fix CVE-2022-33070

2022-07-26 10:17:57 +08:00 · 2022-07-26 10:17:57 +08:00 · a7d4939ac5
commit a7d4939ac5
parent 86c2b8e0a0
2 changed files with 80 additions and 2 deletions
--- a/CVE-2022-33070.patch
+++ b/CVE-2022-33070.patch
@ -0,0 +1,73 @@
+diff -Naru "protobuf-c-1.4.0 copy/protobuf-c/protobuf-c.c" protobuf-c-1.4.0/protobuf-c/protobuf-c.c
+--- "protobuf-c-1.4.0 copy/protobuf-c/protobuf-c.c"	2022-07-04 11:35:58.920205000 +0800
+++ protobuf-c-1.4.0/protobuf-c/protobuf-c.c	2022-07-04 11:41:59.158278000 +0800
+@@ -316,9 +316,8 @@
+ static inline uint32_t
+ zigzag32(int32_t v)
+ {
+-	// Note:  the right-shift must be arithmetic
+-	// Note:  left shift must be unsigned because of overflow
+-	return ((uint32_t)(v) << 1) ^ (uint32_t)(v >> 31);
+	// Note:  Using unsigned types prevents undefined behavior
+	return ((uint32_t)v << 1) ^ -((uint32_t)v >> 31);
+ }
+ 
+ /**
+@@ -380,9 +379,8 @@
+ static inline uint64_t
+ zigzag64(int64_t v)
+ {
+-	// Note:  the right-shift must be arithmetic
+-	// Note:  left shift must be unsigned because of overflow
+-	return ((uint64_t)(v) << 1) ^ (uint64_t)(v >> 63);
+	// Note:  Using unsigned types prevents undefined behavior
+	return ((uint64_t)v << 1) ^ -((uint64_t)v >> 63);
+ }
+ 
+ /**
+@@ -802,7 +800,8 @@
+ }
+ 
+ /**
+- * Pack a signed 32-bit integer and return the number of bytes written.
+ * Pack a signed 32-bit integer and return the number of bytes written,
+ * passed as unsigned to avoid implementation-specific behavior.
+  * Negative numbers are encoded as two's complement 64-bit integers.
+  *
+  * \param value
+@@ -813,14 +812,14 @@
+  *      Number of bytes written to `out`.
+  */
+ static inline size_t
+-int32_pack(int32_t value, uint8_t *out)
+int32_pack(uint32_t value, uint8_t *out)
+ {
+-	if (value < 0) {
+	if ((int32_t)value < 0) {
+ 		out[0] = value | 0x80;
+ 		out[1] = (value >> 7) | 0x80;
+ 		out[2] = (value >> 14) | 0x80;
+ 		out[3] = (value >> 21) | 0x80;
+-		out[4] = (value >> 28) | 0x80;
+		out[4] = (value >> 28) | 0xf0;
+ 		out[5] = out[6] = out[7] = out[8] = 0xff;
+ 		out[9] = 0x01;
+ 		return 10;
+@@ -2425,7 +2424,7 @@
+ unzigzag32(uint32_t v)
+ {
+ 	// Note:  Using unsigned types prevents undefined behavior
+-	return (int32_t)((v >> 1) ^ (~(v & 1) + 1));
+	return (int32_t)((v >> 1) ^ -(v & 1));
+ }
+ 
+ static inline uint32_t
+@@ -2467,7 +2466,7 @@
+ unzigzag64(uint64_t v)
+ {
+ 	// Note:  Using unsigned types prevents undefined behavior
+-	return (int64_t)((v >> 1) ^ (~(v & 1) + 1));
+	return (int64_t)((v >> 1) ^ -(v & 1));
+ }
+ 
+ static inline uint64_t
--- a/protobuf-c.spec
+++ b/protobuf-c.spec
@ -1,10 +1,12 @@
 Name:           protobuf-c
 Version:        1.4.0
-Release:        2
+Release:        3
 Summary:        This is protobuf-c, a C implementation of the Google Protocol Buffers data serialization format
 License:        BSD-2-Clause
 URL:            https://github.com/protobuf-c/protobuf-c
-Source0:        %{url}/archive/refs/tags/v%{version}.tar.gz 
+Source0:        %{url}/archive/refs/tags/v%{version}.tar.gz
+#https://github.com/protobuf-c/protobuf-c/pull/508/files
+Patch0001:      CVE-2022-33070.patch
 BuildRequires:  autoconf automake libtool gcc-c++ pkgconfig(protobuf)
 Provides:       %{name}-compiler = %{version}-%{release}
 Obsoletes:      %{name}-compiler < %{version}-%{release}
@ -48,6 +50,9 @@ make check
 %{_libdir}/{libprotobuf-c.so,pkgconfig/libprotobuf-c.pc}

 %changelog
+* Mon Jul 4 2022 dengyuyu <yuyu.deng@epro.com.cn> - 1.4.0-3
+- fix CVE-2022-33070
+
 * Tue May 10 2022 Ge Wang <wangge20@h-partner.com> - 1.4.0-2
 - License compliance rectification