| Message ID | 20220223102016.28259-1-sanakazisk19@gmail.com |
|---|---|
| State | Under Review |
| Delegated to: | Armin Kuster |
| Headers | show |
| Series | [meta-oe,dunfell] protobuf: Fix CVE-2021-22570 | expand |
This causes QA warnings: WARNING: protobuf-native-3.11.4-r0 do_patch: Fuzz detected: Applying patch CVE-2021-22570.patch patching file src/google/protobuf/descriptor.cc Hunk #1 succeeded at 2603 with fuzz 1 (offset -23 lines). Hunk #2 succeeded at 2817 with fuzz 1 (offset -14 lines). Hunk #3 succeeded at 4006 (offset -17 lines). Hunk #4 succeeded at 4050 (offset -18 lines). Hunk #5 succeeded at 4368 (offset -18 lines). The context lines in the patches can be updated with devtool: devtool modify protobuf-native devtool finish --force-patch-refresh protobuf-native <layer_path> Don't forget to review changes done by devtool! Ross On Wed, 23 Feb 2022 at 10:21, sana kazi <sanakazisk19@gmail.com> wrote: > > Fix CVE-2021-22570. > Link: https://koji.fedoraproject.org/koji/buildinfo?buildID=1916865 > Link: https://src.fedoraproject.org/rpms/protobuf/blob/394beeacb500861f76473d47e10314e6a3600810/f/CVE-2021-22570.patch > > Remove first and second hunk because the second argument in > InsertIfNotPresent() function is of type const char* const& but the > first and second hunk makes the type of second argument as const string > which is not compatible with the type of second argument in > InsertIfNotPresent(). > > Signed-off-by: Sana Kazi <Sana.Kazi@kpit.com> > Signed-off-by: Sana Kazi <sanakazisk19@gmail.com> > --- > .../protobuf/protobuf/CVE-2021-22570.patch | 64 +++++++++++++++++++ > .../protobuf/protobuf_3.11.4.bb | 1 + > 2 files changed, 65 insertions(+) > create mode 100644 meta-oe/recipes-devtools/protobuf/protobuf/CVE-2021-22570.patch > > diff --git a/meta-oe/recipes-devtools/protobuf/protobuf/CVE-2021-22570.patch b/meta-oe/recipes-devtools/protobuf/protobuf/CVE-2021-22570.patch > new file mode 100644 > index 000000000..be3180181 > --- /dev/null > +++ b/meta-oe/recipes-devtools/protobuf/protobuf/CVE-2021-22570.patch > @@ -0,0 +1,64 @@ > +CVE: CVE-2021-22570 > +Upstream-Status: Backport [https://src.fedoraproject.org/rpms/protobuf/blob/394beeacb500861f76473d47e10314e6a3600810/f/CVE-2021-22570.patch] > +Comment: Removed first and second hunk > +Signed-off-by: Sana.Kazi <Sana.Kazi@kpit.com> > + > +diff --git a/src/google/protobuf/descriptor.cc b/src/google/protobuf/descriptor.cc > +index 7af37c57f3..03c4e2b516 100644 > +--- a/src/google/protobuf/descriptor.cc > ++++ b/src/google/protobuf/descriptor.cc > +@@ -2626,6 +2626,8 @@ void Descriptor::DebugString(int depth, std::string* contents, > + const Descriptor::ReservedRange* range = reserved_range(i); > + if (range->end == range->start + 1) { > + strings::SubstituteAndAppend(contents, "$0, ", range->start); > ++ } else if (range->end > FieldDescriptor::kMaxNumber) { > ++ strings::SubstituteAndAppend(contents, "$0 to max, ", range->start); > + } else { > + strings::SubstituteAndAppend(contents, "$0 to $1, ", range->start, > + range->end - 1); > +@@ -2829,6 +2831,8 @@ void EnumDescriptor::DebugString( > + const EnumDescriptor::ReservedRange* range = reserved_range(i); > + if (range->end == range->start) { > + strings::SubstituteAndAppend(contents, "$0, ", range->start); > ++ } else if (range->end == INT_MAX) { > ++ strings::SubstituteAndAppend(contents, "$0 to max, ", range->start); > + } else { > + strings::SubstituteAndAppend(contents, "$0 to $1, ", range->start, > + range->end); > +@@ -4019,6 +4023,11 @@ bool DescriptorBuilder::AddSymbol(const std::string& full_name, > + // Use its file as the parent instead. > + if (parent == nullptr) parent = file_; > + > ++ if (full_name.find('\0') != std::string::npos) { > ++ AddError(full_name, proto, DescriptorPool::ErrorCollector::NAME, > ++ "\"" + full_name + "\" contains null character."); > ++ return false; > ++ } > + if (tables_->AddSymbol(full_name, symbol)) { > + if (!file_tables_->AddAliasUnderParent(parent, name, symbol)) { > + // This is only possible if there was already an error adding something of > +@@ -4059,6 +4068,11 @@ bool DescriptorBuilder::AddSymbol(const std::string& full_name, > + void DescriptorBuilder::AddPackage(const std::string& name, > + const Message& proto, > + const FileDescriptor* file) { > ++ if (name.find('\0') != std::string::npos) { > ++ AddError(name, proto, DescriptorPool::ErrorCollector::NAME, > ++ "\"" + name + "\" contains null character."); > ++ return; > ++ } > + if (tables_->AddSymbol(name, Symbol(file))) { > + // Success. Also add parent package, if any. > + std::string::size_type dot_pos = name.find_last_of('.'); > +@@ -4372,6 +4386,12 @@ FileDescriptor* DescriptorBuilder::BuildFileImpl( > + } > + result->pool_ = pool_; > + > ++ if (result->name().find('\0') != std::string::npos) { > ++ AddError(result->name(), proto, DescriptorPool::ErrorCollector::NAME, > ++ "\"" + result->name() + "\" contains null character."); > ++ return nullptr; > ++ } > ++ > + // Add to tables. > + if (!tables_->AddFile(result)) { > + AddError(proto.name(), proto, DescriptorPool::ErrorCollector::OTHER, > diff --git a/meta-oe/recipes-devtools/protobuf/protobuf_3.11.4.bb b/meta-oe/recipes-devtools/protobuf/protobuf_3.11.4.bb > index d2f22ba6b..55d56ff08 100644 > --- a/meta-oe/recipes-devtools/protobuf/protobuf_3.11.4.bb > +++ b/meta-oe/recipes-devtools/protobuf/protobuf_3.11.4.bb > @@ -17,6 +17,7 @@ SRC_URI = "git://github.com/google/protobuf.git;branch=3.11.x;protocol=https \ > file://0001-protobuf-fix-configure-error.patch \ > file://0001-Makefile.am-include-descriptor.cc-when-building-libp.patch \ > file://0001-examples-Makefile-respect-CXX-LDFLAGS-variables-fix-.patch \ > + file://CVE-2021-22570.patch \ > " > S = "${WORKDIR}/git" > > -- > 2.17.1 > > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#95476): https://lists.openembedded.org/g/openembedded-devel/message/95476 > Mute This Topic: https://lists.openembedded.org/mt/89337770/1676615 > Group Owner: openembedded-devel+owner@lists.openembedded.org > Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [ross@burtonini.com] > -=-=-=-=-=-=-=-=-=-=-=- >
diff --git a/meta-oe/recipes-devtools/protobuf/protobuf/CVE-2021-22570.patch b/meta-oe/recipes-devtools/protobuf/protobuf/CVE-2021-22570.patch new file mode 100644 index 000000000..be3180181 --- /dev/null +++ b/meta-oe/recipes-devtools/protobuf/protobuf/CVE-2021-22570.patch @@ -0,0 +1,64 @@ +CVE: CVE-2021-22570 +Upstream-Status: Backport [https://src.fedoraproject.org/rpms/protobuf/blob/394beeacb500861f76473d47e10314e6a3600810/f/CVE-2021-22570.patch] +Comment: Removed first and second hunk +Signed-off-by: Sana.Kazi <Sana.Kazi@kpit.com> + +diff --git a/src/google/protobuf/descriptor.cc b/src/google/protobuf/descriptor.cc +index 7af37c57f3..03c4e2b516 100644 +--- a/src/google/protobuf/descriptor.cc ++++ b/src/google/protobuf/descriptor.cc +@@ -2626,6 +2626,8 @@ void Descriptor::DebugString(int depth, std::string* contents, + const Descriptor::ReservedRange* range = reserved_range(i); + if (range->end == range->start + 1) { + strings::SubstituteAndAppend(contents, "$0, ", range->start); ++ } else if (range->end > FieldDescriptor::kMaxNumber) { ++ strings::SubstituteAndAppend(contents, "$0 to max, ", range->start); + } else { + strings::SubstituteAndAppend(contents, "$0 to $1, ", range->start, + range->end - 1); +@@ -2829,6 +2831,8 @@ void EnumDescriptor::DebugString( + const EnumDescriptor::ReservedRange* range = reserved_range(i); + if (range->end == range->start) { + strings::SubstituteAndAppend(contents, "$0, ", range->start); ++ } else if (range->end == INT_MAX) { ++ strings::SubstituteAndAppend(contents, "$0 to max, ", range->start); + } else { + strings::SubstituteAndAppend(contents, "$0 to $1, ", range->start, + range->end); +@@ -4019,6 +4023,11 @@ bool DescriptorBuilder::AddSymbol(const std::string& full_name, + // Use its file as the parent instead. + if (parent == nullptr) parent = file_; + ++ if (full_name.find('\0') != std::string::npos) { ++ AddError(full_name, proto, DescriptorPool::ErrorCollector::NAME, ++ "\"" + full_name + "\" contains null character."); ++ return false; ++ } + if (tables_->AddSymbol(full_name, symbol)) { + if (!file_tables_->AddAliasUnderParent(parent, name, symbol)) { + // This is only possible if there was already an error adding something of +@@ -4059,6 +4068,11 @@ bool DescriptorBuilder::AddSymbol(const std::string& full_name, + void DescriptorBuilder::AddPackage(const std::string& name, + const Message& proto, + const FileDescriptor* file) { ++ if (name.find('\0') != std::string::npos) { ++ AddError(name, proto, DescriptorPool::ErrorCollector::NAME, ++ "\"" + name + "\" contains null character."); ++ return; ++ } + if (tables_->AddSymbol(name, Symbol(file))) { + // Success. Also add parent package, if any. + std::string::size_type dot_pos = name.find_last_of('.'); +@@ -4372,6 +4386,12 @@ FileDescriptor* DescriptorBuilder::BuildFileImpl( + } + result->pool_ = pool_; + ++ if (result->name().find('\0') != std::string::npos) { ++ AddError(result->name(), proto, DescriptorPool::ErrorCollector::NAME, ++ "\"" + result->name() + "\" contains null character."); ++ return nullptr; ++ } ++ + // Add to tables. + if (!tables_->AddFile(result)) { + AddError(proto.name(), proto, DescriptorPool::ErrorCollector::OTHER, diff --git a/meta-oe/recipes-devtools/protobuf/protobuf_3.11.4.bb b/meta-oe/recipes-devtools/protobuf/protobuf_3.11.4.bb index d2f22ba6b..55d56ff08 100644 --- a/meta-oe/recipes-devtools/protobuf/protobuf_3.11.4.bb +++ b/meta-oe/recipes-devtools/protobuf/protobuf_3.11.4.bb @@ -17,6 +17,7 @@ SRC_URI = "git://github.com/google/protobuf.git;branch=3.11.x;protocol=https \ file://0001-protobuf-fix-configure-error.patch \ file://0001-Makefile.am-include-descriptor.cc-when-building-libp.patch \ file://0001-examples-Makefile-respect-CXX-LDFLAGS-variables-fix-.patch \ + file://CVE-2021-22570.patch \ " S = "${WORKDIR}/git"