Description: CVE-2022-3650: ceph-crash: fix stderr handling Popen.communicate() returns a tuple (stdout, stderr), and stderr will be of type bytes, hence the need to decode it before checking if it's an empty string or not. Author: Tim Serong Date: Wed, 2 Nov 2022 14:23:20 +1100 Bug: a77b47eeeb5770eeefcf4619ab2105ee7a6a003e Signed-off-by: Tim Serong Bug-Debian: https://bugs.debian.org/1024932 Origin: upstream, https://github.com/ceph/ceph/commit/45915540559126a652f8d9d105723584cfc63439 Last-Update: 2022-11-28 diff --git a/src/ceph-crash.in b/src/ceph-crash.in index 0fffd59a96df5..e2a7be59da701 100755 --- a/src/ceph-crash.in +++ b/src/ceph-crash.in @@ -50,7 +50,8 @@ def post_crash(path): stderr=subprocess.PIPE, ) f = open(os.path.join(path, 'meta'), 'rb') - stderr = pr.communicate(input=f.read()) + (_, stderr) = pr.communicate(input=f.read()) + stderr = stderr.decode() rc = pr.wait() f.close() if rc != 0 or stderr != "":