diff options
author | Thomas Gerbet <thomas@gerbet.me> | 2024-04-20 00:02:40 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2024-04-20 00:02:40 +0200 |
commit | bc194f70731cc5d2b046a6c1b3b15f170f05999c (patch) | |
tree | f0682fcd74b6547997b0a93d9d7d1047ef695b3f /pkgs/servers | |
parent | 98b33de2f8c36f5238130a8ea003e3a7ba6b970a (diff) | |
parent | 905123fc60605351beeff89141d442c41e7e2948 (diff) |
Merge pull request #304371 from risicle/ris-qdrant-CVE-2024-3078-r23.11
[23.11] qdrant: add patch for CVE-2024-3078
Diffstat (limited to 'pkgs/servers')
-rw-r--r-- | pkgs/servers/search/qdrant/1.6.1-CVE-2024-3078.patch | 141 | ||||
-rw-r--r-- | pkgs/servers/search/qdrant/default.nix | 4 |
2 files changed, 145 insertions, 0 deletions
diff --git a/pkgs/servers/search/qdrant/1.6.1-CVE-2024-3078.patch b/pkgs/servers/search/qdrant/1.6.1-CVE-2024-3078.patch new file mode 100644 index 0000000000000..a0f05539c2904 --- /dev/null +++ b/pkgs/servers/search/qdrant/1.6.1-CVE-2024-3078.patch @@ -0,0 +1,141 @@ +Based on upstream 3ab5172e9c8f14fa1f7b24e7147eac74e2412b62 with minor +adjustments to apply to 1.6.1 + +diff --git a/lib/collection/src/collection/snapshots.rs b/lib/collection/src/collection/snapshots.rs +index 76c8ba98..193261de 100644 +--- a/lib/collection/src/collection/snapshots.rs ++++ b/lib/collection/src/collection/snapshots.rs +@@ -193,35 +193,35 @@ impl Collection { + .await + } + ++ /// Get full file path for a collection snapshot by name ++ /// ++ /// This enforces the file to be inside the snapshots directory + pub async fn get_snapshot_path(&self, snapshot_name: &str) -> CollectionResult<PathBuf> { +- let snapshot_path = self.snapshots_path.join(snapshot_name); +- +- let absolute_snapshot_path = +- snapshot_path +- .canonicalize() +- .map_err(|_| CollectionError::NotFound { +- what: format!("Snapshot {snapshot_name}"), +- })?; ++ let absolute_snapshot_dir = self.snapshots_path.canonicalize().map_err(|_| { ++ CollectionError::not_found(format!( ++ "Snapshot directory: {}", ++ self.snapshots_path.display() ++ )) ++ })?; + +- let absolute_snapshot_dir = +- self.snapshots_path +- .canonicalize() +- .map_err(|_| CollectionError::NotFound { +- what: format!("Snapshot directory: {}", self.snapshots_path.display()), +- })?; ++ let absolute_snapshot_path = absolute_snapshot_dir ++ .join(snapshot_name) ++ .canonicalize() ++ .map_err(|_| CollectionError::not_found(format!("Snapshot {snapshot_name}")))?; + + if !absolute_snapshot_path.starts_with(absolute_snapshot_dir) { +- return Err(CollectionError::NotFound { +- what: format!("Snapshot {snapshot_name}"), +- }); ++ return Err(CollectionError::not_found(format!( ++ "Snapshot {snapshot_name}" ++ ))); + } + +- if !snapshot_path.exists() { +- return Err(CollectionError::NotFound { +- what: format!("Snapshot {snapshot_name}"), +- }); ++ if !absolute_snapshot_path.exists() { ++ return Err(CollectionError::not_found(format!( ++ "Snapshot {snapshot_name}" ++ ))); + } +- Ok(snapshot_path) ++ ++ Ok(absolute_snapshot_path) + } + + pub async fn list_shard_snapshots( +diff --git a/lib/collection/src/operations/types.rs b/lib/collection/src/operations/types.rs +index 9846e713..112f9b6a 100644 +--- a/lib/collection/src/operations/types.rs ++++ b/lib/collection/src/operations/types.rs +@@ -638,6 +638,10 @@ impl CollectionError { + CollectionError::BadInput { description } + } + ++ pub fn not_found(what: impl Into<String>) -> CollectionError { ++ CollectionError::NotFound { what: what.into() } ++ } ++ + pub fn bad_request(description: String) -> CollectionError { + CollectionError::BadRequest { description } + } +diff --git a/lib/storage/src/content_manager/errors.rs b/lib/storage/src/content_manager/errors.rs +index 2d2a224e..3258ce7b 100644 +--- a/lib/storage/src/content_manager/errors.rs ++++ b/lib/storage/src/content_manager/errors.rs +@@ -46,6 +46,12 @@ impl StorageError { + } + } + ++ pub fn not_found(description: impl Into<String>) -> StorageError { ++ StorageError::NotFound { ++ description: description.into(), ++ } ++ } ++ + /// Used to override the `description` field of the resulting `StorageError` + pub fn from_inconsistent_shard_failure( + err: CollectionError, +diff --git a/lib/storage/src/content_manager/snapshots/mod.rs b/lib/storage/src/content_manager/snapshots/mod.rs +index 8a417377..9965006a 100644 +--- a/lib/storage/src/content_manager/snapshots/mod.rs ++++ b/lib/storage/src/content_manager/snapshots/mod.rs +@@ -24,17 +24,33 @@ pub struct SnapshotConfig { + pub collections_aliases: HashMap<String, String>, + } + ++/// Get full file path for a full snapshot by name ++/// ++/// This enforces the file to be inside the snapshots directory + pub async fn get_full_snapshot_path( + toc: &TableOfContent, + snapshot_name: &str, + ) -> Result<PathBuf, StorageError> { +- let snapshot_path = Path::new(toc.snapshots_path()).join(snapshot_name); +- if !snapshot_path.exists() { +- return Err(StorageError::NotFound { +- description: format!("Full storage snapshot {snapshot_name} not found"), +- }); ++ let snapshots_path = toc.snapshots_path(); ++ ++ let absolute_snapshot_dir = Path::new(snapshots_path) ++ .canonicalize() ++ .map_err(|_| StorageError::not_found(format!("Snapshot directory: {snapshots_path}")))?; ++ ++ let absolute_snapshot_path = absolute_snapshot_dir ++ .join(snapshot_name) ++ .canonicalize() ++ .map_err(|_| StorageError::not_found(format!("Snapshot {snapshot_name}")))?; ++ ++ if !absolute_snapshot_path.starts_with(absolute_snapshot_dir) { ++ return Err(StorageError::not_found(format!("Snapshot {snapshot_name}"))); + } +- Ok(snapshot_path) ++ ++ if !absolute_snapshot_path.exists() { ++ return Err(StorageError::not_found(format!("Snapshot {snapshot_name}"))); ++ } ++ ++ Ok(absolute_snapshot_path) + } + + pub async fn do_delete_full_snapshot( diff --git a/pkgs/servers/search/qdrant/default.nix b/pkgs/servers/search/qdrant/default.nix index a3aee4fc59360..3dd3b6227b684 100644 --- a/pkgs/servers/search/qdrant/default.nix +++ b/pkgs/servers/search/qdrant/default.nix @@ -21,6 +21,10 @@ rustPlatform.buildRustPackage rec { sha256 = "sha256-G9nA0F3KKl6mLgcpuMW1uikOyBcBsJ1qd2IlMhW4vhg="; }; + patches = [ + ./1.6.1-CVE-2024-3078.patch + ]; + cargoLock = { lockFile = ./Cargo.lock; outputHashes = { |