From c42a2583f09d18d04327c15235ae5e7d7ab19eb0 Mon Sep 17 00:00:00 2001 From: Michael Friedrich Date: Fri, 2 Aug 2019 13:22:36 +0200 Subject: [PATCH] Cluster sync: Only sync valid UTF8 content (text config, no binaries) - *.conf files are sanitized automatically. - Other files detect sanitizing and treat that as unsupported type refs #7382 --- lib/remote/apilistener-filesync.cpp | 23 ++++++++++++++++++++--- 1 file changed, 20 insertions(+), 3 deletions(-) diff --git a/lib/remote/apilistener-filesync.cpp b/lib/remote/apilistener-filesync.cpp index 79fa55b55..4aa381c43 100644 --- a/lib/remote/apilistener-filesync.cpp +++ b/lib/remote/apilistener-filesync.cpp @@ -794,12 +794,29 @@ void ApiListener::ConfigGlobHandler(ConfigDirInformation& config, const String& * * **Keep this intact to stay compatible with older clients.** */ - if (Utility::Match("*.conf", file)) + String sanitizedContent = Utility::ValidateUTF8(content); + + if (Utility::Match("*.conf", file)) { update = config.UpdateV1; - else + + // Configuration files should be automatically sanitized with UTF8. + update->Set(relativePath, sanitizedContent); + } else { update = config.UpdateV2; - update->Set(relativePath, content); + /* + * Ensure that only valid UTF8 content is being read for the cluster config sync. + * Binary files are not supported when wrapped into JSON encoded messages. + * Rationale: https://github.com/Icinga/icinga2/issues/7382 + */ + if (content != sanitizedContent) { + Log(LogCritical, "ApiListener") + << "Ignoring file '" << file << "' for cluster config sync: Does not contain valid UTF8. Binary files are not supported."; + return; + } + + update->Set(relativePath, content); + } /* Calculate a checksum for each file (and a global one later). *