!76 [sync] PR-74: fix CVE-2023-33953

From: @openeuler-sync-bot Reviewed-by: @sunsuwan Signed-off-by: @sunsuwan
2023-09-22 07:24:37 +00:00 · 2023-09-22 07:24:37 +00:00 · ac6650ad07
commit ac6650ad07
parent 1e5498074d ceb354bfc1
2 changed files with 45 additions and 1 deletions
--- a/fix-CVE-2023-33953-add-header-limit.patch
+++ b/fix-CVE-2023-33953-add-header-limit.patch
@ -0,0 +1,37 @@
+From 5fe782778f535ae68508fb7979df1cbfbdf4d6de Mon Sep 17 00:00:00 2001
+From: sunsuwan <sunsuwan3@huawei.com>
+Date: Mon, 4 Sep 2023 21:45:49 +0800
+Subject: [PATCH] CVE-2023-33953 add header limit
+
+Signed-off-by: zhouyihang <zhouyihang3@h-partners.com>
+Signed-off-by: sunsuwan <sunsuwan3@huawei.com>
+---
+ .../ext/transport/chttp2/transport/hpack_parser.cc   | 12 ++++++++++++
+ 1 file changed, 12 insertions(+)
+
+diff --git a/src/core/ext/transport/chttp2/transport/hpack_parser.cc b/src/core/ext/transport/chttp2/transport/hpack_parser.cc
+index 09681fa..6b191a7 100644
+--- a/src/core/ext/transport/chttp2/transport/hpack_parser.cc
+++ b/src/core/ext/transport/chttp2/transport/hpack_parser.cc
+@@ -1372,6 +1372,18 @@ grpc_error_handle grpc_chttp2_header_parser_parse(void* hpack_parser,
+   auto* parser = static_cast<grpc_core::HPackParser*>(hpack_parser);
+   if (s != nullptr) {
+     s->stats.incoming.header_bytes += GRPC_SLICE_LENGTH(slice);
+    if (s->stats.incoming.header_bytes > t->settings[GRPC_ACKED_SETTINGS]
+                                                    [GRPC_CHTTP2_SETTINGS_MAX_HEADER_LIST_SIZE]) {
+      grpc_chttp2_cancel_stream(
+      t, s,
+      grpc_error_set_int(GRPC_ERROR_CREATE_FROM_STATIC_STRING(
+                             "received header size exceeds limit"),
+                         GRPC_ERROR_INT_GRPC_STATUS,
+                         GRPC_STATUS_RESOURCE_EXHAUSTED));
+      grpc_chttp2_parsing_become_skip_parser(t);
+      s->seen_error = true;
+      return GRPC_ERROR_NONE;
+    }
+   }
+   grpc_error_handle error = parser->Parse(slice, is_last != 0);
+   if (error != GRPC_ERROR_NONE) {
+-- 
+2.33.0
+
--- a/grpc.spec
+++ b/grpc.spec
@ -3,7 +3,7 @@

 Name:          grpc
 Version:       1.41.1
-Release:       5
+Release:       6
 Summary:       A modern, open source high performance RPC framework that can run in any environment
 License:       ASL 2.0
 URL:           https://www.grpc.io
@ -14,6 +14,7 @@ Patch0007:     add-secure-compile-option-in-Makefile.patch
 Patch0010:     backport-grpc-1.41.1-python-grpcio-use-system-abseil.patch
 Patch0011:     backport-Ignore-Connection-Aborted-errors-on-accept-29318.patch
 Patch0012:     backport-iomgr-EventEngine-Improve-server-handling-o.patch
+Patch0013:     fix-CVE-2023-33953-add-header-limit.patch

 BuildRequires: gcc-c++ pkgconfig protobuf-devel protobuf-compiler
 BuildRequires: openssl-devel c-ares-devel gtest-devel zlib-devel gperftools-devel
@ -140,6 +141,12 @@ cd ../..
 %{python3_sitearch}/grpcio-%{version}-py?.?.egg-info

 %changelog
+* Fri Sep 22 2023 zhouyihang<zhouyihang3@h-partners.com> - 1.41.1-6
+- Type:CVE
+- ID:CVE-2023-33953
+- SUG:NA
+- DESC:fix CVE-2023-33953
+
 * Wed Sep 20 2023 zhouyihang<zhouyihang3@h-partners.com> - 1.41.1-5
 - Type:CVE
 - ID:CVE-2023-4785