Bug 1551663 - Pcs should check for non-valid characters in corosync.conf keynames
Summary: Pcs should check for non-valid characters in corosync.conf keynames
Keywords:
Status: ON_QA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: pcs
Version: 7.5
Hardware: Unspecified
OS: Unspecified
high
unspecified
Target Milestone: rc
: ---
Assignee: Tomas Jelinek
QA Contact: cluster-qe@redhat.com
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-03-05 16:23 UTC by Radek Steiger
Modified: 2019-08-09 05:41 UTC (History)
8 users (show)

Fixed In Version: pcs-0.9.168-1.el7
Doc Type: Bug Fix
Doc Text:
Cause: User puts special characters into heuristics name when configuring quorum device. Consequence: The heuristics are ignored by corosync / qdevice. Fix: Make pcs report an error when special characters are used. Result: Pcs does not allow to set up heuristics in a way they are ignored by corosync / qdevice.
Clone Of: 1515193
: 1679197 (view as bug list)
Environment:
Last Closed:


Attachments (Terms of Use)
proposed fix (7.99 KB, patch)
2019-05-17 11:40 UTC, Tomas Jelinek
no flags Details | Diff


Links
System ID Priority Status Summary Last Updated
Red Hat Bugzilla 1515193 None NEW pcs should not allow {}\n\r characters in corosync.conf values 2019-10-14 12:37:32 UTC

Internal Links: 1515193

Description Radek Steiger 2018-03-05 16:23:52 UTC
> Corosync parser only allows a limited subset of characters to be used as option keys  in corosync.conf. In situations where the key is generated from user-specified input such values are never parsed into CMAP:

[root@virt-144 ~]# pcs quorum device add model net host="virt-139.cluster-qe.lab.eng.brq.redhat.com" algorithm="lms" heuristics mode="on" exec_čivava="/usr/bin/ping -c 1 127.0.0.1"
Setting up qdevice certificates on nodes...
virt-143: Succeeded
virt-144: Succeeded
virt-145: Succeeded
virt-146: Succeeded
Enabling corosync-qdevice...
virt-143: not enabling corosync-qdevice: corosync is not enabled
virt-145: not enabling corosync-qdevice: corosync is not enabled
virt-146: not enabling corosync-qdevice: corosync is not enabled
virt-144: not enabling corosync-qdevice: corosync is not enabled
Sending updated corosync.conf to nodes...
virt-143: Succeeded
virt-144: Succeeded
virt-146: Succeeded
virt-145: Succeeded
Corosync configuration reloaded
Starting corosync-qdevice...
virt-143: corosync-qdevice started
virt-145: corosync-qdevice started
virt-146: corosync-qdevice started
virt-144: corosync-qdevice started
[root@virt-144 ~]# echo $?
0

[root@virt-144 ~]# grep čivava /etc/corosync/corosync.conf
            exec_čivava: /usr/bin/ping -c 1 127.0.0.1

[root@virt-144 ~]# corosync-cmapctl |grep exec
[root@virt-144 ~]#



> Pcs should be able to validate the input in such cases. The valid characters are specified in icmap.c as (where ':' and '.' are reserved):

static int icmap_is_valid_name_char(char c)
{
  return ((c >= 'a' && c <= 'z') ||
    (c >= 'A' && c <= 'Z') ||
    (c >= '0' && c <= '9') ||
    c == '.' || c == '_' || c == '-' || c == '/' || c == ':');
}

Comment 1 Tomas Jelinek 2019-05-17 11:40:31 UTC
Created attachment 1570051 [details]
proposed fix

Test according to comment 0.

Comment 3 Ivan Devat 2019-08-05 11:16:45 UTC
After Fix:

[kid76 ~] $ rpm -q pcs
pcs-0.9.168-1.el7.x86_64

[kid76 ~] $ pcs quorum device add model net host="virt-139.cluster-qe.lab.eng.brq.redhat.com" algorithm="lms" heuristics mode="on" exec_čivava="/usr/bin/ping -c 1 127.0.0.1"
Error: invalid heuristics option 'exec_čivava', exec_NAME may contain a-z A-Z 0-9 /_- characters only


Note You need to log in before you can comment on or make changes to this bug.