!64 fix CVE-2024-24806

From: @tong_1001 Reviewed-by: @zengwefeng Signed-off-by: @zengwefeng
2024-02-19 02:12:14 +00:00 · 2024-02-19 02:12:14 +00:00 · bd5cfa88be
commit bd5cfa88be
parent 9f3a699956 64e8f8c28f
4 changed files with 126 additions and 1 deletions
--- a/backport-0001-CVE-2024-24806.patch
+++ b/backport-0001-CVE-2024-24806.patch
@ -0,0 +1,52 @@
+From 0f2d7e784a256b54b2385043438848047bc2a629 Mon Sep 17 00:00:00 2001
+From: Ben Noordhuis <info@bnoordhuis.nl>
+Date: Thu, 18 Jan 2024 14:51:40 +0100
+Subject: [PATCH] fix: always zero-terminate idna output
+
+Fixes: https://github.com/libuv/libuv/security/advisories/GHSA-f74f-cvh7-c6q6
+---
+ src/idna.c       | 5 +++--
+ test/test-idna.c | 4 ++++
+ 2 files changed, 7 insertions(+), 2 deletions(-)
+
+diff --git a/src/idna.c b/src/idna.c
+index b44cb16..645165c 100644
+--- a/src/idna.c
+++ b/src/idna.c
+@@ -307,8 +307,9 @@ long uv__idna_toascii(const char* s, const char* se, char* d, char* de) {
+       return rc;
+   }
+ 
+-  if (d < de)
+-    *d++ = '\0';
+  if (d >= de)
+    return UV_EINVAL;
+ 
+  *d++ = '\0';
+   return d - ds;  /* Number of bytes written. */
+ }
+diff --git a/test/test-idna.c b/test/test-idna.c
+index f4fad96..d079be5 100644
+--- a/test/test-idna.c
+++ b/test/test-idna.c
+@@ -99,6 +99,7 @@ TEST_IMPL(utf8_decode1) {
+ TEST_IMPL(utf8_decode1_overrun) {
+   const char* p;
+   char b[1];
+  char c[1];
+ 
+   /* Single byte. */
+   p = b;
+@@ -112,6 +113,9 @@ TEST_IMPL(utf8_decode1_overrun) {
+   ASSERT_EQ((unsigned) -1, uv__utf8_decode1(&p, b + 1));
+   ASSERT_EQ(p, b + 1);
+ 
+  b[0] = 0x7F;
+  ASSERT_EQ(UV_EINVAL, uv__idna_toascii(b, b + 1, c, c + 1));
+
+   return 0;
+ }
+ 
+-- 
+2.41.0
+
--- a/backport-0002-CVE-2024-24806.patch
+++ b/backport-0002-CVE-2024-24806.patch
@ -0,0 +1,40 @@
+From 3530bcc30350d4a6ccf35d2f7b33e23292b9de70 Mon Sep 17 00:00:00 2001
+From: Ben Noordhuis <info@bnoordhuis.nl>
+Date: Thu, 18 Jan 2024 14:52:38 +0100
+Subject: [PATCH] fix: reject zero-length idna inputs
+
+Fixes: https://github.com/libuv/libuv/security/advisories/GHSA-f74f-cvh7-c6q6
+---
+ src/idna.c       | 3 +++
+ test/test-idna.c | 1 +
+ 2 files changed, 4 insertions(+)
+
+diff --git a/src/idna.c b/src/idna.c
+index 645165c..abbfe87 100644
+--- a/src/idna.c
+++ b/src/idna.c
+@@ -273,6 +273,9 @@ long uv__idna_toascii(const char* s, const char* se, char* d, char* de) {
+   char* ds;
+   int rc;
+ 
+  if (s == se)
+    return UV_EINVAL;
+
+   ds = d;
+ 
+   si = s;
+diff --git a/test/test-idna.c b/test/test-idna.c
+index d079be5..d59b521 100644
+--- a/test/test-idna.c
+++ b/test/test-idna.c
+@@ -114,6 +114,7 @@ TEST_IMPL(utf8_decode1_overrun) {
+   ASSERT_EQ(p, b + 1);
+ 
+   b[0] = 0x7F;
+  ASSERT_EQ(UV_EINVAL, uv__idna_toascii(b, b + 0, c, c + 1));
+   ASSERT_EQ(UV_EINVAL, uv__idna_toascii(b, b + 1, c, c + 1));
+ 
+   return 0;
+-- 
+2.41.0
+
--- a/backport-0003-CVE-2024-24806.patch
+++ b/backport-0003-CVE-2024-24806.patch
@ -0,0 +1,27 @@
+From e0327e1d508b8207c9150b6e582f0adf26213c39 Mon Sep 17 00:00:00 2001
+From: Santiago Gimeno <santiago.gimeno@gmail.com>
+Date: Wed, 7 Feb 2024 20:27:58 +0100
+Subject: [PATCH] test: empty strings are not valid IDNA
+
+Fixes: https://github.com/libuv/libuv/security/advisories/GHSA-f74f-cvh7-c6q6
+---
+ test/test-idna.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/test/test-idna.c b/test/test-idna.c
+index d59b521..37da38d 100644
+--- a/test/test-idna.c
+++ b/test/test-idna.c
+@@ -150,8 +150,8 @@ TEST_IMPL(idna_toascii) {
+   /* Illegal inputs. */
+   F("\xC0\x80\xC1\x80", UV_EINVAL);  /* Overlong UTF-8 sequence. */
+   F("\xC0\x80\xC1\x80.com", UV_EINVAL);  /* Overlong UTF-8 sequence. */
+  F("", UV_EINVAL);
+   /* No conversion. */
+-  T("", "");
+   T(".", ".");
+   T(".com", ".com");
+   T("example", "example");
+-- 
+2.41.0
+
--- a/libuv.spec
+++ b/libuv.spec
@ -1,7 +1,7 @@
 Name:           libuv
 Epoch:          1
 Version:        1.42.0
-Release:        7
+Release:        8
 Summary:        A multi-platform support library with a focus on asynchronous I/O

 # from README.md
@ -12,6 +12,9 @@ Source0:        http://dist.libuv.org/dist/v%{version}/%{name}-v%{version}.tar.g
 Patch1:         libuv-Add-sw64-architecture.patch
 Patch2:         backport-Skip-some-tests.patch
 Patch3:         0001-test-fix-typo-in-test-tty-escape-sequence-processing.patch
+Patch6000:      backport-0001-CVE-2024-24806.patch
+Patch6001:      backport-0002-CVE-2024-24806.patch
+Patch6002:      backport-0003-CVE-2024-24806.patch

 BuildRequires:  autoconf automake libtool gcc make

@ -65,6 +68,9 @@ make check
 %doc ChangeLog

 %changelog
+* Sun Feb 18 2024 shixuantong <shixuantong1@huawei.com> - 1:1.42.0-8
+- fix CVE-2024-24806
+
 * Mon Apr 24 2023 shixuantong <shixuantong1@huawei.com> - 1:1.42.0-7
 - fix Obsoletes in spec and remove ldconfig_scriptlets from check