diff mbox series

[meta-filesystems,dunfell,1/4] nodejs: Fix CVE-2022-32212

Message ID 20230303123215.296036-1-omkarpatil10.93@gmail.com
State New
Headers show
Series [meta-filesystems,dunfell,1/4] nodejs: Fix CVE-2022-32212 | expand

Commit Message

Omkar Patil March 3, 2023, 12:32 p.m. UTC 
From: Poonam Jadhav <Poonam.Jadhav@kpit.com>

Add patch to fix CVE-2022-32212

Link: https://sources.debian.org/src/nodejs/12.22.12~dfsg-1~deb11u3/debian/patches/cve-2022-32212.patch

Signed-off-by: Poonam Jadhav <Poonam.Jadhav@kpit.com>
Signed-off-by: Omkar Patil <omkarpatil10.93@gmail.com>
---
 .../nodejs/nodejs/CVE-2022-32212.patch        | 133 ++++++++++++++++++
 .../nodejs/nodejs_12.22.12.bb                 |   1 +
 2 files changed, 134 insertions(+)
 create mode 100644 meta-oe/recipes-devtools/nodejs/nodejs/CVE-2022-32212.patch
diff mbox series

Patch

diff --git a/meta-oe/recipes-devtools/nodejs/nodejs/CVE-2022-32212.patch b/meta-oe/recipes-devtools/nodejs/nodejs/CVE-2022-32212.patch
new file mode 100644
index 000000000..f7b4b61f4
--- /dev/null
+++ b/meta-oe/recipes-devtools/nodejs/nodejs/CVE-2022-32212.patch
@@ -0,0 +1,133 @@ 
+commit 48c5aa5cab718d04473fa2761d532657c84b8131
+Author: Tobias Nießen <tniessen@tnie.de>
+Date:   Fri May 27 21:18:49 2022 +0000
+
+    src: fix IPv4 validation in inspector_socket
+
+    Co-authored-by: RafaelGSS <rafael.nunu@hotmail.com>
+    PR-URL: https://github.com/nodejs-private/node-private/pull/320
+    Backport-PR-URL: https://github.com/nodejs-private/node-private/pull/325
+    Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
+    Reviewed-By: RafaelGSS <rafael.nunu@hotmail.com>
+    CVE-ID: CVE-2022-32212
+
+CVE: CVE-2022-32212
+Upstream-Status: Backport [https://sources.debian.org/src/nodejs/12.22.12~dfsg-1~deb11u3/debian/patches/cve-2022-32212.patch]
+Comment: No hunks refreshed
+Signed-off-by: Poonam Jadhav <Poonam.Jadhav@kpit.com>
+
+Index: nodejs-12.22.12~dfsg/src/inspector_socket.cc
+===================================================================
+--- nodejs-12.22.12~dfsg.orig/src/inspector_socket.cc
++++ nodejs-12.22.12~dfsg/src/inspector_socket.cc
+@@ -168,14 +168,22 @@ static std::string TrimPort(const std::s
+ static bool IsIPAddress(const std::string& host) {
+   if (host.length() >= 4 && host.front() == '[' && host.back() == ']')
+     return true;
+-  int quads = 0;
++  uint_fast16_t accum = 0;
++  uint_fast8_t quads = 0;
++  bool empty = true;
++  auto endOctet = [&accum, &quads, &empty](bool final = false) {
++    return !empty && accum <= 0xff && ++quads <= 4 && final == (quads == 4) &&
++           (empty = true) && !(accum = 0);
++  };
+   for (char c : host) {
+-    if (c == '.')
+-      quads++;
+-    else if (!isdigit(c))
++    if (isdigit(c)) {
++      if ((accum = (accum * 10) + (c - '0')) > 0xff) return false;
++      empty = false;
++    } else if (c != '.' || !endOctet()) {
+       return false;
++    }
+   }
+-  return quads == 3;
++  return endOctet(true);
+ }
+ 
+ // Constants for hybi-10 frame format.
+Index: nodejs-12.22.12~dfsg/test/cctest/test_inspector_socket.cc
+===================================================================
+--- nodejs-12.22.12~dfsg.orig/test/cctest/test_inspector_socket.cc
++++ nodejs-12.22.12~dfsg/test/cctest/test_inspector_socket.cc
+@@ -851,4 +851,78 @@ TEST_F(InspectorSocketTest, HostCheckedF
+   expect_failure_no_delegate(UPGRADE_REQUEST);
+ }
+ 
++TEST_F(InspectorSocketTest, HostIPChecked) {
++  const std::string INVALID_HOST_IP_REQUEST = "GET /json HTTP/1.1\r\n"
++                                              "Host: 10.0.2.555:9229\r\n\r\n";
++  send_in_chunks(INVALID_HOST_IP_REQUEST.c_str(),
++                 INVALID_HOST_IP_REQUEST.length());
++  expect_handshake_failure();
++}
++
++TEST_F(InspectorSocketTest, HostNegativeIPChecked) {
++  const std::string INVALID_HOST_IP_REQUEST = "GET /json HTTP/1.1\r\n"
++                                              "Host: 10.0.-23.255:9229\r\n\r\n";
++  send_in_chunks(INVALID_HOST_IP_REQUEST.c_str(),
++                 INVALID_HOST_IP_REQUEST.length());
++  expect_handshake_failure();
++}
++
++TEST_F(InspectorSocketTest, HostIpOctetOutOfIntRangeChecked) {
++  const std::string INVALID_HOST_IP_REQUEST =
++      "GET /json HTTP/1.1\r\n"
++      "Host: 127.0.0.4294967296:9229\r\n\r\n";
++  send_in_chunks(INVALID_HOST_IP_REQUEST.c_str(),
++                 INVALID_HOST_IP_REQUEST.length());
++  expect_handshake_failure();
++}
++
++TEST_F(InspectorSocketTest, HostIpOctetFarOutOfIntRangeChecked) {
++  const std::string INVALID_HOST_IP_REQUEST =
++      "GET /json HTTP/1.1\r\n"
++      "Host: 127.0.0.18446744073709552000:9229\r\n\r\n";
++  send_in_chunks(INVALID_HOST_IP_REQUEST.c_str(),
++                 INVALID_HOST_IP_REQUEST.length());
++  expect_handshake_failure();
++}
++
++TEST_F(InspectorSocketTest, HostIpEmptyOctetStartChecked) {
++  const std::string INVALID_HOST_IP_REQUEST = "GET /json HTTP/1.1\r\n"
++                                              "Host: .0.0.1:9229\r\n\r\n";
++  send_in_chunks(INVALID_HOST_IP_REQUEST.c_str(),
++                 INVALID_HOST_IP_REQUEST.length());
++  expect_handshake_failure();
++}
++
++TEST_F(InspectorSocketTest, HostIpEmptyOctetMidChecked) {
++  const std::string INVALID_HOST_IP_REQUEST = "GET /json HTTP/1.1\r\n"
++                                              "Host: 127..0.1:9229\r\n\r\n";
++  send_in_chunks(INVALID_HOST_IP_REQUEST.c_str(),
++                 INVALID_HOST_IP_REQUEST.length());
++  expect_handshake_failure();
++}
++
++TEST_F(InspectorSocketTest, HostIpEmptyOctetEndChecked) {
++  const std::string INVALID_HOST_IP_REQUEST = "GET /json HTTP/1.1\r\n"
++                                              "Host: 127.0.0.:9229\r\n\r\n";
++  send_in_chunks(INVALID_HOST_IP_REQUEST.c_str(),
++                 INVALID_HOST_IP_REQUEST.length());
++  expect_handshake_failure();
++}
++
++TEST_F(InspectorSocketTest, HostIpTooFewOctetsChecked) {
++  const std::string INVALID_HOST_IP_REQUEST = "GET /json HTTP/1.1\r\n"
++                                              "Host: 127.0.1:9229\r\n\r\n";
++  send_in_chunks(INVALID_HOST_IP_REQUEST.c_str(),
++                 INVALID_HOST_IP_REQUEST.length());
++  expect_handshake_failure();
++}
++
++TEST_F(InspectorSocketTest, HostIpTooManyOctetsChecked) {
++  const std::string INVALID_HOST_IP_REQUEST = "GET /json HTTP/1.1\r\n"
++                                              "Host: 127.0.0.0.1:9229\r\n\r\n";
++  send_in_chunks(INVALID_HOST_IP_REQUEST.c_str(),
++                 INVALID_HOST_IP_REQUEST.length());
++  expect_handshake_failure();
++}
++
+ }  // anonymous namespace
diff --git a/meta-oe/recipes-devtools/nodejs/nodejs_12.22.12.bb b/meta-oe/recipes-devtools/nodejs/nodejs_12.22.12.bb
index 8dbdd088e..2258cb108 100644
--- a/meta-oe/recipes-devtools/nodejs/nodejs_12.22.12.bb
+++ b/meta-oe/recipes-devtools/nodejs/nodejs_12.22.12.bb
@@ -22,6 +22,7 @@  SRC_URI = "http://nodejs.org/dist/v${PV}/node-v${PV}.tar.xz \
            file://big-endian.patch \
            file://mips-warnings.patch \
            file://0001-Remove-use-of-register-r7-because-llvm-now-issues-an.patch \
+           file://CVE-2022-32212.patch \
            "
 SRC_URI_append_class-target = " \
            file://0002-Using-native-binaries.patch \