[AUTO-CHERRYPICK] [Medium] Patch mdadm to fix CVE-2023-28736 - branch main (#12415)

CBL-Mariner-Bot · archana25-ms · web-flow · commit 9a022ec1524d · 2025-02-25T11:35:11.000-05:00
Co-authored-by: Archana Shettigar &lt;v-shettigara@microsoft.com&gt;
diff --git a/SPECS/mdadm/CVE-2023-28736.patch b/SPECS/mdadm/CVE-2023-28736.patch
@@ -0,0 +1,67 @@
+From 409bfe7900dbc793448aab312aa540e97e8ba2e3 Mon Sep 17 00:00:00 2001
+From: archana25-ms <v-shettigara@microsoft.com>
+Date: Tue, 11 Feb 2025 18:22:47 +0000
+Subject: [PATCH] Address CVE-2023-28736
+
+Source link: https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/commit/?id=ced5fa8b170ad448f4076e24a10c731b5cfb36ce
+
+---
+ mdadm.8.in | 5 +++++
+ mdadm.c    | 9 ++++++++-
+ mdadm.h    | 5 +++++
+ 3 files changed, 18 insertions(+), 1 deletion(-)
+
+diff --git a/mdadm.8.in b/mdadm.8.in
+index 9aec9f4..58614fd 100644
+--- a/mdadm.8.in
++++ b/mdadm.8.in
+@@ -2129,6 +2129,11 @@ is run, but will be created by
+ .I udev
+ once the array becomes active.
+ 
++The max length md-device name is limited to 32 characters.
++Different metadata types have more strict limitation
++(like IMSM where only 16 characters are allowed).
++For that reason, long name could be truncated or rejected, it depends on metadata policy.
++
+ As devices are added, they are checked to see if they contain RAID
+ superblocks or filesystems.  They are also checked to see if the variance in
+ device size exceeds 1%.
+diff --git a/mdadm.c b/mdadm.c
+index 25a1abd..cb45b59 100644
+--- a/mdadm.c
++++ b/mdadm.c
+@@ -1354,9 +1354,16 @@ int main(int argc, char *argv[])
+ 			mdfd = open_mddev(devlist->devname, 1);
+ 			if (mdfd < 0)
+ 				exit(1);
+-		} else
++		} else {
++			char *bname = basename(devlist->devname);
++
++			if (strlen(bname) > MD_NAME_MAX) {
++				pr_err("Name %s is too long.\n", devlist->devname);
++				exit(1);
++			}
+ 			/* non-existent device is OK */
+ 			mdfd = open_mddev(devlist->devname, 0);
++		}
+ 		if (mdfd == -2) {
+ 			pr_err("device %s exists but is not an md array.\n", devlist->devname);
+ 			exit(1);
+diff --git a/mdadm.h b/mdadm.h
+index 387e681..e25d8a2 100644
+--- a/mdadm.h
++++ b/mdadm.h
+@@ -1793,3 +1793,8 @@ char *xstrdup(const char *str);
+ #define INVALID_SECTORS 1
+ /* And another special number needed for --data_offset=variable */
+ #define VARIABLE_OFFSET 3
++
++/**
++ * This is true for native and DDF, IMSM allows 16.
++ */
++#define MD_NAME_MAX 32
+-- 
+2.45.2
+
diff --git a/SPECS/mdadm/mdadm.spec b/SPECS/mdadm/mdadm.spec
@@ -3,7 +3,7 @@
 Summary:        The mdadm program controls Linux md devices (software RAID arrays)
 Name:           mdadm
 Version:        4.1
-Release:        9%{?dist}
+Release:        10%{?dist}
 License:        GPLv2+
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
@@ -22,6 +22,7 @@ Patch00:        https://sources.debian.org/data/main/m/mdadm/4.1-2/debian/patche
 # Fedora customization patches, keeping in Mariner for now.
 Patch97:        mdadm-3.3-udev.patch
 Patch98:        mdadm-2.5.2-static.patch
+Patch99:	CVE-2023-28736.patch
 
 BuildRequires:  binutils-devel
 BuildRequires:  gcc
@@ -99,6 +100,9 @@ install -m644 %{SOURCE6} %{buildroot}%{_sysconfdir}/libreport/events.d
 %endif
 
 %changelog
+* Tue Feb 12 2025 Archana Shettigar <v-shettigara@microsoft.com> - 4.1-10
+- Patch CVE-2023-28736
+
 * Wed Sep 20 2023 Jon Slobodzian <joslobo@microsoft.com> - 4.1-9
 - Recompile with stack-protection fixed gcc version (CVE-2023-4039)
 
