update to 0.9.8

(cherry picked from commit 675a7723780a5963bc469257753f65d921738e64)
2024-08-02 17:10:44 +08:00 · 2024-08-02 17:10:44 +08:00 · c2fef9d3f5
commit c2fef9d3f5
parent 50796f2788
5 changed files with 6 additions and 83 deletions
--- a/fix-cve-2024-34402.patch
+++ b/fix-cve-2024-34402.patch
@ -1,47 +0,0 @@
 From 760ade2947415dbb100053cf793c2f96fe257386 Mon Sep 17 00:00:00 2001
 From: Sebastian Pipping <sebastian@pipping.org>
 Date: Sun, 28 Apr 2024 21:26:45 +0200
 Subject: [PATCH] Protect against integer overflow in ComposeQueryEngine
 Requires string input that is longer than INT_MAX to exploit.
 ---
 src/UriQuery.c | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)
 diff --git a/src/UriQuery.c b/src/UriQuery.c
 index b2734bc..29c6f47 100644
 --- a/src/UriQuery.c
 +++ b/src/UriQuery.c
@@ -70,6 +70,7 @@
 #include <limits.h>
 +#include <stddef.h> /* size_t */
@@ -218,16 +219,16 @@ int URI_FUNC(ComposeQueryEngine)(URI_CHAR * dest,
 		const URI_CHAR * const key = queryList->key;
 		const URI_CHAR * const value = queryList->value;
 		const int worstCase = (normalizeBreaks == URI_TRUE ? 6 : 3);
 -		const int keyLen = (key == NULL) ? 0 : (int)URI_STRLEN(key);
 +		const size_t keyLen = (key == NULL) ? 0 : URI_STRLEN(key);
 		int keyRequiredChars;
 -		const int valueLen = (value == NULL) ? 0 : (int)URI_STRLEN(value);
 +		const size_t valueLen = (value == NULL) ? 0 : URI_STRLEN(value);
 		int valueRequiredChars;
 -		if ((keyLen >= INT_MAX / worstCase) || (valueLen >= INT_MAX / worstCase)) {
 +		if ((keyLen >= (size_t)INT_MAX / worstCase) || (valueLen >= (size_t)INT_MAX / worstCase)) {
 			return URI_ERROR_OUTPUT_TOO_LARGE;
 		}
 -		keyRequiredChars = worstCase * keyLen;
 -		valueRequiredChars = worstCase * valueLen;
 +		keyRequiredChars = worstCase * (int)keyLen;
 +		valueRequiredChars = worstCase * (int)valueLen;
 		if (dest == NULL) {
 			(*charsRequired) += ampersandLen + keyRequiredChars + ((value == NULL)
 -- 
 2.23.0
--- a/fix-cve-2024-34403.patch
+++ b/fix-cve-2024-34403.patch
@ -1,32 +0,0 @@
 From bb6b9b3f25fbafeb12dac68574d9f677b09880e3 Mon Sep 17 00:00:00 2001
 From: Sebastian Pipping <sebastian@pipping.org>
 Date: Sun, 28 Apr 2024 21:57:27 +0200
 Subject: [PATCH] Protect against integer overflow in ComposeQueryMallocExMm
 Requires string input that is longer than INT_MAX / 6 - 1 to exploit.
 ---
 src/UriQuery.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)
 diff --git a/src/UriQuery.c b/src/UriQuery.c
 index b2734bc..4885ff0 100644
 --- a/src/UriQuery.c
 +++ b/src/UriQuery.c
@@ -177,10 +177,13 @@ int URI_FUNC(ComposeQueryMallocExMm)(URI_CHAR ** dest,
 	if (res != URI_SUCCESS) {
 		return res;
 	}
 +	if (charsRequired == INT_MAX) {
 +	    return URI_ERROR_MALLOC;
 +	}
 	charsRequired++;
 	/* Allocate space */
 -	queryString = memory->malloc(memory, charsRequired * sizeof(URI_CHAR));
 +	queryString = memory->calloc(memory, charsRequired, sizeof(URI_CHAR));
 	if (queryString == NULL) {
 		return URI_ERROR_MALLOC;
 	}
 -- 
 2.23.0
--- a/uriparser-0.9.7.tar.bz2
+++ b/uriparser-0.9.7.tar.bz2
--- a/uriparser-0.9.8.tar.bz2
+++ b/uriparser-0.9.8.tar.bz2
--- a/uriparser.spec
+++ b/uriparser.spec
@ -1,12 +1,11 @@
 Name:           uriparser
-Version:        0.9.7
+Version:        0.9.8
-Release:        2
+Release:        1
 Summary:        A strictly RFC 3986 compliant URI parsing and handling library written in C89
 License:        BSD
 URL:            https://uriparser.github.io/
 Source0:        https://github.com/uriparser/uriparser/releases/download/uriparser-%{version}/uriparser-%{version}.tar.bz2
-Patch0:         fix-cve-2024-34402.patch
+
 Patch1:         fix-cve-2024-34403.patch
 BuildRequires:  cmake doxygen gcc-c++ graphviz gtest-devel make gmock
 %description
@ -61,6 +60,9 @@ LD_LIBRARY_PATH=".libs" make check
 %doc %{_docdir}/uriparser/html
 %changelog
 * Fri Aug 2 2024 zhangxingrong <zhangxingrong@uniontech.cn> - 0.9.8-1
 - update to version 0.9.8
 * Mon May 6 2024 kouwenqi <kouwenqi@kylinos.cn> - 0.9.7-2
 - fix CVE-2024-34402,CVE-2024-34403