!67 [sync] PR-66: CVE-2022-4899

From: @openeuler-sync-bot Reviewed-by: @gaoruoshu Signed-off-by: @gaoruoshu
fix CVE-2022-4899
2023-04-06 02:53:02 +00:00 · 2023-04-04 20:04:35 +08:00 · 2023-02-17 07:39:37 +00:00 · 2023-02-17 01:41:38 +00:00 · 2022-10-27 01:43:32 +00:00 · 2022-10-25 07:37:02 +00:00
5 changed files with 165 additions and 5 deletions
--- a/backport-0001-CVE-2022-4899.patch
+++ b/backport-0001-CVE-2022-4899.patch
@ -0,0 +1,79 @@
+From f9f27de91c89d826c6a39c3ef44fb1b02f9a43aa Mon Sep 17 00:00:00 2001
+From: Elliot Gorokhovsky <embg@fb.com>
+Date: Fri, 29 Jul 2022 14:44:22 -0700
+Subject: [PATCH] Disallow empty output directory
+
+Reference:https://github.com/facebook/zstd/commit/f9f27de91c89d826c6a39c3ef44fb1b02f9a43aa
+Conflict:NA
+---
+ programs/zstdcli.c                             | 18 ++++++++++++++++--
+ tests/cli-tests/basic/output_dir.sh            |  7 +++++++
+ .../cli-tests/basic/output_dir.sh.stderr.exact |  2 ++
+ .../cli-tests/basic/output_dir.sh.stdout.exact |  2 ++
+ 4 files changed, 27 insertions(+), 2 deletions(-)
+ create mode 100755 tests/cli-tests/basic/output_dir.sh
+ create mode 100644 tests/cli-tests/basic/output_dir.sh.stderr.exact
+ create mode 100644 tests/cli-tests/basic/output_dir.sh.stdout.exact
+
+diff --git a/programs/zstdcli.c b/programs/zstdcli.c
+index 239aaf4..fb87dec 100644
+--- a/programs/zstdcli.c
+++ b/programs/zstdcli.c
+@@ -931,9 +931,23 @@ int main(int const argCount, const char* argv[])
+                 if (longCommandWArg(&argument, "--stream-size=")) { streamSrcSize = readSizeTFromChar(&argument); continue; }
+                 if (longCommandWArg(&argument, "--target-compressed-block-size=")) { targetCBlockSize = readSizeTFromChar(&argument); continue; }
+                 if (longCommandWArg(&argument, "--size-hint=")) { srcSizeHint = readSizeTFromChar(&argument); continue; }
+-                if (longCommandWArg(&argument, "--output-dir-flat")) { NEXT_FIELD(outDirName); continue; }
+                if (longCommandWArg(&argument, "--output-dir-flat")) {
+                    NEXT_FIELD(outDirName);
+                    if (strlen(outDirName) == 0) {
+                        DISPLAY("error: output dir cannot be empty string (did you mean to pass '.' instead?)\n");
+                        CLEAN_RETURN(1);
+                    }
+                    continue;
+                }
+ #ifdef UTIL_HAS_MIRRORFILELIST
+-                if (longCommandWArg(&argument, "--output-dir-mirror")) { NEXT_FIELD(outMirroredDirName); continue; }
+                if (longCommandWArg(&argument, "--output-dir-mirror")) {
+                    NEXT_FIELD(outMirroredDirName);
+                    if (strlen(outMirroredDirName) == 0) {
+                        DISPLAY("error: output dir cannot be empty string (did you mean to pass '.' instead?)\n");
+                        CLEAN_RETURN(1);
+                    }
+                    continue;
+                }
+ #endif
+ #ifndef ZSTD_NOTRACE
+                 if (longCommandWArg(&argument, "--trace")) { char const* traceFile; NEXT_FIELD(traceFile); TRACE_enable(traceFile); continue; }
+diff --git a/tests/cli-tests/basic/output_dir.sh b/tests/cli-tests/basic/output_dir.sh
+new file mode 100755
+index 0000000..a8819d2
+--- /dev/null
+++ b/tests/cli-tests/basic/output_dir.sh
+@@ -0,0 +1,7 @@
+#!/bin/sh
+
+println "+ zstd -r * --output-dir-mirror=\"\""
+zstd -r * --output-dir-mirror="" && die "Should not allow empty output dir!"
+println "+ zstd -r * --output-dir-flat=\"\""
+zstd -r * --output-dir-flat="" && die "Should not allow empty output dir!"
+exit 0
+diff --git a/tests/cli-tests/basic/output_dir.sh.stderr.exact b/tests/cli-tests/basic/output_dir.sh.stderr.exact
+new file mode 100644
+index 0000000..e12b504
+--- /dev/null
+++ b/tests/cli-tests/basic/output_dir.sh.stderr.exact
+@@ -0,0 +1,2 @@
+error: output dir cannot be empty string (did you mean to pass '.' instead?)
+error: output dir cannot be empty string (did you mean to pass '.' instead?)
+diff --git a/tests/cli-tests/basic/output_dir.sh.stdout.exact b/tests/cli-tests/basic/output_dir.sh.stdout.exact
+new file mode 100644
+index 0000000..1e478cd
+--- /dev/null
+++ b/tests/cli-tests/basic/output_dir.sh.stdout.exact
+@@ -0,0 +1,2 @@
++ zstd -r * --output-dir-mirror=""
++ zstd -r * --output-dir-flat=""
+-- 
+2.33.0
+
--- a/backport-0002-CVE-2022-4899.patch
+++ b/backport-0002-CVE-2022-4899.patch
@ -0,0 +1,65 @@
+From e1873ad576cb478fff0e6e44ad99599cd5fd2846 Mon Sep 17 00:00:00 2001
+From: Elliot Gorokhovsky <embg@fb.com>
+Date: Fri, 29 Jul 2022 11:10:47 -0700
+Subject: [PATCH] Fix buffer underflow for null dir1
+
+Reference:https://github.com/facebook/zstd/commit/e1873ad576cb478fff0e6e44ad99599cd5fd2846
+Conflict:NA
+---
+ programs/util.c | 38 +++++++++++++++++++-------------------
+ 1 file changed, 19 insertions(+), 19 deletions(-)
+
+diff --git a/programs/util.c b/programs/util.c
+index f53eb03fbe..b874344c4d 100644
+--- a/programs/util.c
+++ b/programs/util.c
+@@ -870,30 +870,30 @@ static const char * trimPath(const char *pathname)
+ 
+ static char* mallocAndJoin2Dir(const char *dir1, const char *dir2)
+ {
+-    const size_t dir1Size = strlen(dir1);
+-    const size_t dir2Size = strlen(dir2);
+-    char *outDirBuffer, *buffer, trailingChar;
+-
+     assert(dir1 != NULL && dir2 != NULL);
+-    outDirBuffer = (char *) malloc(dir1Size + dir2Size + 2);
+-    CONTROL(outDirBuffer != NULL);
+    {   const size_t dir1Size = strlen(dir1);
+        const size_t dir2Size = strlen(dir2);
+        char *outDirBuffer, *buffer;
+ 
+-    memcpy(outDirBuffer, dir1, dir1Size);
+-    outDirBuffer[dir1Size] = '\0';
+        outDirBuffer = (char *) malloc(dir1Size + dir2Size + 2);
+        CONTROL(outDirBuffer != NULL);
+ 
+-    if (dir2[0] == '.')
+-        return outDirBuffer;
+        memcpy(outDirBuffer, dir1, dir1Size);
+        outDirBuffer[dir1Size] = '\0';
+ 
+-    buffer = outDirBuffer + dir1Size;
+-    trailingChar = *(buffer - 1);
+-    if (trailingChar != PATH_SEP) {
+-        *buffer = PATH_SEP;
+-        buffer++;
+-    }
+-    memcpy(buffer, dir2, dir2Size);
+-    buffer[dir2Size] = '\0';
+        if (dir2[0] == '.')
+            return outDirBuffer;
+ 
+-    return outDirBuffer;
+        buffer = outDirBuffer + dir1Size;
+        if (dir1Size > 0 && *(buffer - 1) != PATH_SEP) {
+            *buffer = PATH_SEP;
+            buffer++;
+        }
+        memcpy(buffer, dir2, dir2Size);
+        buffer[dir2Size] = '\0';
+
+        return outDirBuffer;
+    }
+ }
+ 
+ /* this function will return NULL if input srcFileName is not valid name for mirrored output path */
--- a/zstd-1.4.8.tar.gz
+++ b/zstd-1.4.8.tar.gz
--- a/zstd-1.5.0.tar.gz
+++ b/zstd-1.5.0.tar.gz
--- a/zstd.spec
+++ b/zstd.spec
@ -1,13 +1,16 @@
 %bcond_without pzstd

 Name:            zstd
-Version:         1.4.8
-Release:	 1
+Version:         1.5.0
+Release:	 4
 Summary:         A fast lossless compression algorithm
 License:         BSD and GPLv2
 URL:             https://github.com/facebook/zstd
 Source0:         https://github.com/facebook/zstd/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz

+Patch6000:       backport-0001-CVE-2022-4899.patch
+Patch6001:       backport-0002-CVE-2022-4899.patch
+
 BuildRequires:   gtest-devel gcc-c++ pkg-config

 Provides:        libzstd
@ -48,9 +51,7 @@ done
 %endif

 %check
-%ifarch %{arm}
-make -C tests test-zstd
-%endif
+make -C tests test
 %if %{with pzstd}
 make -C contrib/pzstd test CXXFLAGS="$RPM_OPT_FLAGS -std=c++11"
 %endif
@ -87,6 +88,21 @@ install -D -m644 programs/zstd.1 %{buildroot}%{_mandir}/man1/pzstd.1
 %{_mandir}/man1/*.1*

 %changelog
+* Tue Apr 4 2023 zhoupengcheng <zhoupengcheng11@huawei.com> - 1.5.0-4
+* fix CVE-2022-4899
+
+* Thu Feb 16 2023 wangjiang <wangjiang37@h-partners.com> - 1.5.0-3
+- enable check
+
+* Tue Oct 25 2022 yanglongkang <yanglongkang@h-partners.com> - 1.5.0-2
+- rebuild for next release
+
+* Tue Dec 21 2021 shixuantong <shixuantong@huawei.com> - 1.5.0-1
+- update version to 1.5.0
+
+* Tue Mar 16 2021 shixuantong <shixuantong@huawei.com> - 1.4.8-2
+- fix CVE-2021-24032
+
 * Thu Jan 28 2021 liudabo <liudabo1@huawei.com> - 1.4.8-1
 - upgrade version to 1.4.8
Author	SHA1	Message	Date
openeuler-ci-bot	f11af623e4	!67 [sync] PR-66: CVE-2022-4899 From: @openeuler-sync-bot Reviewed-by: @gaoruoshu Signed-off-by: @gaoruoshu	2023-04-06 02:53:02 +00:00
zhoupengcheng	d85796c6f3	fix CVE-2022-4899 (cherry picked from commit d018a5263c76f7b4775661982ca2435932dbc0ea)	2023-04-04 20:04:35 +08:00
openeuler-ci-bot	93903d69fd	!63 enable check From: @wangjiang37 Reviewed-by: @lvying6 Signed-off-by: @lvying6	2023-02-17 07:39:37 +00:00
wangjiang	cdcf943fcc	enable check	2023-02-17 01:41:38 +00:00
openeuler-ci-bot	8d998cf88f	!57 【轻量级 PR】：rebuild for next release From: @markeryang Reviewed-by: @xiezhipeng1 Signed-off-by: @xiezhipeng1	2022-10-27 01:43:32 +00:00
Markeryang	845cbaf6f9	update for mass rebuild and upgrade verification	2022-10-25 07:37:02 +00:00
openeuler-ci-bot	197ff69dc5	!53 update version to 1.5.0 Merge pull request !53 from 桐小哥/openEuler-22.03-LTS-Next	2021-12-21 06:12:25 +00:00
shixuantong	dbdcd6a987	update version to 1.5.0	2021-12-21 11:23:45 +08:00
openeuler-ci-bot	808132b85e	!10 fix CVE-2021-24032 From: @tong_1001 Reviewed-by: @hanxinke Signed-off-by: @hanxinke	2021-03-16 19:50:00 +08:00
sxt1001	bda992aa49	fix CVE-2021-24032	2021-03-16 15:07:40 +08:00