packages/protobuf-c
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix unsigned integer overflow

Browse Source 
Signed-off-by: mengwenhua <mengwenhua@xfusion.com>
This commit is contained in:
mengwenhua 2023-01-05 19:33:10 +08:00
parent 38d19fec0a
commit a2601a3b00
3 changed files with 73 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
backport-0001-Fix-issue-499-unsigned-integer-overflow.patch Normal file
View File

@ -0,0 +1,35 @@
From 289f5c18b195aa43d46a619d1188709abbfa9c82 Mon Sep 17 00:00:00 2001
From: 10054172 <hui.zhang@thalesgroup.com>
Date: Fri, 18 Mar 2022 12:42:57 -0400
Subject: [PATCH 1/2] Fix issue #499: unsigned integer overflow
Signed-off-by: 10054172 <hui.zhang@thalesgroup.com>
---
protobuf-c/protobuf-c.c | 11 +++++++----
1 file changed, 7 insertions(+), 4 deletions(-)
diff --git a/protobuf-c/protobuf-c.c b/protobuf-c/protobuf-c.c
index 98052cd..ec2d40a 100644
--- a/protobuf-c/protobuf-c.c
+++ b/protobuf-c/protobuf-c.c
@@ -2603,10 +2603,13 @@ parse_required_member(ScannedMember *scanned_member,
return FALSE;
def_mess = scanned_member->field->default_value;
- subm = protobuf_c_message_unpack(scanned_member->field->descriptor,
- allocator,
- len - pref_len,
- data + pref_len);
+ if (len > pref_len)
+ subm = protobuf_c_message_unpack(scanned_member->field->descriptor,
+ allocator,
+ len - pref_len,
+ data + pref_len);
+ else
+ subm = NULL;
if (maybe_clear &&
*pmessage != NULL &&
--
2.37.3.windows.1

28
backport-0002-Fix-regression-with-zero-length-messages-introduced-.patch Normal file
View File

@ -0,0 +1,28 @@
From 0d1fd124a4e0a07b524989f6e64410ff648fba61 Mon Sep 17 00:00:00 2001
From: "Todd C. Miller" <Todd.Miller@sudo.ws>
Date: Thu, 9 Jun 2022 07:34:55 -0600
Subject: [PATCH 2/2] Fix regression with zero-length messages introduced in
protobuf-c PR 500.
[edmonds: Import bugfix from
https://github.com/sudo-project/sudo/commit/b6a6451482a3ff5e30f43ef888159d4b0d39143b.patch.]
---
protobuf-c/protobuf-c.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/protobuf-c/protobuf-c.c b/protobuf-c/protobuf-c.c
index ec2d40a..448f3e8 100644
--- a/protobuf-c/protobuf-c.c
+++ b/protobuf-c/protobuf-c.c
@@ -2603,7 +2603,7 @@ parse_required_member(ScannedMember *scanned_member,
return FALSE;
def_mess = scanned_member->field->default_value;
- if (len > pref_len)
+ if (len >= pref_len)
subm = protobuf_c_message_unpack(scanned_member->field->descriptor,
allocator,
len - pref_len,
--
2.37.3.windows.1

11
protobuf-c.spec
View File

@ -1,6 +1,6 @@
Name: protobuf-c
Version: 1.4.0
Release: 3
Release: 4
Summary: This is protobuf-c, a C implementation of the Google Protocol Buffers data serialization format
License: BSD-2-Clause
URL: https://github.com/protobuf-c/protobuf-c
@ -11,6 +11,9 @@ BuildRequires: autoconf automake libtool gcc-c++ pkgconfig(protobuf)
Provides: %{name}-compiler = %{version}-%{release}
Obsoletes: %{name}-compiler < %{version}-%{release}
Patch6000: backport-0001-Fix-issue-499-unsigned-integer-overflow.patch
Patch6001: backport-0002-Fix-regression-with-zero-length-messages-introduced-.patch
%description
This is protobuf-c, a C implementation of the Google Protocol Buffers data serialization format.
@ -50,6 +53,12 @@ make check
%{_libdir}/{libprotobuf-c.so,pkgconfig/libprotobuf-c.pc}
%changelog
* Sat Jan 7 2023 mengwenhua<mengwenhua@xfusion.com> - 1.4.0-4
- Type:bugfix
- CVE:NA
- SUG:NA
- DESC:fix unsigned integer overflow
* Mon Jul 4 2022 dengyuyu <yuyu.deng@epro.com.cn> - 1.4.0-3
- fix CVE-2022-33070