From ab980ccd3ca7fec07dee66e38e0b8f9233ebfb89 Mon Sep 17 00:00:00 2001 From: suresh-thelkar Date: Sat, 18 Jan 2025 01:18:28 +0530 Subject: [PATCH] Patch CVE-2024-11407 in grpc (#11924) Co-authored-by: Suresh Thelkar Co-authored-by: jslobodzian --- SPECS/grpc/CVE-2024-11407.patch | 28 ++++++++++++++++++++++++++++ SPECS/grpc/grpc.spec | 10 ++++++---- 2 files changed, 34 insertions(+), 4 deletions(-) create mode 100644 SPECS/grpc/CVE-2024-11407.patch diff --git a/SPECS/grpc/CVE-2024-11407.patch b/SPECS/grpc/CVE-2024-11407.patch new file mode 100644 index 00000000000..b820c2b0f70 --- /dev/null +++ b/SPECS/grpc/CVE-2024-11407.patch @@ -0,0 +1,28 @@ +From f3d8e3c99764e1d279326ed1ee7ba9b1bdba7a20 Mon Sep 17 00:00:00 2001 +From: Vignesh Babu +Date: Thu, 12 Sep 2024 11:13:45 -0700 +Subject: [PATCH] Fix bug in Tx0cp code path in posix endpoint. + +This fix ensures that the iov_base pointers point to the right address. + +PiperOrigin-RevId: 673923651 +--- + src/core/lib/event_engine/posix_engine/posix_endpoint.cc | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/core/lib/event_engine/posix_engine/posix_endpoint.cc b/src/core/lib/event_engine/posix_engine/posix_endpoint.cc +index 019c2a3..048bc54 100644 +--- a/src/core/lib/event_engine/posix_engine/posix_endpoint.cc ++++ b/src/core/lib/event_engine/posix_engine/posix_endpoint.cc +@@ -240,7 +240,7 @@ msg_iovlen_type TcpZerocopySendRecord::PopulateIovs(size_t* unwind_slice_idx, + iov_size++) { + MutableSlice& slice = internal::SliceCast( + buf_.MutableSliceAt(out_offset_.slice_idx)); +- iov[iov_size].iov_base = slice.begin(); ++ iov[iov_size].iov_base = slice.begin() + out_offset_.byte_idx; + iov[iov_size].iov_len = slice.length() - out_offset_.byte_idx; + *sending_length += iov[iov_size].iov_len; + ++(out_offset_.slice_idx); +-- +2.34.1 + diff --git a/SPECS/grpc/grpc.spec b/SPECS/grpc/grpc.spec index 1474bbf659f..16a721c60c7 100644 --- a/SPECS/grpc/grpc.spec +++ b/SPECS/grpc/grpc.spec @@ -1,7 +1,7 @@ Summary: Open source remote procedure call (RPC) framework Name: grpc Version: 1.62.0 -Release: 3%{?dist} +Release: 4%{?dist} License: ASL 2.0 Vendor: Microsoft Corporation Distribution: Azure Linux @@ -10,6 +10,7 @@ URL: https://www.grpc.io Source0: https://github.com/grpc/grpc/archive/v%{version}/%{name}-%{version}.tar.gz Source1: %{name}-%{version}-submodules.tar.gz Patch0: grpcio-cython3.patch +Patch1: CVE-2024-11407.patch BuildRequires: abseil-cpp-devel >= 20240116.0-2 BuildRequires: build-essential BuildRequires: c-ares-devel @@ -67,9 +68,7 @@ Requires: python3-six Python language bindings for gRPC. %prep -%setup -q -n %{name}-%{version} -%setup -T -D -a 1 -%patch 0 -p1 +%autosetup -n %{name}-%{version} -a 1 -p1 # remove third party code taken from installed packages (build requires) rm -r %{_builddir}/%{name}-%{version}/third_party/abseil-cpp @@ -153,6 +152,9 @@ export GRPC_PYTHON_CFLAGS="%{optflags} -std=c++$CXX_VERSION" %{python3_sitearch}/grpcio-%{version}-py%{python3_version}.egg-info %changelog +* Wed Jan 25 2024 Suresh Thelkar - 1.62.0-4 +- Patch CVE-2024-11407 + * Thu Jul 25 2024 Devin Anderson - 1.62.0-3 - Bump release to rebuild with latest 'abseil-cpp'.