packages/etcd
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix CVE-2022-34038

Browse Source
This commit is contained in:
bwzhang 2024-04-19 11:22:54 +08:00
parent 63f55ec939
commit fe04da5523
2 changed files with 55 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
0007-fix-CVE-2022-34038.patch Normal file
View File

@ -0,0 +1,43 @@
From 10fdd367a2095806b025c1c54d30886369b3d586 Mon Sep 17 00:00:00 2001
From: bwzhang <zhangbowei@kylinos.cn>
Date: Fri, 19 Apr 2024 11:11:10 +0800
Subject: [PATCH] fix CVE-2022-34038
---
pkg/ioutil/pagewriter.go | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/pkg/ioutil/pagewriter.go b/pkg/ioutil/pagewriter.go
index cf9a8dc..4daaa9d 100644
--- a/pkg/ioutil/pagewriter.go
+++ b/pkg/ioutil/pagewriter.go
@@ -16,6 +16,7 @@ package ioutil
import (
"io"
+ "fmt"
)
var defaultBufferBytes = 128 * 1024
@@ -38,9 +39,18 @@ type PageWriter struct {
bufWatermarkBytes int
}
+// Assert will panic with a given formatted message if the given condition is false.
+func Assert(condition bool, msg string, v int) {
+ if !condition {
+ panic(fmt.Sprintf("assertion failed: "+msg, v))
+ }
+}
+
// NewPageWriter creates a new PageWriter. pageBytes is the number of bytes
// to write per page. pageOffset is the starting offset of io.Writer.
func NewPageWriter(w io.Writer, pageBytes, pageOffset int) *PageWriter {
+ // If pageBytes is 0 or less, it will trigger a panic directly
+ Assert(pageBytes > 0, "pageBytes %d is an invalid value, it must be greater than 0", pageBytes)
return &PageWriter{
w: w,
pageOffset: pageOffset,
--
2.20.1

16
etcd.spec
View File

@ -31,7 +31,7 @@ system.}
%global gosupfiles integration/fixtures/* etcdserver/api/v2http/testdata/* %global gosupfiles integration/fixtures/* etcdserver/api/v2http/testdata/*
Name: etcd Name: etcd
Release: 8 Release: 9
Summary: Distributed reliable key-value store for the most critical data of a distributed system Summary: Distributed reliable key-value store for the most critical data of a distributed system
# Upstream license specification: Apache-2.0 # Upstream license specification: Apache-2.0
@ -50,6 +50,7 @@ Patch3: 0003-etcd-Add-sw64-architecture.patch
Patch4: 0004-fix-CVE-2023-45288.patch Patch4: 0004-fix-CVE-2023-45288.patch
Patch5: 0005-fix-CVE-2022-41723.patch Patch5: 0005-fix-CVE-2022-41723.patch
Patch6: 0006-fix-CVE-2023-39325.patch Patch6: 0006-fix-CVE-2023-39325.patch
Patch7: 0007-fix-CVE-2022-34038.patch
BuildRequires: golang BuildRequires: golang
BuildRequires: python3-devel BuildRequires: python3-devel
@ -70,6 +71,7 @@ Requires(pre): shadow-utils
%patch4 -p1 %patch4 -p1
%patch5 -p1 %patch5 -p1
%patch6 -p1 %patch6 -p1
%patch7 -p1
%ifarch sw_64 %ifarch sw_64
%patch3 -p1 %patch3 -p1
%endif %endif
@ -158,19 +160,25 @@ getent passwd %{name} >/dev/null || useradd -r -g %{name} -d %{_sharedstatedir}/
%endif %endif
%changelog %changelog
* Wed Apr 17 2024 zhangbowei <zhangbowei@kylinos.cn> -3.4.14-8 * Fri Apr 19 2024 zhangbowei <zhangbowei@kylinos.cn> - 3.4.14-9
- Type:bugfix
- CVE:NA
- SUG:NA
- DESC: fix CVE-2022-34038
* Wed Apr 17 2024 zhangbowei <zhangbowei@kylinos.cn> - 3.4.14-8
- Type:bugfix - Type:bugfix
- CVE:NA - CVE:NA
- SUG:NA - SUG:NA
- DESC: fix CVE-2023-39325 - DESC: fix CVE-2023-39325
* Wed Apr 17 2024 zhangbowei <zhangbowei@kylinos.cn> -3.4.14-7 * Wed Apr 17 2024 zhangbowei <zhangbowei@kylinos.cn> - 3.4.14-7
- Type:bugfix - Type:bugfix
- CVE:NA - CVE:NA
- SUG:NA - SUG:NA
- DESC: fix CVE-2022-41723 - DESC: fix CVE-2022-41723
* Wed Apr 17 2024 zhangbowei <zhangbowei@kylinos.cn> -3.4.14-6 * Wed Apr 17 2024 zhangbowei <zhangbowei@kylinos.cn> - 3.4.14-6
- Type:bugfix - Type:bugfix
- CVE:NA - CVE:NA
- SUG:NA - SUG:NA