packages/netty3
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix CVE-2024-29025

Browse Source 
(cherry picked from commit 805b4d0e7ca5fa709bf8c37db5494f104ff14b0f)
This commit is contained in:
starlet-dx 2024-11-12 15:15:46 +08:00 committed by openeuler-sync-bot
parent 7e2a51f408
commit 1e7f10090a
2 changed files with 236 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

230
CVE-2024-29025.patch Normal file
View File

@ -0,0 +1,230 @@
Origin: https://build.opensuse.org/projects/openSUSE:Factory/packages/netty3/files/netty3-CVE-2024-29025.patch
--- a/src/main/java/org/jboss/netty/handler/codec/http/multipart/HttpPostMultipartRequestDecoder.java 2016-06-29 14:41:47.000000000 +0200
+++ b/src/main/java/org/jboss/netty/handler/codec/http/multipart/HttpPostMultipartRequestDecoder.java 2024-07-04 12:42:30.682137342 +0200
@@ -53,6 +53,16 @@
private final HttpRequest request;
/**
+ * The maximum number of fields allows by the form
+ */
+ private final int maxFields;
+
+ /**
+ * The maximum number of accumulated bytes when decoding a field
+ */
+ private final int maxBufferedBytes;
+
+ /**
* Default charset to use
*/
private Charset charset;
@@ -147,6 +157,23 @@
*/
public HttpPostMultipartRequestDecoder(HttpDataFactory factory, HttpRequest request,
Charset charset) throws ErrorDataDecoderException {
+ this(factory, request, charset, HttpPostRequestDecoder.DEFAULT_MAX_FIELDS, HttpPostRequestDecoder.DEFAULT_MAX_BUFFERED_BYTES);
+ }
+
+ /**
+ *
+ * @param factory the factory used to create InterfaceHttpData
+ * @param request the request to decode
+ * @param charset the charset to use as default
+ * @param maxFields
+ * the maximum number of fields the form can have, {@code -1} to disable
+ * @param maxBufferedBytes
+ * the maximum number of bytes the decoder can buffer when decoding a field, {@code -1} to disable
+ * @throws NullPointerException for request or charset or factory
+ * @throws ErrorDataDecoderException if the default charset was wrong when decoding or other errors
+ */
+ public HttpPostMultipartRequestDecoder(HttpDataFactory factory, HttpRequest request,
+ Charset charset, int maxFields, int maxBufferedBytes) throws ErrorDataDecoderException {
if (factory == null) {
throw new NullPointerException("factory");
}
@@ -159,6 +186,8 @@
this.request = request;
this.charset = charset;
this.factory = factory;
+ this.maxFields = maxFields;
+ this.maxBufferedBytes = maxBufferedBytes;
// Fill default values
setMultipart(this.request.headers().get(HttpHeaders.Names.CONTENT_TYPE));
if (!this.request.isChunked()) {
@@ -230,6 +259,9 @@
isLastChunk = true;
}
parseBody();
+ if (maxBufferedBytes > 0 && undecodedChunk != null && undecodedChunk.readableBytes() > maxBufferedBytes) {
+ throw new ErrorDataDecoderException();
+ }
}
public boolean hasNext() throws EndOfDataDecoderException {
@@ -268,10 +300,13 @@
/**
* Utility function to add a new decoded data
*/
- private void addHttpData(InterfaceHttpData data) {
+ private void addHttpData(InterfaceHttpData data) throws ErrorDataDecoderException {
if (data == null) {
return;
}
+ if (maxFields > 0 && bodyListHttpData.size() >= maxFields) {
+ throw new ErrorDataDecoderException();
+ }
List<InterfaceHttpData> datas = bodyMapHttpData.get(data.getName());
if (datas == null) {
datas = new ArrayList<InterfaceHttpData>(1);
--- a/src/main/java/org/jboss/netty/handler/codec/http/multipart/HttpPostRequestDecoder.java 2016-06-29 14:41:47.000000000 +0200
+++ b/src/main/java/org/jboss/netty/handler/codec/http/multipart/HttpPostRequestDecoder.java 2024-07-04 12:27:23.372964684 +0200
@@ -28,6 +28,11 @@
* This decoder will decode Body and can handle POST BODY (both multipart and standard).
*/
public class HttpPostRequestDecoder implements InterfaceHttpPostRequestDecoder {
+
+ static final int DEFAULT_MAX_FIELDS = 128;
+
+ static final int DEFAULT_MAX_BUFFERED_BYTES = 1024;
+
/**
* Does this request is a Multipart request
*/
@@ -58,6 +63,25 @@
/**
*
+ * @param request
+ * the request to decode
+ * @param maxFields
+ * the maximum number of fields the form can have, {@code -1} to disable
+ * @param maxBufferedBytes
+ * the maximum number of bytes the decoder can buffer when decoding a field, {@code -1} to disable
+ * @throws NullPointerException
+ * for request
+ * @throws ErrorDataDecoderException
+ * if the default charset was wrong when decoding or other
+ * errors
+ */
+ public HttpPostRequestDecoder(HttpRequest request, int maxFields, int maxBufferedBytes) throws ErrorDataDecoderException {
+ this(new DefaultHttpDataFactory(DefaultHttpDataFactory.MINSIZE), request, HttpConstants.DEFAULT_CHARSET,
+ maxFields, maxBufferedBytes);
+ }
+
+ /**
+ *
* @param factory the factory used to create InterfaceHttpData
* @param request the request to decode
* @param charset the charset to use as default
@@ -66,6 +90,23 @@
*/
public HttpPostRequestDecoder(HttpDataFactory factory, HttpRequest request,
Charset charset) throws ErrorDataDecoderException {
+ this(factory, request, charset, HttpPostRequestDecoder.DEFAULT_MAX_FIELDS,
+ HttpPostRequestDecoder.DEFAULT_MAX_BUFFERED_BYTES);
+ }
+
+ /**
+ *
+ * @param factory the factory used to create InterfaceHttpData
+ * @param request the request to decode
+ * @param charset the charset to use as default
+ * @param maxFields the maximum number of fields the form can have, {@code -1} to disable
+ * @param maxBufferedBytes
+ * the maximum number of bytes the decoder can buffer when decoding a field, {@code -1} to disable
+ * @throws NullPointerException for request or charset or factory
+ * @throws ErrorDataDecoderException if the default charset was wrong when decoding or other errors
+ */
+ public HttpPostRequestDecoder(HttpDataFactory factory, HttpRequest request, Charset charset,
+ int maxFields, int maxBufferedBytes) throws ErrorDataDecoderException {
if (factory == null) {
throw new NullPointerException("factory");
}
@@ -77,9 +118,9 @@
}
// Fill default values
if (isMultipart(request)) {
- decoder = new HttpPostMultipartRequestDecoder(factory, request, charset);
+ decoder = new HttpPostMultipartRequestDecoder(factory, request, charset, maxFields, maxBufferedBytes);
} else {
- decoder = new HttpPostStandardRequestDecoder(factory, request, charset);
+ decoder = new HttpPostStandardRequestDecoder(factory, request, charset, maxFields, maxBufferedBytes);
}
}
--- a/src/main/java/org/jboss/netty/handler/codec/http/multipart/HttpPostStandardRequestDecoder.java 2016-06-29 14:41:47.000000000 +0200
+++ b/src/main/java/org/jboss/netty/handler/codec/http/multipart/HttpPostStandardRequestDecoder.java 2024-07-04 12:39:27.134939191 +0200
@@ -57,6 +57,16 @@
private final Charset charset;
/**
+ * The maximum number of fields allows by the form
+ */
+ private final int maxFields;
+
+ /**
+ * The maximum number of accumulated bytes when decoding a field
+ */
+ private final int maxBufferedBytes;
+
+ /**
* Does the last chunk already received
*/
private boolean isLastChunk;
@@ -125,6 +135,21 @@
*/
public HttpPostStandardRequestDecoder(HttpDataFactory factory, HttpRequest request,
Charset charset) throws ErrorDataDecoderException {
+ this(factory, request, charset, HttpPostRequestDecoder.DEFAULT_MAX_FIELDS, HttpPostRequestDecoder.DEFAULT_MAX_BUFFERED_BYTES);
+ }
+
+ /**
+ *
+ * @param factory the factory used to create InterfaceHttpData
+ * @param request the request to decode
+ * @param charset the charset to use as default
+ * @param maxFields the maximum number of fields the form can have, {@code -1} to disable
+ * @param maxBufferedBytes the maximum number of bytes the decoder can buffer when decoding a field, {@code -1} to disable
+ * @throws NullPointerException for request or charset or factory
+ * @throws ErrorDataDecoderException if the default charset was wrong when decoding or other errors
+ */
+ public HttpPostStandardRequestDecoder(HttpDataFactory factory, HttpRequest request,
+ Charset charset, int maxFields, int maxBufferedBytes) throws ErrorDataDecoderException {
if (factory == null) {
throw new NullPointerException("factory");
}
@@ -137,6 +162,8 @@
this.request = request;
this.charset = charset;
this.factory = factory;
+ this.maxFields = maxFields;
+ this.maxBufferedBytes = maxBufferedBytes;
if (!this.request.isChunked()) {
undecodedChunk = this.request.getContent();
isLastChunk = true;
@@ -190,6 +217,9 @@
isLastChunk = true;
}
parseBody();
+ if (maxBufferedBytes > 0 && undecodedChunk != null && undecodedChunk.readableBytes() > maxBufferedBytes) {
+ throw new ErrorDataDecoderException();
+ }
}
public boolean hasNext() throws EndOfDataDecoderException {
@@ -228,10 +258,13 @@
/**
* Utility function to add a new decoded data
*/
- private void addHttpData(InterfaceHttpData data) {
+ private void addHttpData(InterfaceHttpData data) throws ErrorDataDecoderException {
if (data == null) {
return;
}
+ if (maxFields > 0 && bodyListHttpData.size() >= maxFields) {
+ throw new ErrorDataDecoderException();
+ }
List<InterfaceHttpData> datas = bodyMapHttpData.get(data.getName());
if (datas == null) {
datas = new ArrayList<InterfaceHttpData>(1);

7
netty3.spec
View File

@ -5,7 +5,7 @@
Name: netty3
Version: 3.10.6
Release: 8
Release: 9
Summary: An asynchronous event-driven network application framework and tools for Java
License: ASL 2.0 and BSD and CC0
URL: http://netty.io/
@ -17,6 +17,8 @@ Patch2: CVE-2019-16869.patch
Patch3: CVE-2019-20444.patch
Patch4: CVE-2019-20445-1.patch
Patch5: CVE-2019-20445-2.patch
# Origin: https://build.opensuse.org/projects/openSUSE:Factory/packages/netty3/files/netty3-CVE-2024-29025.patch
Patch6: CVE-2024-29025.patch
BuildRequires: maven-local
BuildRequires: mvn(org.sonatype.oss:oss-parent:pom:)
@ -119,6 +121,9 @@ rm -v %{netty_handler_dir}/ssl/JettyNpnSslEngine.java
%changelog
* Tue Nov 12 2024 yaoxin <yao_xin001@hoperun.com> - 3.10.6-9
- Fix CVE-2024-29025
* Wed Aug 28 2024 wangkai <13474090681@163.com> - 3.10.6-8
- Fix CVE-2019-16869,CVE-2019-20444,CVE-2019-20445