rpms/libuv
5
0
Fork 0
Code Issues Pull Requests Releases Activity

Backport fix for CVE-2024-24806

Browse Source
This commit is contained in:
Jan Staněk 2024-06-05 13:56:21 +02:00
parent 1e3c8c6f4e
commit 07592da011
No known key found for this signature in database
GPG Key ID: 2972F2037B243B6D
2 changed files with 89 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

82
0001-Fix-CVE-2024-24806.patch Normal file
View File

@ -0,0 +1,82 @@
From 4f0158bccc32c0050c6e6692d6eacd08d5f4f624 Mon Sep 17 00:00:00 2001
From: rpm-build <rpm-build>
Date: Wed, 5 Jun 2024 13:40:17 +0200
Subject: [PATCH] Fix CVE-2024-24806
- fix: always zero-terminate idna output
Original-Commit: https://github.com/libuv/libuv/commit/0f2d7e784a256b54b2385043438848047bc2a629
- fix: reject zero-length idna inputs
Original-Commit: https://github.com/libuv/libuv/commit/3530bcc30350d4a6ccf35d2f7b33e23292b9de70
- test: empty strings are not valid IDNA
Original-Commit: https://github.com/libuv/libuv/commit/e0327e1d508b8207c9150b6e582f0adf26213c39
Signed-off-by: Jan Staněk <jstanek@redhat.com>
---
src/idna.c | 8 ++++++--
test/test-idna.c | 7 ++++++-
2 files changed, 12 insertions(+), 3 deletions(-)
diff --git a/src/idna.c b/src/idna.c
index b44cb16..abbfe87 100644
--- a/src/idna.c
+++ b/src/idna.c
@@ -273,6 +273,9 @@ long uv__idna_toascii(const char* s, const char* se, char* d, char* de) {
char* ds;
int rc;
+ if (s == se)
+ return UV_EINVAL;
+
ds = d;
si = s;
@@ -307,8 +310,9 @@ long uv__idna_toascii(const char* s, const char* se, char* d, char* de) {
return rc;
}
- if (d < de)
- *d++ = '\0';
+ if (d >= de)
+ return UV_EINVAL;
+ *d++ = '\0';
return d - ds; /* Number of bytes written. */
}
diff --git a/test/test-idna.c b/test/test-idna.c
index f4fad96..37da38d 100644
--- a/test/test-idna.c
+++ b/test/test-idna.c
@@ -99,6 +99,7 @@ TEST_IMPL(utf8_decode1) {
TEST_IMPL(utf8_decode1_overrun) {
const char* p;
char b[1];
+ char c[1];
/* Single byte. */
p = b;
@@ -112,6 +113,10 @@ TEST_IMPL(utf8_decode1_overrun) {
ASSERT_EQ((unsigned) -1, uv__utf8_decode1(&p, b + 1));
ASSERT_EQ(p, b + 1);
+ b[0] = 0x7F;
+ ASSERT_EQ(UV_EINVAL, uv__idna_toascii(b, b + 0, c, c + 1));
+ ASSERT_EQ(UV_EINVAL, uv__idna_toascii(b, b + 1, c, c + 1));
+
return 0;
}
@@ -145,8 +150,8 @@ TEST_IMPL(idna_toascii) {
/* Illegal inputs. */
F("\xC0\x80\xC1\x80", UV_EINVAL); /* Overlong UTF-8 sequence. */
F("\xC0\x80\xC1\x80.com", UV_EINVAL); /* Overlong UTF-8 sequence. */
+ F("", UV_EINVAL);
/* No conversion. */
- T("", "");
T(".", ".");
T(".com", ".com");
T("example", "example");
--
2.45.1

10
libuv.spec
View File

@ -6,7 +6,7 @@
Name: libuv Name: libuv
Epoch: 1 Epoch: 1
Version: 1.42.0 Version: 1.42.0
Release: 1%{?dist} Release: 2%{?dist}
Summary: Platform layer for node.js Summary: Platform layer for node.js
# the licensing breakdown is described in detail in the LICENSE file # the licensing breakdown is described in detail in the LICENSE file
@ -17,10 +17,10 @@ Source2: %{name}.pc.in
Source3: libuv.abignore Source3: libuv.abignore
BuildRequires: autoconf automake libtool BuildRequires: autoconf automake libtool
BuildRequires: gcc BuildRequires: gcc make
BuildRequires: make
# -- Patches -- # # -- Patches -- #
Patch0001: 0001-Fix-CVE-2024-24806.patch
%description %description
libuv is a new platform layer for Node. Its purpose is to abstract IOCP on libuv is a new platform layer for Node. Its purpose is to abstract IOCP on
@ -81,6 +81,10 @@ install -Dm0644 -t %{buildroot}%{_libdir}/libuv/ %{SOURCE3}
%{_libdir}/%{name}.a %{_libdir}/%{name}.a
%changelog %changelog
* Wed Jun 05 2024 Jan Staněk <jstanek@redhat.com> - 1:1.42.0-2
- Backport fix for CVE-2024-24806
Resolves: RHEL-24791
* Fri Sep 17 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:1.42.0-1 * Fri Sep 17 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:1.42.0-1
- Rebased, resolves CVE-2021-22918 - Rebased, resolves CVE-2021-22918
- Resolves: RHBZ#2005319, RHBZ#1979928 - Resolves: RHBZ#2005319, RHBZ#1979928