From 3353bea8975bdc613d363443e8f964046c6d6c6f Mon Sep 17 00:00:00 2001 From: lvxiangcong Date: Fri, 14 Feb 2025 14:58:34 +0800 Subject: [PATCH] backport fix cve-2022-41723 for openEuler-20.03-LTS-SP4 --- 0005-backport-fix-CVE-2022-41723.patch | 143 +++++++++++++++++++++++++ etcd.spec | 10 +- 2 files changed, 152 insertions(+), 1 deletion(-) create mode 100644 0005-backport-fix-CVE-2022-41723.patch diff --git a/0005-backport-fix-CVE-2022-41723.patch b/0005-backport-fix-CVE-2022-41723.patch new file mode 100644 index 0000000..ecdbe4b --- /dev/null +++ b/0005-backport-fix-CVE-2022-41723.patch @@ -0,0 +1,143 @@ +From 33fc2e1988454d3a2f9d887161884f76f344178f Mon Sep 17 00:00:00 2001 +From: lvxiangcong +Date: Fri, 14 Feb 2025 14:29:45 +0800 +Subject: [PATCH] backport fix cve-2022-41723 + +--- + vendor/golang.org/x/net/http2/hpack/hpack.go | 80 ++++++++++++-------- + 1 file changed, 50 insertions(+), 30 deletions(-) + +diff --git a/vendor/golang.org/x/net/http2/hpack/hpack.go b/vendor/golang.org/x/net/http2/hpack/hpack.go +index 85f18a2..0d3fd2b 100644 +--- a/vendor/golang.org/x/net/http2/hpack/hpack.go ++++ b/vendor/golang.org/x/net/http2/hpack/hpack.go +@@ -359,6 +359,7 @@ func (d *Decoder) parseFieldLiteral(n uint8, it indexType) error { + + var hf HeaderField + wantStr := d.emitEnabled || it.indexed() ++ var undecodedName undecodedString + if nameIdx > 0 { + ihf, ok := d.at(nameIdx) + if !ok { +@@ -366,15 +367,27 @@ func (d *Decoder) parseFieldLiteral(n uint8, it indexType) error { + } + hf.Name = ihf.Name + } else { +- hf.Name, buf, err = d.readString(buf, wantStr) ++ undecodedName, buf, err = d.readString(buf) + if err != nil { + return err + } + } +- hf.Value, buf, err = d.readString(buf, wantStr) ++ undecodedValue, buf, err := d.readString(buf) + if err != nil { + return err + } ++ if wantStr { ++ if nameIdx <= 0 { ++ hf.Name, err = d.decodeString(undecodedName) ++ if err != nil { ++ return err ++ } ++ } ++ hf.Value, err = d.decodeString(undecodedValue) ++ if err != nil { ++ return err ++ } ++ } + d.buf = buf + if it.indexed() { + d.dynTab.add(hf) +@@ -383,6 +396,7 @@ func (d *Decoder) parseFieldLiteral(n uint8, it indexType) error { + return d.callEmit(hf) + } + ++ + func (d *Decoder) callEmit(hf HeaderField) error { + if d.maxStrLen != 0 { + if len(hf.Name) > d.maxStrLen || len(hf.Value) > d.maxStrLen { +@@ -459,46 +473,52 @@ func readVarInt(n byte, p []byte) (i uint64, remain []byte, err error) { + return 0, origP, errNeedMore + } + +-// readString decodes an hpack string from p. ++// readString reads an hpack string from p. + // +-// wantStr is whether s will be used. If false, decompression and +-// []byte->string garbage are skipped if s will be ignored +-// anyway. This does mean that huffman decoding errors for non-indexed +-// strings past the MAX_HEADER_LIST_SIZE are ignored, but the server +-// is returning an error anyway, and because they're not indexed, the error +-// won't affect the decoding state. +-func (d *Decoder) readString(p []byte, wantStr bool) (s string, remain []byte, err error) { ++// It returns a reference to the encoded string data to permit deferring decode costs ++// until after the caller verifies all data is present. ++func (d *Decoder) readString(p []byte) (u undecodedString, remain []byte, err error) { + if len(p) == 0 { +- return "", p, errNeedMore ++ return u, p, errNeedMore + } + isHuff := p[0]&128 != 0 + strLen, p, err := readVarInt(7, p) + if err != nil { +- return "", p, err ++ return u, p, err + } + if d.maxStrLen != 0 && strLen > uint64(d.maxStrLen) { +- return "", nil, ErrStringLength ++ // Returning an error here means Huffman decoding errors ++ // for non-indexed strings past the maximum string length ++ // are ignored, but the server is returning an error anyway ++ // and because the string is not indexed the error will not ++ // affect the decoding state. ++ return u, nil, ErrStringLength + } + if uint64(len(p)) < strLen { +- return "", p, errNeedMore +- } +- if !isHuff { +- if wantStr { +- s = string(p[:strLen]) +- } +- return s, p[strLen:], nil ++ return u, p, errNeedMore + } ++ u.isHuff = isHuff ++ u.b = p[:strLen] ++ return u, p[strLen:], nil ++} + +- if wantStr { +- buf := bufPool.Get().(*bytes.Buffer) +- buf.Reset() // don't trust others +- defer bufPool.Put(buf) +- if err := huffmanDecode(buf, d.maxStrLen, p[:strLen]); err != nil { +- buf.Reset() +- return "", nil, err +- } ++type undecodedString struct { ++ isHuff bool ++ b []byte ++} ++ ++func (d *Decoder) decodeString(u undecodedString) (string, error) { ++ if !u.isHuff { ++ return string(u.b), nil ++ } ++ buf := bufPool.Get().(*bytes.Buffer) ++ buf.Reset() // don't trust others ++ var s string ++ err := huffmanDecode(buf, d.maxStrLen, u.b) ++ if err == nil { + s = buf.String() +- buf.Reset() // be nice to GC + } +- return s, p[strLen:], nil ++ buf.Reset() // be nice to GC ++ bufPool.Put(buf) ++ return s, err + } +-- +2.46.0 + diff --git a/etcd.spec b/etcd.spec index 8b55077..a792da7 100644 --- a/etcd.spec +++ b/etcd.spec @@ -31,7 +31,7 @@ system.} %global gosupfiles integration/fixtures/* etcdserver/api/v2http/testdata/* Name: etcd -Release: 6 +Release: 7 Summary: Distributed reliable key-value store for the most critical data of a distributed system # Upstream license specification: Apache-2.0 @@ -48,6 +48,7 @@ Patch1: 0001-Convert-int-to-string-using-strconv.Itoa.patch Patch2: 0002-Etcd-on-unsupported-platform-without-ETCD_UNSUPPORTED_ARCH=arm64-set.patch Patch3: 0003-backport-Suppress-noisy-basic-auth-token-deletion-log.patch Patch4: 0004-backport-fix-CVE-2022-3064.patch +Patch5: 0005-backport-fix-CVE-2022-41723.patch BuildRequires: golang @@ -68,6 +69,7 @@ Requires(pre): shadow-utils %patch2 -p1 %patch3 -p1 %patch4 -p1 +%patch5 -p1 # For compatibility cp -aR etcdserver/api/snap snap cp -aR etcdserver/api/membership etcdserver/membership @@ -153,6 +155,12 @@ getent passwd %{name} >/dev/null || useradd -r -g %{name} -d %{_sharedstatedir}/ %endif %changelog +* Fri Feb 14 2025 lvxiangcong - 3.4.14-7 +- Type:CVE +- CVE:CVE-2022-41723 +- SUG:NA +- DESC: backport fix CVE-2022-41723 for openEuler-20.03-LTS-SP4 + * Fri Feb 14 2025 lvxiangcong - 3.4.14-6 - Type:CVE - CVE:CVE-2022-3064 -- Gitee