Fix CVE-2024-24577

2024-02-17 09:57:38 +08:00 · 2024-02-17 09:57:38 +08:00 · 61950d9f12
commit 61950d9f12
parent 24af8945e6
2 changed files with 57 additions and 1 deletions
--- a/CVE-2024-24577.patch
+++ b/CVE-2024-24577.patch
@ -0,0 +1,51 @@
+From eb4c1716cd92bf56f2770653a915d5fc01eab8f3 Mon Sep 17 00:00:00 2001
+From: Edward Thomson <ethomson@edwardthomson.com>
+Date: Sat, 16 Dec 2023 11:19:07 +0000
+Subject: [PATCH] index: correct index has_dir_name check
+
+Origin: https://github.com/libgit2/libgit2/commit/eb4c1716cd92bf56f2770653a915d5fc01eab8f3
+
+`has_dir_name` is used to check for directory/file collisions,
+and attempts to determine whether the index contains a file with
+a directory name that is a proper subset of the new index entry
+that we're trying to add.
+
+To determine directory name, the function would walk the path string
+backwards to identify a `/`, stopping at the end of the string. However,
+the function assumed that the strings did not start with a `/`. If the
+paths contain only a single `/` at the beginning of the string, then the
+function would continue the loop, erroneously, when they should have
+stopped at the first character.
+
+Correct the order of the tests to terminate properly.
+
+Credit to Michael Rodler (@f0rki) and Amazon AWS Security.
+
+---
+ vendor/libgit2-sys/libgit2/src/index.c | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/vendor/libgit2-sys/libgit2/src/index.c b/vendor/libgit2-sys/libgit2/src/index.c
+index 7ebe075..7862273 100644
+--- a/vendor/libgit2-sys/libgit2/src/index.c
+++ b/vendor/libgit2-sys/libgit2/src/index.c
+@@ -1155,10 +1155,14 @@ static int has_dir_name(git_index *index,
+ 		size_t len, pos;
+ 
+ 		for (;;) {
+-			if (*--slash == '/')
+-				break;
+			slash--;
+
+ 			if (slash <= entry->path)
+ 				return 0;
+
+
+			if (*slash == '/')
+				break;
+ 		}
+ 		len = slash - name;
+ 
+-- 
+2.23.0
+
--- a/rust.spec
+++ b/rust.spec
@ -12,7 +12,7 @@
 %bcond_without lldb
 Name:                rust
 Version:             1.51.0
-Release:             6
+Release:             7
 Summary:             The Rust Programming Language
 License:             (ASL 2.0 or MIT) and (BSD and MIT)
 URL:                 https://www.rust-lang.org
@ -40,6 +40,7 @@ Patch0011:           cargo-help-clippy-should-have-description-to-user.patch
 Patch0012:           fix-a-println-wrong-format.patch
 Patch0013:           CVE-2021-29922.patch
 Patch0014:           fix-rustdoc-error-info.patch
+Patch0015:           CVE-2024-24577.patch
 %{lua: function rust_triple(arch)
  local abi = "gnu"
  if arch == "armv7hl" then
@ -264,6 +265,7 @@ mkdir -p src/llvm-project/libunwind/
 %patch0012 -p1
 %patch0013 -p1
 %patch0014 -p1
+%patch0015 -p1
 rm -rf vendor/curl-sys/curl/
 rm -rf vendor/jemalloc-sys/jemalloc/
 rm -rf vendor/libssh2-sys/libssh2/
@ -469,6 +471,9 @@ export %{rust_env}
 %{_mandir}/man1/cargo*.1*

 %changelog
+* Sat Feb 17 2024 wangkai <13474090681@163.com> - 1.51.0-7
+- Fix CVE-2024-24577
+
 * Tue Aug 24 2021 caodongxia <caodongxia@huawei.com> - 1.51.0-6
 - Fix rustdoc error info