Skip to content

Commit

Permalink
protobuf: fix patch fuzz
Browse files Browse the repository at this point in the history
Applying patch CVE-2021-22570.patch
patching file src/google/protobuf/descriptor.cc
Hunk #1 succeeded at 2603 with fuzz 1 (offset -23 lines).
Hunk #2 succeeded at 2817 with fuzz 1 (offset -14 lines).
Hunk #3 succeeded at 4006 (offset -17 lines).
Hunk #4 succeeded at 4050 (offset -18 lines).
Hunk #5 succeeded at 4368 (offset -18 lines).

Signed-off-by: Ross Burton <[email protected]>
Signed-off-by: Armin Kuster <[email protected]>
  • Loading branch information
rossburton authored and akuster committed Mar 5, 2022
1 parent 2081ef9 commit 18e4c40
Showing 1 changed file with 17 additions and 8 deletions.
25 changes: 17 additions & 8 deletions meta-oe/recipes-devtools/protobuf/protobuf/CVE-2021-22570.patch
Original file line number Diff line number Diff line change
@@ -1,31 +1,40 @@
From f5ce0700d80c776186b0fb0414ef20966a3a6a03 Mon Sep 17 00:00:00 2001
From: "Sana.Kazi" <[email protected]>
Date: Wed, 23 Feb 2022 15:50:16 +0530
Subject: [PATCH] protobuf: Fix CVE-2021-22570

CVE: CVE-2021-22570
Upstream-Status: Backport [https://src.fedoraproject.org/rpms/protobuf/blob/394beeacb500861f76473d47e10314e6a3600810/f/CVE-2021-22570.patch]
Comment: Removed first and second hunk
Signed-off-by: Sana.Kazi <[email protected]>

---
src/google/protobuf/descriptor.cc | 20 ++++++++++++++++++++
1 file changed, 20 insertions(+)

diff --git a/src/google/protobuf/descriptor.cc b/src/google/protobuf/descriptor.cc
index 7af37c57f3..03c4e2b516 100644
index 6835a3cde..1514ae531 100644
--- a/src/google/protobuf/descriptor.cc
+++ b/src/google/protobuf/descriptor.cc
@@ -2626,6 +2626,8 @@ void Descriptor::DebugString(int depth, std::string* contents,
@@ -2603,6 +2603,8 @@ void Descriptor::DebugString(int depth, std::string* contents,
const Descriptor::ReservedRange* range = reserved_range(i);
if (range->end == range->start + 1) {
strings::SubstituteAndAppend(contents, "$0, ", range->start);
+ } else if (range->end > FieldDescriptor::kMaxNumber) {
+ strings::SubstituteAndAppend(contents, "$0 to max, ", range->start);
} else {
strings::SubstituteAndAppend(contents, "$0 to $1, ", range->start,
range->end - 1);
@@ -2829,6 +2831,8 @@ void EnumDescriptor::DebugString(
range->end - 1);
@@ -2815,6 +2817,8 @@ void EnumDescriptor::DebugString(
const EnumDescriptor::ReservedRange* range = reserved_range(i);
if (range->end == range->start) {
strings::SubstituteAndAppend(contents, "$0, ", range->start);
+ } else if (range->end == INT_MAX) {
+ strings::SubstituteAndAppend(contents, "$0 to max, ", range->start);
} else {
strings::SubstituteAndAppend(contents, "$0 to $1, ", range->start,
range->end);
@@ -4019,6 +4023,11 @@ bool DescriptorBuilder::AddSymbol(const std::string& full_name,
range->end);
@@ -4002,6 +4006,11 @@ bool DescriptorBuilder::AddSymbol(const std::string& full_name,
// Use its file as the parent instead.
if (parent == nullptr) parent = file_;

Expand All @@ -37,7 +46,7 @@ index 7af37c57f3..03c4e2b516 100644
if (tables_->AddSymbol(full_name, symbol)) {
if (!file_tables_->AddAliasUnderParent(parent, name, symbol)) {
// This is only possible if there was already an error adding something of
@@ -4059,6 +4068,11 @@ bool DescriptorBuilder::AddSymbol(const std::string& full_name,
@@ -4041,6 +4050,11 @@ bool DescriptorBuilder::AddSymbol(const std::string& full_name,
void DescriptorBuilder::AddPackage(const std::string& name,
const Message& proto,
const FileDescriptor* file) {
Expand All @@ -49,7 +58,7 @@ index 7af37c57f3..03c4e2b516 100644
if (tables_->AddSymbol(name, Symbol(file))) {
// Success. Also add parent package, if any.
std::string::size_type dot_pos = name.find_last_of('.');
@@ -4372,6 +4386,12 @@ FileDescriptor* DescriptorBuilder::BuildFileImpl(
@@ -4354,6 +4368,12 @@ FileDescriptor* DescriptorBuilder::BuildFileImpl(
}
result->pool_ = pool_;

Expand Down

0 comments on commit 18e4c40

Please sign in to comment.