From: Apollon Oikonomopoulos
Subject: Fix CVE-2015-7945

Redact the DRBD secret from the disk logical ID in instance queries.

Last-Update: 2015-12-23
diff --git a/lib/cmdlib.py b/lib/cmdlib.py
index 2f31fe9..ee94f8f 100644
--- a/lib/cmdlib.py
+++ b/lib/cmdlib.py
@@ -10534,12 +10534,14 @@ class LUInstanceQueryData(NoHooksLU):
     """Compute block device status.
 
     """
+    output_logical_id = dev.logical_id
     if dev.dev_type in constants.LDS_DRBD:
       # we change the snode then (otherwise we use the one passed in)
       if dev.logical_id[0] == instance.primary_node:
         snode = dev.logical_id[1]
       else:
         snode = dev.logical_id[0]
+      output_logical_id = dev.logical_id[:-1] + (None,)
 
     dev_pstatus = self._ComputeBlockdevStatus(instance.primary_node,
                                               instance.name, dev)
@@ -10555,7 +10557,7 @@ class LUInstanceQueryData(NoHooksLU):
     return {
       "iv_name": dev.iv_name,
       "dev_type": dev.dev_type,
-      "logical_id": dev.logical_id,
+      "logical_id": output_logical_id,
       "physical_id": dev.physical_id,
       "pstatus": dev_pstatus,
       "sstatus": dev_sstatus,

commit b9bdb64348174f93206cda7e91d4e124065e9827
Author: Apollon Oikonomopoulos <apoikos@gmail.com>
Date:   Thu Jan 14 11:17:49 2016 +0200

    Do not attempt to use the DRBD secret in info queries

diff --git a/lib/client/gnt_instance.py b/lib/client/gnt_instance.py
index 457a7c8..632036f 100644
--- a/lib/client/gnt_instance.py
+++ b/lib/client/gnt_instance.py
@@ -978,7 +978,6 @@ def _FormatLogicalID(dev_type, logical_id, roman):
       ("nodeB", "%s, minor=%s" % (node_b, compat.TryToRoman(minor_b,
                                                             convert=roman))),
       ("port", compat.TryToRoman(port, convert=roman)),
-      ("auth key", key),
       ]
   elif dev_type == constants.LD_LV:
     vg_name, lv_name = logical_id
