net/rabbitmq-c: update to 0.10.0, tag CVE & take ownership
ClosedPublic
Actions

Authored by dch on Jun 25 2021, 7:45 PM.

Details

Reviewers: None
Commits: R11:ac3da0e9b976: security/vuxml: add entry for net/rabbitmq-c

Summary

vuxml hates me:

make validate
/bin/sh /projects/freebsd/ports/security/vuxml/files/tidy.sh "/projects/freebsd/ports/security/vuxml/files/tidy.xsl" "/projects/freebsd/ports/security/vuxml/vuln-flat.xml" > "/projects/freebsd/ports/security/vuxml/vuln.xml.tidy"

Validatng...

/usr/local/bin/xmllint --valid --noout /projects/freebsd/ports/security/vuxml/vuln-flat.xml
error : xmlAddEntity: invalid redeclaration of predefined entity
error : xmlAddEntity: invalid redeclaration of predefined entity

Successful.

Checking if tidy differs...
... seems okay
Checking for space/tab...

/projects/freebsd/ports/security/vuxml/vuln-flat.xml 2021-06-25 19:20:53.769199000 +0000

+++ /projects/freebsd/ports/security/vuxml/vuln.xml.unexpanded 2021-06-25 19:44:19.675219000 +0000
@@ -81,9 +81,9 @@

<topic>RabbitMQ-C -- integer overflow leads to heap corruption</topic>
<affects>
  <package>

<name>net/rabbitmq-c</name>
<name>net/rabbitmq-c-devel</name>
<range><lt>0.10.0</lt></range>

+ <name>net/rabbitmq-c</name>
+ <name>net/rabbitmq-c-devel</name>
+ <range><lt>0.10.0</lt></range>

  </package>
</affects>
<description>

@@ -91,13 +91,13 @@

	<p>alanxz reports:</p>
	<blockquote cite="https://github.com/alanxz/rabbitmq-c/commit/fc85be7123050b91b054e45b91c78d3241a5047a">
	  <p>When parsing a frame header, validate that the frame_size is less than

or equal to INT32_MAX. Given frame_max is limited between 0 and
INT32_MAX in amqp_login and friends, this does not change the API.
This prevents a potential buffer overflow when a malicious client sends
a frame_size that is close to UINT32_MAX, in which causes an overflow
when computing state->target_size resulting in a small value there. A
buffer is then allocated with the small amount, then memcopy copies the
frame_size writing to memory beyond the end of the buffer.</p>

+ or equal to INT32_MAX. Given frame_max is limited between 0 and
+ INT32_MAX in amqp_login and friends, this does not change the API.
+ This prevents a potential buffer overflow when a malicious client sends
+ a frame_size that is close to UINT32_MAX, in which causes an overflow
+ when computing state->target_size resulting in a small value there. A
+ buffer is then allocated with the small amount, then memcopy copies the
+ frame_size writing to memory beyond the end of the buffer.</p>

	</blockquote>
      </body>
    </description>

... see above
Consider using /projects/freebsd/ports/security/vuxml/vuln.xml.unexpanded for final commit

Error code 1

Stop.
make: stopped in /projects/freebsd/ports/security/vuxml

Diff Detail

Repository

R11 FreeBSD ports repository

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

dch created this revision.Jun 25 2021, 7:45 PM

Herald added a subscriber: mat. · View Herald TranscriptJun 25 2021, 7:45 PM

dch requested review of this revision.Jun 25 2021, 7:45 PM

Harbormaster completed remote builds in B40107: Diff 91369.Jun 25 2021, 7:45 PM

This revision was not accepted when it landed; it landed in state Needs Review.Jun 25 2021, 8:47 PM

Closed by commit R11:ac3da0e9b976: security/vuxml: add entry for net/rabbitmq-c (authored by dch). · Explain Why

This revision was automatically updated to reflect the committed changes.

dch added a commit: R11:ac3da0e9b976: security/vuxml: add entry for net/rabbitmq-c.

Revision Contents
Changeset List

Path

Size

security/

vuxml/

vuln-2021.xml

35 lines

Diff 91373

View Options

security/vuxml/vuln-2021.xml

net/rabbitmq-c: update to 0.10.0, tag CVE & take ownershipClosedPublicActions