!117 CVE-2023-51714

From: @dou33 Reviewed-by: @peijiankang Signed-off-by: @peijiankang
2024-02-01 05:27:59 +00:00 · 2024-02-01 05:27:59 +00:00 · f166bc423f
commit f166bc423f
parent a2385c0b86 e40830cbfe
2 changed files with 45 additions and 3 deletions
--- a/qt5-qtbase.spec
+++ b/qt5-qtbase.spec
@ -36,7 +36,7 @@
 Name:             qt5-qtbase
 Summary:          Qt5 - QtBase components
 Version:          5.15.10
-Release:          6
+Release:          7

 # See LGPL_EXCEPTIONS.txt, for exception details
 License:          LGPL-3.0-only OR GPL-3.0-only WITH Qt-GPL-exception-1.0
@ -132,6 +132,7 @@ Patch0026:        qtbase5.15.10-CVE-2023-38197.patch
 # https://codereview.qt-project.org/c/qt/qtbase/+/503026
 Patch0027:        qtbase5.15.10-CVE-2023-43114.patch
 Patch0028:        fix-build-error-of-libxkbcommon-1.6.0.patch
+Patch0029:        qtbase5.15-CVE-2023-51714.patch
 # Do not check any files in %%{_qt5_plugindir}/platformthemes/ for requires.
 # Those themes are there for platform integration. If the required libraries are
 # not there, the platform to integrate with isn't either. Then Qt will just
@ -400,6 +401,7 @@ Qt5 libraries used for drawing widgets and OpenGL items.
 %patch -P0026 -p1
 %patch -P0027 -p1
 %patch -P0028 -p1
+%patch -P0029 -p1
 # move some bundled libs to ensure they're not accidentally used
 pushd src/3rdparty
 mkdir UNUSED
@ -1057,13 +1059,16 @@ fi


 %changelog
+* Wed Jan 31 2024 douyan <douyan@kylinos.cn> - 5.15.10-7
+- add qtbase5.15-CVE-2023-51714.patch
+
 * Wed Jan 31 2024 douyan <douyan@kylinos.cn> - 5.15.10-6
 - fix build error of libxkbcommon-1.6.0

-* Fri Nov 24 2023 hua_yadong <huayadong@kylinos.cn> - 5.15.10-5
+* Sat Nov 25 2023 hua_yadong <huayadong@kylinos.cn> - 5.15.10-5
 - fix qtbase5.15.10-CVE-2023-43114.patch

-* Sat Nov 25 2023 hua_yadong <huayadong@kylinos.cn> - 5.15.10-4
+* Fri Nov 24 2023 hua_yadong <huayadong@kylinos.cn> - 5.15.10-4
 - fix qtbase5.15.10-CVE-2023-38197.patch

 * Wed Sep 13 2023 yoo <sunyuechi@iscas.ac.cn> - 5.15.10-3
--- a/qtbase5.15-CVE-2023-51714.patch
+++ b/qtbase5.15-CVE-2023-51714.patch
@ -0,0 +1,37 @@
+From 061cbe5796a9ff1e998bd5753bb5b44e4481df11 Mon Sep 17 00:00:00 2001
+From: peijiankang <peijiankang@kylinos.cn>
+Date: Wed, 31 Jan 2024 13:38:10 +0800
+Subject: [PATCH] qtbase5.15-CVE-2023-51714
+
+---
+ src/network/access/http2/hpacktable.cpp | 7 +++++--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/src/network/access/http2/hpacktable.cpp b/src/network/access/http2/hpacktable.cpp
+index fddb5fec..315f3e23 100644
+--- a/src/network/access/http2/hpacktable.cpp
+++ b/src/network/access/http2/hpacktable.cpp
+@@ -40,6 +40,7 @@
+ #include "hpacktable_p.h"
+ 
+ #include <QtCore/qdebug.h>
+#include <QtCore/private/qnumeric_p.h>
+ 
+ #include <algorithm>
+ #include <cstddef>
+@@ -62,8 +63,10 @@ HeaderSize entry_size(const QByteArray &name, const QByteArray &value)
+     // for counting the number of references to the name and value would have
+     // 32 octets of overhead."
+ 
+-    const unsigned sum = unsigned(name.size() + value.size());
+-    if (std::numeric_limits<unsigned>::max() - 32 < sum)
+    size_t sum;
+    if (add_overflow(size_t(name.size()), size_t(value.size()), &sum))
+        return HeaderSize();
+    if (sum > (std::numeric_limits<unsigned>::max() - 32))
+         return HeaderSize();
+     return HeaderSize(true, quint32(sum + 32));
+ }
+-- 
+2.41.0
+