Page MenuHomeFreeBSD

net/rabbitmq-c: update to 0.10.0, tag CVE & take ownership
ClosedPublic

Authored by dch on Jun 25 2021, 7:45 PM.

Details

Summary

vuxml hates me:

make validate
/bin/sh /projects/freebsd/ports/security/vuxml/files/tidy.sh "/projects/freebsd/ports/security/vuxml/files/tidy.xsl" "/projects/freebsd/ports/security/vuxml/vuln-flat.xml" > "/projects/freebsd/ports/security/vuxml/vuln.xml.tidy"

Validatng...

/usr/local/bin/xmllint --valid --noout /projects/freebsd/ports/security/vuxml/vuln-flat.xml
error : xmlAddEntity: invalid redeclaration of predefined entity
error : xmlAddEntity: invalid redeclaration of predefined entity

Successful.

Checking if tidy differs...
... seems okay
Checking for space/tab...

  • /projects/freebsd/ports/security/vuxml/vuln-flat.xml 2021-06-25 19:20:53.769199000 +0000

+++ /projects/freebsd/ports/security/vuxml/vuln.xml.unexpanded 2021-06-25 19:44:19.675219000 +0000
@@ -81,9 +81,9 @@

<topic>RabbitMQ-C -- integer overflow leads to heap corruption</topic>
<affects>
  <package>
  • <name>net/rabbitmq-c</name>
  • <name>net/rabbitmq-c-devel</name>
  • <range><lt>0.10.0</lt></range>

+ <name>net/rabbitmq-c</name>
+ <name>net/rabbitmq-c-devel</name>
+ <range><lt>0.10.0</lt></range>

  </package>
</affects>
<description>

@@ -91,13 +91,13 @@

	<p>alanxz reports:</p>
	<blockquote cite="https://github.com/alanxz/rabbitmq-c/commit/fc85be7123050b91b054e45b91c78d3241a5047a">
	  <p>When parsing a frame header, validate that the frame_size is less than
  • or equal to INT32_MAX. Given frame_max is limited between 0 and
  • INT32_MAX in amqp_login and friends, this does not change the API.
  • This prevents a potential buffer overflow when a malicious client sends
  • a frame_size that is close to UINT32_MAX, in which causes an overflow
  • when computing state-&gt;target_size resulting in a small value there. A
  • buffer is then allocated with the small amount, then memcopy copies the
  • frame_size writing to memory beyond the end of the buffer.</p>

+ or equal to INT32_MAX. Given frame_max is limited between 0 and
+ INT32_MAX in amqp_login and friends, this does not change the API.
+ This prevents a potential buffer overflow when a malicious client sends
+ a frame_size that is close to UINT32_MAX, in which causes an overflow
+ when computing state-&gt;target_size resulting in a small value there. A
+ buffer is then allocated with the small amount, then memcopy copies the
+ frame_size writing to memory beyond the end of the buffer.</p>

	</blockquote>
      </body>
    </description>

... see above
Consider using /projects/freebsd/ports/security/vuxml/vuln.xml.unexpanded for final commit

  • Error code 1

Stop.
make: stopped in /projects/freebsd/ports/security/vuxml

Diff Detail

Repository
R11 FreeBSD ports repository
Lint
Automatic diff as part of commit; lint not applicable.
Unit
Automatic diff as part of commit; unit tests not applicable.

Event Timeline

dch requested review of this revision.Jun 25 2021, 7:45 PM
This revision was not accepted when it landed; it landed in state Needs Review.Jun 25 2021, 8:47 PM
This revision was automatically updated to reflect the committed changes.