diff --git a/0001-fix-CVE-2024-52532.patch b/0001-fix-CVE-2024-52532.patch new file mode 100644 index 0000000000000000000000000000000000000000..9970f713c7105009ee74a57c903191fbd7659c0c --- /dev/null +++ b/0001-fix-CVE-2024-52532.patch @@ -0,0 +1,58 @@ +From 6adc0e3eb74c257ed4e2a23eb4b2774fdb0d67be Mon Sep 17 00:00:00 2001 +From: Ignacio Casal Quinteiro +Date: Sat, 26 Oct 2024 00:38:57 +0800 +Subject: [PATCH] websocket: process the frame as soon as we read data + +Otherwise we can enter in a read loop because we were not +validating the data until the all the data was read. + +Fixes #391 + +--- + libsoup/websocket/soup-websocket-connection.c | 6 ++---- + tests/websocket-test.c | 4 +++- + 2 files changed, 5 insertions(+), 5 deletions(-) + +diff --git a/libsoup/websocket/soup-websocket-connection.c b/libsoup/websocket/soup-websocket-connection.c +index 2f7d920..ea558bf 100644 +--- a/libsoup/websocket/soup-websocket-connection.c ++++ b/libsoup/websocket/soup-websocket-connection.c +@@ -1165,10 +1165,8 @@ soup_websocket_connection_read (SoupWebsocketConnection *self) + } + + priv->incoming->len = len + count; +- } while (count > 0); +- +- process_incoming (self); +- ++ process_incoming (self); ++ } while (count > 0 && !priv->close_sent && !priv->io_closing); + if (end) { + if (!priv->close_sent || !priv->close_received) { + priv->dirty_close = TRUE; +diff --git a/tests/websocket-test.c b/tests/websocket-test.c +index b954b01..5cb3ca2 100644 +--- a/tests/websocket-test.c ++++ b/tests/websocket-test.c +@@ -1489,8 +1489,9 @@ test_receive_invalid_encode_length_64 (Test *test, + GError *error = NULL; + InvalidEncodeLengthTest context = { test, NULL }; + guint i; ++ guint error_id; + +- g_signal_connect (test->client, "error", G_CALLBACK (on_error_copy), &error); ++ error_id = g_signal_connect (test->client, "error", G_CALLBACK (on_error_copy), &error); + g_signal_connect (test->client, "message", G_CALLBACK (on_binary_message), &received); + + /* We use 127(\x7f) as payload length with 65535 extended length */ +@@ -1503,6 +1504,7 @@ test_receive_invalid_encode_length_64 (Test *test, + WAIT_UNTIL (error != NULL || received != NULL); + g_assert_error (error, SOUP_WEBSOCKET_ERROR, SOUP_WEBSOCKET_CLOSE_PROTOCOL_ERROR); + g_clear_error (&error); ++ g_signal_handler_disconnect (test->client, error_id); + g_assert_null (received); + + g_thread_join (thread); +-- +2.43.0 + diff --git a/libsoup3.spec b/libsoup3.spec index 7283ef10321b0847a3756fcf1f199b1e00bfc313..e99b44f76f169f30fefdf61960c8c001934504f9 100644 --- a/libsoup3.spec +++ b/libsoup3.spec @@ -2,12 +2,14 @@ Name: libsoup3 Version: 3.4.4 -Release: 1 +Release: 2 Summary: Soup, an HTTP library implementation License: LGPLv2 URL: https://wiki.gnome.org/Projects/libsoup Source0: https://download.gnome.org/sources/libsoup/3.4/libsoup-%{version}.tar.xz +Patch0001: 0001-fix-CVE-2024-52532.patch + BuildRequires: gcc meson gettext vala krb5-devel samba-winbind-clients BuildRequires: gi-docgen >= 2021.1 BuildRequires: pkgconfig(glib-2.0) @@ -76,6 +78,9 @@ install -m 644 -D tests/libsoup.supp %{buildroot}%{_datadir}/libsoup-3.0/libsoup %{_datadir}/doc %changelog +* Wed Nov 13 2024 changtao - 3.4.4-2 +- fix CVE-2024-52532 + * Fri Nov 17 2023 lwg - 3.4.4-1 - update to version 3.4.4