packages/protobuf
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix CVE-2024-7254

Browse Source 
(cherry picked from commit 9a7fc3d97bf25458b652f79a7e2c409b1507777f)
This commit is contained in:
zhangxianting 2024-09-19 10:42:51 +08:00 committed by openeuler-sync-bot
parent b2ab0c49d6
commit 202c28e2a5
2 changed files with 154 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

146
0004-backport-CVE-2024-7254.patch Normal file
View File

@ -0,0 +1,146 @@
From cc8b3483a5584b3301e3d43d17eb59704857ffaa Mon Sep 17 00:00:00 2001
From: Protobuf Team Bot <protobuf-github-bot@google.com>
Date: Thu, 18 Jul 2024 07:41:01 -0700
Subject: [PATCH] Internal change
PiperOrigin-RevId: 653615736
---
.../core/src/main/java/com/google/protobuf/ArrayDecoders.java | 3 +--
.../com/google/protobuf/InvalidProtocolBufferException.java | 2 +-
.../core/src/main/java/com/google/protobuf/MessageSchema.java | 3 +++
.../src/main/java/com/google/protobuf/MessageSetSchema.java | 1 +
.../src/main/java/com/google/protobuf/UnknownFieldSchema.java | 3 +--
java/lite/src/test/java/com/google/protobuf/LiteTest.java | 3 +++
src/google/protobuf/unittest_lite.proto | 4 ++++
7 files changed, 14 insertions(+), 5 deletions(-)
diff --git a/java/core/src/main/java/com/google/protobuf/ArrayDecoders.java b/java/core/src/main/java/com/google/protobuf/ArrayDecoders.java
index f3241de..9bf1439 100644
--- a/java/core/src/main/java/com/google/protobuf/ArrayDecoders.java
+++ b/java/core/src/main/java/com/google/protobuf/ArrayDecoders.java
@@ -24,8 +24,7 @@ import java.io.IOException;
@CheckReturnValue
final class ArrayDecoders {
- private ArrayDecoders() {
- }
+ private ArrayDecoders() {}
/**
* A helper used to return multiple values in a Java function. Java doesn't natively support
diff --git a/java/core/src/main/java/com/google/protobuf/InvalidProtocolBufferException.java b/java/core/src/main/java/com/google/protobuf/InvalidProtocolBufferException.java
index 5d10e48..dbcb9e8 100644
--- a/java/core/src/main/java/com/google/protobuf/InvalidProtocolBufferException.java
+++ b/java/core/src/main/java/com/google/protobuf/InvalidProtocolBufferException.java
@@ -132,7 +132,7 @@ public class InvalidProtocolBufferException extends IOException {
static InvalidProtocolBufferException recursionLimitExceeded() {
return new InvalidProtocolBufferException(
"Protocol message had too many levels of nesting. May be malicious. "
- + "Use CodedInputStream.setRecursionLimit() to increase the depth limit.");
+ + "Use setRecursionLimit() to increase the recursion depth limit.");
}
static InvalidProtocolBufferException sizeLimitExceeded() {
diff --git a/java/core/src/main/java/com/google/protobuf/MessageSchema.java b/java/core/src/main/java/com/google/protobuf/MessageSchema.java
index de3890f..f8f79fc 100644
--- a/java/core/src/main/java/com/google/protobuf/MessageSchema.java
+++ b/java/core/src/main/java/com/google/protobuf/MessageSchema.java
@@ -3006,6 +3006,7 @@ final class MessageSchema<T> implements Schema<T> {
unknownFields = unknownFieldSchema.getBuilderFromMessage(message);
}
// Unknown field.
+
if (unknownFieldSchema.mergeOneFieldFrom(unknownFields, reader)) {
continue;
}
@@ -3381,6 +3382,7 @@ final class MessageSchema<T> implements Schema<T> {
if (unknownFields == null) {
unknownFields = unknownFieldSchema.getBuilderFromMessage(message);
}
+
if (!unknownFieldSchema.mergeOneFieldFrom(unknownFields, reader)) {
return;
}
@@ -3397,6 +3399,7 @@ final class MessageSchema<T> implements Schema<T> {
if (unknownFields == null) {
unknownFields = unknownFieldSchema.getBuilderFromMessage(message);
}
+
if (!unknownFieldSchema.mergeOneFieldFrom(unknownFields, reader)) {
return;
}
diff --git a/java/core/src/main/java/com/google/protobuf/MessageSetSchema.java b/java/core/src/main/java/com/google/protobuf/MessageSetSchema.java
index eec3acd..a17037e 100644
--- a/java/core/src/main/java/com/google/protobuf/MessageSetSchema.java
+++ b/java/core/src/main/java/com/google/protobuf/MessageSetSchema.java
@@ -278,6 +278,7 @@ final class MessageSetSchema<T> implements Schema<T> {
reader, extension, extensionRegistry, extensions);
return true;
} else {
+
return unknownFieldSchema.mergeOneFieldFrom(unknownFields, reader);
}
} else {
diff --git a/java/core/src/main/java/com/google/protobuf/UnknownFieldSchema.java b/java/core/src/main/java/com/google/protobuf/UnknownFieldSchema.java
index c4ec645..a43bc2a 100644
--- a/java/core/src/main/java/com/google/protobuf/UnknownFieldSchema.java
+++ b/java/core/src/main/java/com/google/protobuf/UnknownFieldSchema.java
@@ -55,7 +55,6 @@ abstract class UnknownFieldSchema<T, B> {
/** Marks unknown fields as immutable. */
abstract void makeImmutable(Object message);
- /** Merges one field into the unknown fields. */
final boolean mergeOneFieldFrom(B unknownFields, Reader reader) throws IOException {
int tag = reader.getTag();
int fieldNumber = WireFormat.getTagFieldNumber(tag);
@@ -88,7 +87,7 @@ abstract class UnknownFieldSchema<T, B> {
}
}
- final void mergeFrom(B unknownFields, Reader reader) throws IOException {
+ private final void mergeFrom(B unknownFields, Reader reader) throws IOException {
while (true) {
if (reader.getFieldNumber() == Reader.READ_DONE
|| !mergeOneFieldFrom(unknownFields, reader)) {
diff --git a/java/lite/src/test/java/com/google/protobuf/LiteTest.java b/java/lite/src/test/java/com/google/protobuf/LiteTest.java
index 754ed7d..b42a4b9 100644
--- a/java/lite/src/test/java/com/google/protobuf/LiteTest.java
+++ b/java/lite/src/test/java/com/google/protobuf/LiteTest.java
@@ -10,12 +10,14 @@ package com.google.protobuf;
import static com.google.common.truth.Truth.assertThat;
import static com.google.common.truth.Truth.assertWithMessage;
import static java.util.Collections.singletonList;
+import static org.junit.Assert.assertThrows;
import com.google.protobuf.FieldPresenceTestProto.TestAllTypes;
import com.google.protobuf.UnittestImportLite.ImportEnumLite;
import com.google.protobuf.UnittestImportPublicLite.PublicImportMessageLite;
import com.google.protobuf.UnittestLite.ForeignEnumLite;
import com.google.protobuf.UnittestLite.ForeignMessageLite;
+import com.google.protobuf.UnittestLite.RecursiveGroup;
import com.google.protobuf.UnittestLite.RecursiveMessage;
import com.google.protobuf.UnittestLite.TestAllExtensionsLite;
import com.google.protobuf.UnittestLite.TestAllTypesLite;
@@ -50,6 +52,7 @@ import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
+import java.util.concurrent.atomic.AtomicBoolean;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
diff --git a/src/google/protobuf/unittest_lite.proto b/src/google/protobuf/unittest_lite.proto
index 1848a2a..af6febf 100644
--- a/src/google/protobuf/unittest_lite.proto
+++ b/src/google/protobuf/unittest_lite.proto
@@ -505,3 +505,7 @@ message RecursiveMessage {
optional RecursiveMessage recurse = 1;
optional bytes payload = 2;
}
+
+message RecursiveGroup {
+ RecursiveGroup recurse = 1 [features.message_encoding = DELIMITED];
+}
--
2.43.0

9
protobuf.spec
View File

@ -11,7 +11,7 @@
Summary: Protocol Buffers - Google's data interchange format Summary: Protocol Buffers - Google's data interchange format
Name: protobuf Name: protobuf
Version: 25.1 Version: 25.1
Release: 5 Release: 6
License: BSD License: BSD
URL: https://github.com/protocolbuffers/protobuf URL: https://github.com/protocolbuffers/protobuf
Source: https://github.com/protocolbuffers/protobuf/releases/download/v%{version}%{?rcver}/%{name}-all-%{version}%{?rcver}.tar.gz Source: https://github.com/protocolbuffers/protobuf/releases/download/v%{version}%{?rcver}/%{name}-all-%{version}%{?rcver}.tar.gz
@ -21,6 +21,7 @@ Source1: protobuf-init.el
Patch9000: 0001-add-secure-compile-option.patch Patch9000: 0001-add-secure-compile-option.patch
Patch9001: 0002-Fix-CC-compiler-support.patch Patch9001: 0002-Fix-CC-compiler-support.patch
Patch9002: 0003-protobuf-add-coverage-compile-option.patch Patch9002: 0003-protobuf-add-coverage-compile-option.patch
Patch9003: 0004-backport-CVE-2024-7254.patch
BuildRequires: cmake gcc-c++ emacs zlib-devel gmock-devel gtest-devel jsoncpp-devel BuildRequires: cmake gcc-c++ emacs zlib-devel gmock-devel gtest-devel jsoncpp-devel
BuildRequires: fdupes pkgconfig python-rpm-macros pkgconfig(zlib) ninja-build BuildRequires: fdupes pkgconfig python-rpm-macros pkgconfig(zlib) ninja-build
@ -403,6 +404,12 @@ install -p -m 0644 %{SOURCE1} %{buildroot}%{_emacs_sitestartdir}
%endif %endif
%changelog %changelog
* Thu Sep 19 2024 zhangxianting <zhangxianting@uniontech.com> - 25.1-6
- Type:bugfix
- ID:NA
- SUG:NA
- DESC: fix CVE-2024-7254
* Mon Aug 05 2024 zhongtao <zhongtao17@huawei.com> - 25.1-5 * Mon Aug 05 2024 zhongtao <zhongtao17@huawei.com> - 25.1-5
- Type:bugfix - Type:bugfix
- ID:NA - ID:NA