Applied patch for for CVE-2022-48468 (#2186677)

Related: rhbz#2186677 Signed-off-by: Adrian Reber <areber@redhat.com>
2023-04-14 18:04:12 +02:00 · 2023-04-14 18:04:12 +02:00 · d117565461
commit d117565461
parent c56727fd5e
2 changed files with 64 additions and 1 deletions
--- a/ec3d900001a13ccdaa8aef996b34c61159c76217.patch
+++ b/ec3d900001a13ccdaa8aef996b34c61159c76217.patch
@ -0,0 +1,58 @@
+From 289f5c18b195aa43d46a619d1188709abbfa9c82 Mon Sep 17 00:00:00 2001
+From: 10054172 <hui.zhang@thalesgroup.com>
+Date: Fri, 18 Mar 2022 12:42:57 -0400
+Subject: [PATCH 1/2] Fix issue #499: unsigned integer overflow
+
+Signed-off-by: 10054172 <hui.zhang@thalesgroup.com>
+---
+ protobuf-c/protobuf-c.c | 11 +++++++----
+ 1 file changed, 7 insertions(+), 4 deletions(-)
+
+diff --git a/protobuf-c/protobuf-c.c b/protobuf-c/protobuf-c.c
+index 98052cdb..ec2d40a1 100644
+--- a/protobuf-c/protobuf-c.c
+++ b/protobuf-c/protobuf-c.c
+@@ -2603,10 +2603,13 @@ parse_required_member(ScannedMember *scanned_member,
+ 			return FALSE;
+ 
+ 		def_mess = scanned_member->field->default_value;
+-		subm = protobuf_c_message_unpack(scanned_member->field->descriptor,
+-						 allocator,
+-						 len - pref_len,
+-						 data + pref_len);
+		if (len > pref_len)
+			subm = protobuf_c_message_unpack(scanned_member->field->descriptor,
+							 allocator,
+							 len - pref_len,
+							 data + pref_len);
+		else
+			subm = NULL;
+ 
+ 		if (maybe_clear &&
+ 		    *pmessage != NULL &&
+
+From 0d1fd124a4e0a07b524989f6e64410ff648fba61 Mon Sep 17 00:00:00 2001
+From: "Todd C. Miller" <Todd.Miller@sudo.ws>
+Date: Thu, 9 Jun 2022 07:34:55 -0600
+Subject: [PATCH 2/2] Fix regression with zero-length messages introduced in
+ protobuf-c PR 500.
+
+[edmonds: Import bugfix from
+https://github.com/sudo-project/sudo/commit/b6a6451482a3ff5e30f43ef888159d4b0d39143b.patch.]
+---
+ protobuf-c/protobuf-c.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/protobuf-c/protobuf-c.c b/protobuf-c/protobuf-c.c
+index ec2d40a1..448f3e81 100644
+--- a/protobuf-c/protobuf-c.c
+++ b/protobuf-c/protobuf-c.c
+@@ -2603,7 +2603,7 @@ parse_required_member(ScannedMember *scanned_member,
+ 			return FALSE;
+ 
+ 		def_mess = scanned_member->field->default_value;
+-		if (len > pref_len)
+		if (len >= pref_len)
+ 			subm = protobuf_c_message_unpack(scanned_member->field->descriptor,
+ 							 allocator,
+ 							 len - pref_len,
--- a/protobuf-c.spec
+++ b/protobuf-c.spec
@ -1,11 +1,12 @@
 Name:           protobuf-c
 Version:        1.3.3
-Release:        12%{?dist}
+Release:        13%{?dist}
 Summary:        C bindings for Google's Protocol Buffers

 License:        BSD
 URL:            https://github.com/protobuf-c/protobuf-c
 Source0:        %{url}/releases/download/v%{version}/%{name}-%{version}.tar.gz
+Patch0:         %{url}/commit/ec3d900001a13ccdaa8aef996b34c61159c76217.patch

 BuildRequires: make
 BuildRequires:  gcc-c++
@ -36,6 +37,7 @@ This package contains protobuf-c headers and libraries.

 %prep
 %setup -q
+%patch -P 0 -p 1

 %build
 %configure --disable-static
@ -66,6 +68,9 @@ rm -vf $RPM_BUILD_ROOT/%{_libdir}/libprotobuf-c.la
 %{_libdir}/pkgconfig/libprotobuf-c.pc

 %changelog
+* Fri Apr 14 2023 Adrian Reber <areber@redhat.com> - 1.3.3-13
+- Applied patch for for CVE-2022-48468 (#2186677)
+
 * Thu Feb 24 2022 Adrian Reber <areber@redhat.com> - 1.3.3-12
 - Adapt tests to protobuf-c 1.3.3