From 89dac4f0272b3503edca167dc08de885577ef25a5106e67a112c5c0ec154a02c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adrian=20Schr=C3=B6ter?= Date: Fri, 18 Oct 2024 15:43:52 +0200 Subject: [PATCH] Sync from SUSE:SLFO:Main protobuf revision 05710d91972b3c8760cc3fb1abaed678 --- CVE-2024-7254.patch | 146 ++++++++++++++++++++++++++++++++++++++++++++ protobuf.changes | 6 ++ protobuf.spec | 2 + 3 files changed, 154 insertions(+) create mode 100644 CVE-2024-7254.patch diff --git a/CVE-2024-7254.patch b/CVE-2024-7254.patch new file mode 100644 index 0000000..9a7c262 --- /dev/null +++ b/CVE-2024-7254.patch @@ -0,0 +1,146 @@ +From 45fcced917ca6650a236eb628e0bca0da8587fd8 Mon Sep 17 00:00:00 2001 +From: Protobuf Team Bot +Date: Thu, 18 Jul 2024 07:41:01 -0700 +Subject: [PATCH] Internal change + +PiperOrigin-RevId: 653615736 +--- + .../core/src/main/java/com/google/protobuf/ArrayDecoders.java | 3 +-- + .../com/google/protobuf/InvalidProtocolBufferException.java | 2 +- + .../core/src/main/java/com/google/protobuf/MessageSchema.java | 3 +++ + .../src/main/java/com/google/protobuf/MessageSetSchema.java | 1 + + .../src/main/java/com/google/protobuf/UnknownFieldSchema.java | 3 +-- + java/lite/src/test/java/com/google/protobuf/LiteTest.java | 3 +++ + src/google/protobuf/unittest_lite.proto | 4 ++++ + 7 files changed, 14 insertions(+), 5 deletions(-) + +diff --git a/java/core/src/main/java/com/google/protobuf/ArrayDecoders.java b/java/core/src/main/java/com/google/protobuf/ArrayDecoders.java +index 183bbc2c5..855174f6d 100644 +--- a/java/core/src/main/java/com/google/protobuf/ArrayDecoders.java ++++ b/java/core/src/main/java/com/google/protobuf/ArrayDecoders.java +@@ -47,8 +47,7 @@ import java.io.IOException; + @CheckReturnValue + final class ArrayDecoders { + +- private ArrayDecoders() { +- } ++ private ArrayDecoders() {} + + /** + * A helper used to return multiple values in a Java function. Java doesn't natively support +diff --git a/java/core/src/main/java/com/google/protobuf/InvalidProtocolBufferException.java b/java/core/src/main/java/com/google/protobuf/InvalidProtocolBufferException.java +index 7f36e0983..fb7eb8fee 100644 +--- a/java/core/src/main/java/com/google/protobuf/InvalidProtocolBufferException.java ++++ b/java/core/src/main/java/com/google/protobuf/InvalidProtocolBufferException.java +@@ -155,7 +155,7 @@ public class InvalidProtocolBufferException extends IOException { + static InvalidProtocolBufferException recursionLimitExceeded() { + return new InvalidProtocolBufferException( + "Protocol message had too many levels of nesting. May be malicious. " +- + "Use CodedInputStream.setRecursionLimit() to increase the depth limit."); ++ + "Use setRecursionLimit() to increase the recursion depth limit."); + } + + static InvalidProtocolBufferException sizeLimitExceeded() { +diff --git a/java/core/src/main/java/com/google/protobuf/MessageSchema.java b/java/core/src/main/java/com/google/protobuf/MessageSchema.java +index ae5dddc53..3d9f7b402 100644 +--- a/java/core/src/main/java/com/google/protobuf/MessageSchema.java ++++ b/java/core/src/main/java/com/google/protobuf/MessageSchema.java +@@ -3946,6 +3946,7 @@ final class MessageSchema implements Schema { + unknownFields = unknownFieldSchema.getBuilderFromMessage(message); + } + // Unknown field. ++ + if (unknownFieldSchema.mergeOneFieldFrom(unknownFields, reader)) { + continue; + } +@@ -4321,6 +4322,7 @@ final class MessageSchema implements Schema { + if (unknownFields == null) { + unknownFields = unknownFieldSchema.getBuilderFromMessage(message); + } ++ + if (!unknownFieldSchema.mergeOneFieldFrom(unknownFields, reader)) { + return; + } +@@ -4337,6 +4339,7 @@ final class MessageSchema implements Schema { + if (unknownFields == null) { + unknownFields = unknownFieldSchema.getBuilderFromMessage(message); + } ++ + if (!unknownFieldSchema.mergeOneFieldFrom(unknownFields, reader)) { + return; + } +diff --git a/java/core/src/main/java/com/google/protobuf/MessageSetSchema.java b/java/core/src/main/java/com/google/protobuf/MessageSetSchema.java +index 987c08632..77b52d3e7 100644 +--- a/java/core/src/main/java/com/google/protobuf/MessageSetSchema.java ++++ b/java/core/src/main/java/com/google/protobuf/MessageSetSchema.java +@@ -301,6 +301,7 @@ final class MessageSetSchema implements Schema { + reader, extension, extensionRegistry, extensions); + return true; + } else { ++ + return unknownFieldSchema.mergeOneFieldFrom(unknownFields, reader); + } + } else { +diff --git a/java/core/src/main/java/com/google/protobuf/UnknownFieldSchema.java b/java/core/src/main/java/com/google/protobuf/UnknownFieldSchema.java +index 681b824d8..662242492 100644 +--- a/java/core/src/main/java/com/google/protobuf/UnknownFieldSchema.java ++++ b/java/core/src/main/java/com/google/protobuf/UnknownFieldSchema.java +@@ -78,7 +78,6 @@ abstract class UnknownFieldSchema { + /** Marks unknown fields as immutable. */ + abstract void makeImmutable(Object message); + +- /** Merges one field into the unknown fields. */ + final boolean mergeOneFieldFrom(B unknownFields, Reader reader) throws IOException { + int tag = reader.getTag(); + int fieldNumber = WireFormat.getTagFieldNumber(tag); +@@ -111,7 +110,7 @@ abstract class UnknownFieldSchema { + } + } + +- final void mergeFrom(B unknownFields, Reader reader) throws IOException { ++ private final void mergeFrom(B unknownFields, Reader reader) throws IOException { + while (true) { + if (reader.getFieldNumber() == Reader.READ_DONE + || !mergeOneFieldFrom(unknownFields, reader)) { +diff --git a/java/lite/src/test/java/com/google/protobuf/LiteTest.java b/java/lite/src/test/java/com/google/protobuf/LiteTest.java +index a58ce95df..cc664e639 100644 +--- a/java/lite/src/test/java/com/google/protobuf/LiteTest.java ++++ b/java/lite/src/test/java/com/google/protobuf/LiteTest.java +@@ -33,12 +33,14 @@ package com.google.protobuf; + import static com.google.common.truth.Truth.assertThat; + import static com.google.common.truth.Truth.assertWithMessage; + import static java.util.Collections.singletonList; ++import static org.junit.Assert.assertThrows; + + import com.google.protobuf.FieldPresenceTestProto.TestAllTypes; + import com.google.protobuf.UnittestImportLite.ImportEnumLite; + import com.google.protobuf.UnittestImportPublicLite.PublicImportMessageLite; + import com.google.protobuf.UnittestLite.ForeignEnumLite; + import com.google.protobuf.UnittestLite.ForeignMessageLite; ++import com.google.protobuf.UnittestLite.RecursiveGroup; + import com.google.protobuf.UnittestLite.RecursiveMessage; + import com.google.protobuf.UnittestLite.TestAllExtensionsLite; + import com.google.protobuf.UnittestLite.TestAllTypesLite; +@@ -73,6 +75,7 @@ import java.util.ArrayList; + import java.util.Arrays; + import java.util.Iterator; + import java.util.List; ++import java.util.concurrent.atomic.AtomicBoolean; + import org.junit.Before; + import org.junit.Test; + import org.junit.runner.RunWith; +diff --git a/src/google/protobuf/unittest_lite.proto b/src/google/protobuf/unittest_lite.proto +index b594b6f6a..7cb988319 100644 +--- a/src/google/protobuf/unittest_lite.proto ++++ b/src/google/protobuf/unittest_lite.proto +@@ -523,3 +523,7 @@ message RecursiveMessage { + optional RecursiveMessage recurse = 1; + optional bytes payload = 2; + } ++ ++message RecursiveGroup { ++ RecursiveGroup recurse = 1 [features.message_encoding = DELIMITED]; ++} +-- +2.47.0 + diff --git a/protobuf.changes b/protobuf.changes index a6eb8d8..fb556f8 100644 --- a/protobuf.changes +++ b/protobuf.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Tue Oct 15 06:15:25 UTC 2024 - John Paul Adrian Glaubitz + +- Add patch to fix StackOverflow vulnerability in Protocol Buffers + * CVE-2024-7254.patch (bsc#1230778, CVE-2024-7254) + ------------------------------------------------------------------- Thu Dec 21 13:53:29 UTC 2023 - Dirk Müller diff --git a/protobuf.spec b/protobuf.spec index 64b7ebf..f4d8270 100644 --- a/protobuf.spec +++ b/protobuf.spec @@ -38,6 +38,8 @@ Source1: manifest.txt.in Source2: baselibs.conf Source1000: %{name}-rpmlintrc Patch0: add-missing-stdint-header.patch +# PATCH-FIX-UPSTREAM - Fix StackOverflow vulnerability in Protocol Buffers (CVE-2024-7254) +Patch1: CVE-2024-7254.patch BuildRequires: %{python_module abseil} BuildRequires: %{python_module devel >= 3.7} BuildRequires: %{python_module python-dateutil}