1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
|
From f5ce0700d80c776186b0fb0414ef20966a3a6a03 Mon Sep 17 00:00:00 2001
From: "Sana.Kazi" <Sana.Kazi@kpit.com>
Date: Wed, 23 Feb 2022 15:50:16 +0530
Subject: [PATCH] protobuf: Fix CVE-2021-22570
CVE: CVE-2021-22570
Upstream-Status: Backport [https://src.fedoraproject.org/rpms/protobuf/blob/394beeacb500861f76473d47e10314e6a3600810/f/CVE-2021-22570.patch]
Comment: Removed first and second hunk
Signed-off-by: Sana.Kazi <Sana.Kazi@kpit.com>
---
src/google/protobuf/descriptor.cc | 20 ++++++++++++++++++++
1 file changed, 20 insertions(+)
diff --git a/src/google/protobuf/descriptor.cc b/src/google/protobuf/descriptor.cc
index 6835a3cde..1514ae531 100644
--- a/src/google/protobuf/descriptor.cc
+++ b/src/google/protobuf/descriptor.cc
@@ -2603,6 +2603,8 @@ void Descriptor::DebugString(int depth, std::string* contents,
const Descriptor::ReservedRange* range = reserved_range(i);
if (range->end == range->start + 1) {
strings::SubstituteAndAppend(contents, "$0, ", range->start);
+ } else if (range->end > FieldDescriptor::kMaxNumber) {
+ strings::SubstituteAndAppend(contents, "$0 to max, ", range->start);
} else {
strings::SubstituteAndAppend(contents, "$0 to $1, ", range->start,
range->end - 1);
@@ -2815,6 +2817,8 @@ void EnumDescriptor::DebugString(
const EnumDescriptor::ReservedRange* range = reserved_range(i);
if (range->end == range->start) {
strings::SubstituteAndAppend(contents, "$0, ", range->start);
+ } else if (range->end == INT_MAX) {
+ strings::SubstituteAndAppend(contents, "$0 to max, ", range->start);
} else {
strings::SubstituteAndAppend(contents, "$0 to $1, ", range->start,
range->end);
@@ -4002,6 +4006,11 @@ bool DescriptorBuilder::AddSymbol(const std::string& full_name,
// Use its file as the parent instead.
if (parent == nullptr) parent = file_;
+ if (full_name.find('\0') != std::string::npos) {
+ AddError(full_name, proto, DescriptorPool::ErrorCollector::NAME,
+ "\"" + full_name + "\" contains null character.");
+ return false;
+ }
if (tables_->AddSymbol(full_name, symbol)) {
if (!file_tables_->AddAliasUnderParent(parent, name, symbol)) {
// This is only possible if there was already an error adding something of
@@ -4041,6 +4050,11 @@ bool DescriptorBuilder::AddSymbol(const std::string& full_name,
void DescriptorBuilder::AddPackage(const std::string& name,
const Message& proto,
const FileDescriptor* file) {
+ if (name.find('\0') != std::string::npos) {
+ AddError(name, proto, DescriptorPool::ErrorCollector::NAME,
+ "\"" + name + "\" contains null character.");
+ return;
+ }
if (tables_->AddSymbol(name, Symbol(file))) {
// Success. Also add parent package, if any.
std::string::size_type dot_pos = name.find_last_of('.');
@@ -4354,6 +4368,12 @@ FileDescriptor* DescriptorBuilder::BuildFileImpl(
}
result->pool_ = pool_;
+ if (result->name().find('\0') != std::string::npos) {
+ AddError(result->name(), proto, DescriptorPool::ErrorCollector::NAME,
+ "\"" + result->name() + "\" contains null character.");
+ return nullptr;
+ }
+
// Add to tables.
if (!tables_->AddFile(result)) {
AddError(proto.name(), proto, DescriptorPool::ErrorCollector::OTHER,
|
