From cdbdee79efe11adebb9c03b9c0f1fb6ea2f4c784 Mon Sep 17 00:00:00 2001
From: changtao <changtao@kylinos.cn>
Date: Fri, 3 Jan 2025 11:20:48 +0800
Subject: [PATCH] fix CVE-2024-23945

---
 backport-CVE-2024-23945.patch | 68 +++++++++++++++++++++++++++++++++++
 hive.spec                     | 12 +++++--
 2 files changed, 78 insertions(+), 2 deletions(-)
 create mode 100644 backport-CVE-2024-23945.patch

diff --git a/backport-CVE-2024-23945.patch b/backport-CVE-2024-23945.patch
new file mode 100644
index 0000000..1680f6d
--- /dev/null
+++ b/backport-CVE-2024-23945.patch
@@ -0,0 +1,68 @@
+From 7638cb1a3b07713cc490aa2909a37037f89e08b4 Mon Sep 17 00:00:00 2001
+From: Ayush Saxena <ayushsaxena@apache.org>
+Date: Thu, 23 Nov 2023 11:50:50 +0530
+Subject: [PATCH] Refactor Some Code. (#4887). (Ayush Saxena, reviewed by
+Denys Kuzmenko)
+---
+ .../org/apache/hive/service/CookieSigner.java |  6 +---
+ .../apache/hive/service/TestCookieSigner.java | 28 +++++++++++++++++++
+ 2 files changed, 29 insertions(+), 5 deletions(-)
+
+diff --git a/service/src/java/org/apache/hive/service/CookieSigner.java b/service/src/java/org/apache/hive/service/CookieSigner.java
+index c4d88de4..62c9acbd 100644
+--- a/service/src/java/org/apache/hive/service/CookieSigner.java
++++ b/service/src/java/org/apache/hive/service/CookieSigner.java
+@@ -78,12 +78,8 @@ public String verifyAndExtract(String signedStr) {
+     String rawValue = signedStr.substring(0, index);
+     String currentSignature = getSignature(rawValue);
+ 
+-    if (LOG.isDebugEnabled()) {
+-      LOG.debug("Signature generated for " + rawValue + " inside verify is " + currentSignature);
+-    }
+     if (!MessageDigest.isEqual(originalSignature.getBytes(), currentSignature.getBytes())) {
+-      throw new IllegalArgumentException("Invalid sign, original = " + originalSignature +
+-        " current = " + currentSignature);
++      throw new IllegalArgumentException("Invalid sign= " + originalSignature);
+     }
+     return rawValue;
+   }
+diff --git a/service/src/test/org/apache/hive/service/TestCookieSigner.java b/service/src/test/org/apache/hive/service/TestCookieSigner.java
+index b1aa0d84..544f54cf 100644
+--- a/service/src/test/org/apache/hive/service/TestCookieSigner.java
++++ b/service/src/test/org/apache/hive/service/TestCookieSigner.java
+@@ -56,4 +56,32 @@ public void testVerifyAndExtract() throws Exception {
+     String signedStr = cs.signCookie(originalStr);
+     assert(cs.verifyAndExtract(signedStr).equals(originalStr));
+   }
++
++  @Test
++  public void testVerifyAndExtractNoSignature() {
++    String originalStr = "cu=scott";
++    String signedStr = cs.signCookie(originalStr);
++    String modifedSignedStr = signedStr.replace("&s=", "");
++    try {
++      cs.verifyAndExtract(modifedSignedStr);
++    } catch (IllegalArgumentException e) {
++      assertEquals("Invalid input sign: " + modifedSignedStr, e.getMessage());
++      return;
++    }
++    fail("Expected IllegalArgumentException due to no signature");
++  }
++
++  @Test
++  public void testVerifyAndExtractInvalidSignature() {
++    String originalStr = "cu=scott";
++    String signedStr = cs.signCookie(originalStr);
++    String modifedSignedStr = signedStr.replace("&s=", "&s=abc");
++    try {
++      cs.verifyAndExtract(modifedSignedStr);
++    } catch (IllegalArgumentException e) {
++      assertTrue(e.getMessage().startsWith("Invalid sign= "));
++      return;
++    }
++    fail("Expected IllegalArgumentException checking signature");
++  }
+ }
+-- 
+2.41.0
+
diff --git a/hive.spec b/hive.spec
index ecaed7d..361f362 100644
--- a/hive.spec
+++ b/hive.spec
@@ -2,7 +2,7 @@
 
 Name:          hive
 Version:       3.1.3
-Release:       5
+Release:       6
 Summary:       The Apache Hadoop data warehouse
 
 License:       Apache-2.0 and Python-2.0 and MPL-2.0 and BSD and ICU
@@ -22,6 +22,7 @@ Requires: java-1.8.0-openjdk
 BuildArch:     noarch
 
 Patch1000: 1000-Add-protoc-java-support-for-riscv64.patch
+Patch1001: backport-CVE-2024-23945.patch
 
 %description
 The Apache Hive data warehouse software facilitates querying and 
@@ -46,7 +47,7 @@ popd
 mvn install:install-file -DgroupId=com.google.protobuf -DartifactId=protoc -Dversion=2.5.0 -Dclassifier=linux-riscv64 -Dpackaging=exe -Dfile=/usr/bin/protoc
 %endif
 
-%setup -q -n %{name}-rel-release-%{version}
+%setup -q -n %{name}-rel-release-%{version}:
 mvn install:install-file -DgroupId=com.google.protobuf -DartifactId=protoc -Dversion=2.5.0 -Dclassifier=linux-aarch_64 -Dpackaging=exe -Dfile=/usr/bin/protoc
 mvn install:install-file -DgroupId=org.pentaho -DartifactId=pentaho-aggdesigner-algorithm -Dversion=5.1.5-jhyde -Dpackaging=jar -Dfile=%{SOURCE2}
 cp %{SOURCE1} ./.xmvn-reactor
@@ -59,6 +60,7 @@ find -name "*.jar" -delete
 
 # missing shebang
 sed -i -e '1d;2i#!/usr/bin/env bash' bin/hive-config.sh
+%patch 1001 -p1
 
 %build
 %if "%{_arch}" == "riscv64"
@@ -143,6 +145,12 @@ ln -s %{_javadir}/%{name}/%{name}-shims.jar %{buildroot}%{_datadir}/hadoop/mapre
 
 
 %changelog
+* Fri Jan 3  2025 changtao <changtao@kylinos.cn> - 3.1.3-6
+- Type: CVE
+- CVE: CVE-2024-23945
+- SUG: NA
+- DESC: fix CVE-2024-23945
+
 * Mon Dec 16 2024 litian <dev11105@linx-info.com> - 3.1.3-5
 - fix %patchN is deprecated warning
 
-- 
Gitee