import librabbitmq-0.9.0-2.el8

This commit is contained in:
CentOS Sources 2020-11-03 06:43:31 -05:00 committed by Andrew Lukoshko
parent 7923e1c628
commit b6b930fd57
2 changed files with 34 additions and 1 deletions

View File

@ -0,0 +1,28 @@
diff -up rabbitmq-c-0.9.0/librabbitmq/amqp_connection.c.CVE-2019-18609 rabbitmq-c-0.9.0/librabbitmq/amqp_connection.c
--- rabbitmq-c-0.9.0/librabbitmq/amqp_connection.c.CVE-2019-18609 2020-04-06 15:10:07.002386201 +0200
+++ rabbitmq-c-0.9.0/librabbitmq/amqp_connection.c 2020-04-06 15:17:03.624425371 +0200
@@ -287,12 +287,21 @@ int amqp_handle_input(amqp_connection_st
case CONNECTION_STATE_HEADER: {
amqp_channel_t channel;
amqp_pool_t *channel_pool;
- /* frame length is 3 bytes in */
+ uint32_t frame_size;
+
channel = amqp_d16(amqp_offset(raw_frame, 1));
- state->target_size =
- amqp_d32(amqp_offset(raw_frame, 3)) + HEADER_SIZE + FOOTER_SIZE;
+ /* frame length is 3 bytes in */
+ frame_size = amqp_d32(amqp_offset(raw_frame, 3));
+ /* To prevent the target_size calculation below from overflowing, check
+ * that the stated frame_size is smaller than a signed 32-bit. Given
+ * the library only allows configuring frame_max as an int32_t, and
+ * frame_size is uint32_t, the math below is safe from overflow. */
+ if (frame_size >= INT32_MAX) {
+ return AMQP_STATUS_BAD_AMQP_DATA;
+ }
+ state->target_size = frame_size + HEADER_SIZE + FOOTER_SIZE;
if ((size_t)state->frame_max < state->target_size) {
return AMQP_STATUS_BAD_AMQP_DATA;
}

View File

@ -10,10 +10,11 @@
Name: librabbitmq
Summary: Client library for AMQP
Version: 0.9.0
Release: 1%{?dist}
Release: 2%{?dist}
License: MIT
URL: https://github.com/alanxz/rabbitmq-c
Source0: https://github.com/alanxz/rabbitmq-c/archive/v%{version}.tar.gz
Patch0: rabbitmq-c-0.9.0-CVE-2019-18609.patch
BuildRequires: gcc
BuildRequires: cmake > 2.8
@ -55,6 +56,7 @@ amqp-publish Publish a message on an AMQP server
%prep
%setup -q -n rabbitmq-c-%{version}
%patch0 -p1 -b .CVE-2019-18609
# Copy sources to be included in -devel docs.
cp -pr examples Examples
@ -104,6 +106,9 @@ make test
%changelog
* Mon Apr 06 2020 Than Ngo <than@redhat.com> - 0.9.0-2
- Resolves: #1809992, CVE-2019-18609
* Thu Jun 28 2018 Than Ngo <than@redhat.com> - 0.9.0-1
- update to 0.9.0