Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 1679197 - Pcs should check for non-valid characters in corosync.conf keynames
Summary: Pcs should check for non-valid characters in corosync.conf keynames
Keywords:
Status: NEW
Alias: None
Product: Red Hat Enterprise Linux 8
Classification: Red Hat
Component: pcs
Version: 8.0
Hardware: Unspecified
OS: Unspecified
high
unspecified
Target Milestone: rc
: ---
Assignee: Tomas Jelinek
QA Contact: cluster-qe@redhat.com
URL:
Whiteboard:
Depends On: 1682129
Blocks:
TreeView+ depends on / blocked
 
Reported: 2019-02-20 15:11 UTC by Tomas Jelinek
Modified: 2019-03-15 17:41 UTC (History)
9 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of: 1551663
Environment:
Last Closed:
Type: Bug
Target Upstream Version:


Attachments (Terms of Use)

Description Tomas Jelinek 2019-02-20 15:11:44 UTC
+++ This bug was initially created as a clone of Bug #1551663 +++

> Corosync parser only allows a limited subset of characters to be used as option keys  in corosync.conf. In situations where the key is generated from user-specified input such values are never parsed into CMAP:

[root@virt-144 ~]# pcs quorum device add model net host="virt-139.cluster-qe.lab.eng.brq.redhat.com" algorithm="lms" heuristics mode="on" exec_čivava="/usr/bin/ping -c 1 127.0.0.1"
Setting up qdevice certificates on nodes...
virt-143: Succeeded
virt-144: Succeeded
virt-145: Succeeded
virt-146: Succeeded
Enabling corosync-qdevice...
virt-143: not enabling corosync-qdevice: corosync is not enabled
virt-145: not enabling corosync-qdevice: corosync is not enabled
virt-146: not enabling corosync-qdevice: corosync is not enabled
virt-144: not enabling corosync-qdevice: corosync is not enabled
Sending updated corosync.conf to nodes...
virt-143: Succeeded
virt-144: Succeeded
virt-146: Succeeded
virt-145: Succeeded
Corosync configuration reloaded
Starting corosync-qdevice...
virt-143: corosync-qdevice started
virt-145: corosync-qdevice started
virt-146: corosync-qdevice started
virt-144: corosync-qdevice started
[root@virt-144 ~]# echo $?
0

[root@virt-144 ~]# grep čivava /etc/corosync/corosync.conf
            exec_čivava: /usr/bin/ping -c 1 127.0.0.1

[root@virt-144 ~]# corosync-cmapctl |grep exec
[root@virt-144 ~]#



> Pcs should be able to validate the input in such cases. The valid characters are specified in icmap.c as (where ':' and '.' are reserved):

static int icmap_is_valid_name_char(char c)
{
  return ((c >= 'a' && c <= 'z') ||
    (c >= 'A' && c <= 'Z') ||
    (c >= '0' && c <= '9') ||
    c == '.' || c == '_' || c == '-' || c == '/' || c == ':');
}


Note You need to log in before you can comment on or make changes to this bug.