From ec95efbd2b23d0cf054cd94fb7575aa8656042ae Mon Sep 17 00:00:00 2001
From: heppen <hepeng68@huawei.com>
Date: Mon, 25 Sep 2023 10:24:12 +0800
Subject: [PATCH] Fix CVE-2023-30364 for libcoap and update %patch usage in
 spec.

---
 ...ird-party-libcoap-fix-CVE-2023-30364.patch | 55 +++++++++++++++++++
 dsoftbus.spec                                 | 47 +++++++++-------
 2 files changed, 82 insertions(+), 20 deletions(-)
 create mode 100644 0019-third-party-libcoap-fix-CVE-2023-30364.patch

diff --git a/0019-third-party-libcoap-fix-CVE-2023-30364.patch b/0019-third-party-libcoap-fix-CVE-2023-30364.patch
new file mode 100644
index 0000000..7abfd80
--- /dev/null
+++ b/0019-third-party-libcoap-fix-CVE-2023-30364.patch
@@ -0,0 +1,55 @@
+From 905c17b5c116b039c1083290679be3f6c27fe401 Mon Sep 17 00:00:00 2001
+From: heppen <hepeng68@huawei.com>
+Date: Thu, 14 Sep 2023 18:59:15 +0800
+Subject: [PATCH] bugfix cve-2023-30362
+
+---
+ src/net.c | 32 +++++++++++++++++++-------------
+ 1 file changed, 19 insertions(+), 13 deletions(-)
+
+diff --git a/src/net.c b/src/net.c
+index 7154628..a432ddd 100644
+--- a/src/net.c
++++ b/src/net.c
+@@ -1217,19 +1217,25 @@ coap_send_internal(coap_session_t *session, coap_pdu_t *pdu) {
+ 
+       /* Need to check that we are not seeing this proxy in the return loop */
+       if (pdu->data && opt == NULL) {
+-        if (pdu->used_size + 1 <= pdu->max_size) {
+-          char *a_match;
+-          size_t data_len = pdu->used_size - (pdu->data - pdu->token);
+-          pdu->data[data_len] = '\000';
+-          a_match = strstr((char*)pdu->data, cp);
+-          if (a_match && (a_match == (char*)pdu->data || a_match[-1] == ' ') &&
+-              ((size_t)(a_match - (char*)pdu->data + len) == data_len ||
+-               a_match[len] == ' ')) {
+-            coap_log(LOG_WARNING, "Proxy loop detected '%s'\n",
+-                     (char*)pdu->data);
+-            coap_delete_pdu(pdu);
+-            return (coap_mid_t)COAP_DROPPED_RESPONSE;
+-          }
++        char *a_match;
++        size_t data_len;
++
++        if (pdu->used_size + 1 > pdu->max_size) {
++          /* No space */
++          return (coap_mid_t)COAP_DROPPED_RESPONSE;
++        }
++        if (!coap_pdu_resize(pdu, pdu->used_size + 1)) {
++          /* Internal error */
++          return (coap_mid_t)COAP_DROPPED_RESPONSE;
++        }
++        data_len = pdu->used_size - (pdu->data - pdu->token);
++        pdu->data[data_len] = '\000';
++        a_match = strstr((char*)pdu->data, cp);
++        if (a_match && (a_match == (char*)pdu->data || a_match[-1] == ' ') &&
++            ((size_t)(a_match - (char*)pdu->data + len) == data_len ||
++             a_match[len] == ' ')) {
++          coap_delete_pdu(pdu);
++          return (coap_mid_t)COAP_DROPPED_RESPONSE;
+         }
+       }
+       if (pdu->used_size + len + 1 <= pdu->max_size) {
+-- 
+2.33.0
+
diff --git a/dsoftbus.spec b/dsoftbus.spec
index fcd7f03..97c3b91 100644
--- a/dsoftbus.spec
+++ b/dsoftbus.spec
@@ -14,7 +14,7 @@
 
 Name: dsoftbus
 Version: 1.0.0
-Release: 4
+Release: 5
 Summary: openEuler embedded softbus capability support
 License: Apache License 2.0
 Url: https://openeuler.gitee.io/yocto-meta-openeuler/features/distributed_softbus.html
@@ -46,6 +46,7 @@ Patch0015: 0015-simplify-dependency-on-third-party-packages.patch
 Patch0016: 0016-adapter-cjson-in-openEuler-for-softbus.patch
 Patch0017: 0017-simplify-dependency-for-dsoftbus-standard.patch
 Patch0018: 0018-open-udp-stream-and-file-feature-for-dsoftbus.patch
+Patch0019: 0019-third-party-libcoap-fix-CVE-2023-30364.patch
 
 BuildRequires: gcc, g++, cmake, python, zip, unzip, ninja-build, git, libboundscheck, cjson-devel, openssl-devel, gn
 
@@ -53,6 +54,8 @@ BuildRequires: gcc, g++, cmake, python, zip, unzip, ninja-build, git, libboundsc
 OpenEuler supports distributed softbus capability, which is part of openEuler's embedded capability
 
 %prep
+rm -rf %{_builddir}/*
+
 # Create the directories needed for the build
 dsoftbus_build_dir="%{_builddir}/dsoftbus_build"
 dsoftbus_prebuilts_build_tools="${dsoftbus_build_dir}/prebuilts/build-tools/linux-x86/bin"
@@ -110,25 +113,26 @@ mv %{_builddir}/%{source_security_device_auth}-%{openHarmony_source_release} ${d
 mv %{_builddir}/%{source_commonlibrary_c_utils}-%{openHarmony_source_release} ${dsoftbus_utils}/native
 
 # do patch
-%patch -p1 -d ${dsoftbus_build_dir}/build
-%patch1 -p1 -d ${dsoftbus_build_dir}/build
-%patch2 -p1 -d ${dsoftbus_build_dir}/build 
-%patch3 -p1 -d ${dsoftbus_utils}/native
-%patch4 -p1 -d ${dsoftbus_thirdparty}/mbedtls
-%patch5 -p1 -d ${dsoftbus_thirdparty}/mbedtls
-%patch6 -p1 -d ${dsoftbus_thirdparty}/mbedtls
-%patch7 -p1 -d ${dsoftbus_hichain}/huks
-%patch8 -p1 -d ${dsoftbus_hichain}/deviceauth
-%patch9 -p1 -d ${dsoftbus_hichain}/deviceauth
-%patch10 -p1 -d ${dsoftbus_hichain}/deviceauth
-%patch11 -p1 -d ${dsoftbus_build_dir}/build 
-%patch12 -p1 -d ${dsoftbus_thirdparty}/bounds_checking_function
-%patch13 -p1 -d ${dsoftbus_productdefine}
-%patch14 -p1 -d ${dsoftbus_depend}
-%patch15 -p1 -d ${dsoftbus_hichain}/huks
-%patch16 -p1 -d ${dsoftbus_thirdparty}/cJSON
-%patch17 -p1 -d %{_builddir}/%{source_dsoftbus_standard}
-%patch18 -p1 -d %{_builddir}/%{source_dsoftbus_standard}
+%patch -P0 -p1 -d ${dsoftbus_build_dir}/build
+%patch -P1 -p1 -d ${dsoftbus_build_dir}/build
+%patch -P2 -p1 -d ${dsoftbus_build_dir}/build
+%patch -P3 -p1 -d ${dsoftbus_utils}/native
+%patch -P4 -p1 -d ${dsoftbus_thirdparty}/mbedtls
+%patch -P5 -p1 -d ${dsoftbus_thirdparty}/mbedtls
+%patch -P6 -p1 -d ${dsoftbus_thirdparty}/mbedtls
+%patch -P7 -p1 -d ${dsoftbus_hichain}/huks
+%patch -P8 -p1 -d ${dsoftbus_hichain}/deviceauth
+%patch -P9 -p1 -d ${dsoftbus_hichain}/deviceauth
+%patch -P10 -p1 -d ${dsoftbus_hichain}/deviceauth
+%patch -P11 -p1 -d ${dsoftbus_build_dir}/build
+%patch -P12 -p1 -d ${dsoftbus_thirdparty}/bounds_checking_function
+%patch -P13 -p1 -d ${dsoftbus_productdefine}
+%patch -P14 -p1 -d ${dsoftbus_depend}
+%patch -P15 -p1 -d ${dsoftbus_hichain}/huks
+%patch -P16 -p1 -d ${dsoftbus_thirdparty}/cJSON
+%patch -P17 -p1 -d %{_builddir}/%{source_dsoftbus_standard}
+%patch -P18 -p1 -d %{_builddir}/%{source_dsoftbus_standard}
+%patch -P19 -p1 -d ${dsoftbus_thirdparty}/libcoap
 
 # init gn root
 ln -s ${dsoftbus_build_dir}/build/build_scripts/build.sh ${dsoftbus_build_dir}/build.sh
@@ -201,6 +205,9 @@ ${dsoftbus_build_dir}/third_party/bounds_checking_function/include/*.h \
 /data/data
 
 %changelog
+* Mon Sep 25 2023 heppen <hepeng68@huawei.com> - 1.0.0-5
+- fix CVE-2023-30364 for libcoap
+
 * Wed Sep 20 2023 heppen <hepeng68@huawei.com> - 1.0.0-4
 - open udp stream and file feature for dsoftbus