packages/protobuf-c
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!31 fix unsigned inter overflow

Browse Source 
From: @hd-zhoujie 
Reviewed-by: @SuperSix173 
Signed-off-by: @SuperSix173
This commit is contained in:
openeuler-ci-bot 2023-04-20 13:00:53 +00:00 committed by Gitee
commit e29ee13347
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
3 changed files with 73 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
backport-0001-Fix-issue-499-unsigned-integer-overflow.patch Normal file
View File

@ -0,0 +1,35 @@
From 289f5c18b195aa43d46a619d1188709abbfa9c82 Mon Sep 17 00:00:00 2001
From: 10054172 <hui.zhang@thalesgroup.com>
Date: Fri, 18 Mar 2022 12:42:57 -0400
Subject: [PATCH 1/2] Fix issue #499: unsigned integer overflow
Signed-off-by: 10054172 <hui.zhang@thalesgroup.com>
---
protobuf-c/protobuf-c.c | 11 +++++++----
1 file changed, 7 insertions(+), 4 deletions(-)
diff --git a/protobuf-c/protobuf-c.c b/protobuf-c/protobuf-c.c
index 98052cd..ec2d40a 100644
--- a/protobuf-c/protobuf-c.c
+++ b/protobuf-c/protobuf-c.c
@@ -2603,10 +2603,13 @@ parse_required_member(ScannedMember *scanned_member,
return FALSE;
def_mess = scanned_member->field->default_value;
- subm = protobuf_c_message_unpack(scanned_member->field->descriptor,
- allocator,
- len - pref_len,
- data + pref_len);
+ if (len > pref_len)
+ subm = protobuf_c_message_unpack(scanned_member->field->descriptor,
+ allocator,
+ len - pref_len,
+ data + pref_len);
+ else
+ subm = NULL;
if (maybe_clear &&
*pmessage != NULL &&
--
2.37.3.windows.1

28
backport-0002-Fix-regression-with-zero-length-messages-introduced-.patch Normal file
View File

@ -0,0 +1,28 @@
From 0d1fd124a4e0a07b524989f6e64410ff648fba61 Mon Sep 17 00:00:00 2001
From: "Todd C. Miller" <Todd.Miller@sudo.ws>
Date: Thu, 9 Jun 2022 07:34:55 -0600
Subject: [PATCH 2/2] Fix regression with zero-length messages introduced in
protobuf-c PR 500.
[edmonds: Import bugfix from
https://github.com/sudo-project/sudo/commit/b6a6451482a3ff5e30f43ef888159d4b0d39143b.patch.]
---
protobuf-c/protobuf-c.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/protobuf-c/protobuf-c.c b/protobuf-c/protobuf-c.c
index ec2d40a..448f3e8 100644
--- a/protobuf-c/protobuf-c.c
+++ b/protobuf-c/protobuf-c.c
@@ -2603,7 +2603,7 @@ parse_required_member(ScannedMember *scanned_member,
return FALSE;
def_mess = scanned_member->field->default_value;
- if (len > pref_len)
+ if (len >= pref_len)
subm = protobuf_c_message_unpack(scanned_member->field->descriptor,
allocator,
len - pref_len,
--
2.37.3.windows.1

11
protobuf-c.spec
View File

@ -1,6 +1,6 @@
Name: protobuf-c
Version: 1.3.2
Release: 4
Release: 5
Summary: This is protobuf-c, a C implementation of the Google Protocol Buffers data serialization format
License: BSD
URL: https://github.com/protobuf-c/protobuf-c
@ -9,6 +9,9 @@ BuildRequires: autoconf automake libtool gcc-c++ pkgconfig(protobuf)
Provides: %{name}-compiler = %{version}-%{release}
Obsoletes: %{name}-compiler < %{version}-%{release}
Patch6000: backport-0001-Fix-issue-499-unsigned-integer-overflow.patch
Patch6001: backport-0002-Fix-regression-with-zero-length-messages-introduced-.patch
%description
This is protobuf-c, a C implementation of the Google Protocol Buffers data serialization format.
@ -51,6 +54,12 @@ make check
%{_libdir}/{libprotobuf-c.so,pkgconfig/libprotobuf-c.pc}
%changelog
* Thu Apr 20 2023 zhoujie <zhoujie133@huawei.com> - 1.3.2-5
- Type:bugfix
- ID:NA
- SUG:NA
- DESC: fix unsigned inter overflow
* Wed Nov 24 2021 wujing <wujing50@huawei.com> - 1.3.2-4
- Type:upgrade
- ID:NA