef _WIN32 + // this is making a copy of the token, be sure to close it +- err = VGAuth_UserHandleAccessToken(ctx, newHandle, userToken); ++ vgErr = VGAuth_UserHandleAccessToken(ctx, newHandle, userToken); + if (VGAUTH_FAILED(vgErr)) { + err = VixToolsTranslateVGAuthError(vgErr); + goto done; +-- +1.8.3.1 + diff --git a/SPECS/open-vm-tools.spec b/SPECS/open-vm-tools.spec index 73fb75e..4d60b0a 100644 --- a/SPECS/open-vm-tools.spec +++ b/SPECS/open-vm-tools.spec @@ -28,7 +28,7 @@ Name: open-vm-tools Version: %{toolsversion} -Release: 2%{?dist} +Release: 2%{?dist}.1 Summary: Open Virtual Machine Tools for virtual machines hosted on VMware Group: Applications/System License: GPLv2 @@ -37,12 +37,18 @@ Source0: https://github.com/vmware/%{name}/releases/download/stable-%{v Source1: %{toolsdaemon}-init.service Source2: %{toolsdaemon}.service Source3: %{vgauthdaemon}.service -ExclusiveArch: x86_64 %{ix86} +ExclusiveArch: x86_64 Patch0002: 0002-Update-cloud-init-handling.patch Patch0003: 0003-hgfsPlugin-crash-fix.patch # For bz#1678576 - [ESXi][RHEL7.6] Several files lost Full RELRO Patch4: ovt-Fix-RELRO-flag.patch +# For bz#1772825 - [ESXi][RHEL7.7.z]Need to backport some severe memory leak fixes from upstream [rhel-7.7.z] +Patch5: ovt-Fix-memory-leaks-in-vix-tools.patch +# For bz#1772825 - [ESXi][RHEL7.7.z]Need to backport some severe memory leak fixes from upstream [rhel-7.7.z] +Patch6: ovt-End-VGAuth-impersonation-in-the.patch +# For bz#1772825 - [ESXi][RHEL7.7.z]Need to backport some severe memory leak fixes from upstream [rhel-7.7.z] +Patch7: ovt-Fix-leaks-in-ListAliases-and.patch BuildRequires: autoconf BuildRequires: automake @@ -141,6 +147,9 @@ machines. %patch0002 -p1 %patch0003 -p1 %patch4 -p1 +%patch5 -p1 +%patch6 -p1 +%patch7 -p1 %build # Required for regenerating configure script when @@ -329,6 +338,13 @@ fi %{_bindir}/vmware-vgauth-smoketest %changelog +* Tue Dec 03 2019 Miroslav Rezanina - 10.3.0-2.el7_7.1 +- ovt-Fix-memory-leaks-in-vix-tools.patch [bz#1772825] +- ovt-End-VGAuth-impersonation-in-the.patch [bz#1772825] +- ovt-Fix-leaks-in-ListAliases-and.patch [bz#1772825] +- Resolves: bz#1772825 + ([ESXi][RHEL7.7.z]Need to backport some severe memory leak fixes from upstream [rhel-7.7.z]) + * Wed Mar 13 2019 Miroslav Rezanina - 10.3.0-2.el7 - ovt-Enable-cloud-init-by-default-to-change-the-systemd-u.patch [bz#1662278] - ovt-Fix-RELRO-flag.patch [bz#1678576]