From f356465ba33942ca528ed0644b9400f308fec874 Mon Sep 17 00:00:00 2001
From: wk333 <13474090681@163.com>
Date: Thu, 16 Oct 2025 10:40:48 +0800
Subject: [PATCH] Fix CVE-2025-59419

(cherry picked from commit 277e0fa5d56b64c3c9e842d6957018225dfedc15)
---
 CVE-2025-59419.patch | 187 +++++++++++++++++++++++++++++++++++++++++++
 netty.spec           |   6 +-
 2 files changed, 192 insertions(+), 1 deletion(-)
 create mode 100644 CVE-2025-59419.patch

diff --git a/CVE-2025-59419.patch b/CVE-2025-59419.patch
new file mode 100644
index 0000000..1c4c878
--- /dev/null
+++ b/CVE-2025-59419.patch
@@ -0,0 +1,187 @@
+From 2b3fddd3339cde1601f622b9ce5e54c39f24c3f9 Mon Sep 17 00:00:00 2001
+From: DepthFirst Disclosures <disclosures@depthfirst.com>
+Date: Tue, 14 Oct 2025 01:41:47 -0700
+Subject: [PATCH] Merge commit from fork
+
+Origin: https://github.com/netty/netty/commit/2b3fddd3339cde1601f622b9ce5e54c39f24c3f9
+
+* Patch 1 of 3
+
+* Patch 2 of 3
+
+* Patch 3 of 3
+
+* Fix indentation style
+
+* Update 2025
+
+* Optimize allocations
+
+* Update codec-smtp/src/main/java/io/netty/handler/codec/smtp/SmtpUtils.java
+
+Co-authored-by: Chris Vest <christianvest_hansen@apple.com>
+
+---------
+
+Co-authored-by: Norman Maurer <norman_maurer@apple.com>
+Co-authored-by: Chris Vest <christianvest_hansen@apple.com>
+---
+ .../codec/smtp/DefaultSmtpRequest.java        |  2 +
+ .../netty/handler/codec/smtp/SmtpUtils.java   | 44 +++++++++++
+ .../handler/codec/smtp/SmtpRequestsTest.java  | 73 +++++++++++++++++++
+ 3 files changed, 119 insertions(+)
+ create mode 100644 codec-smtp/src/test/java/io/netty/handler/codec/smtp/SmtpRequestsTest.java
+
+diff --git a/codec-smtp/src/main/java/io/netty/handler/codec/smtp/DefaultSmtpRequest.java b/codec-smtp/src/main/java/io/netty/handler/codec/smtp/DefaultSmtpRequest.java
+index 3c4bb637c36..c3138e5ce5b 100644
+--- a/codec-smtp/src/main/java/io/netty/handler/codec/smtp/DefaultSmtpRequest.java
++++ b/codec-smtp/src/main/java/io/netty/handler/codec/smtp/DefaultSmtpRequest.java
+@@ -43,6 +43,7 @@ public DefaultSmtpRequest(SmtpCommand command) {
+      */
+     public DefaultSmtpRequest(SmtpCommand command, CharSequence... parameters) {
+         this.command = ObjectUtil.checkNotNull(command, "command");
++        SmtpUtils.validateSMTPParameters(parameters);
+         this.parameters = SmtpUtils.toUnmodifiableList(parameters);
+     }
+ 
+@@ -55,6 +56,7 @@ public DefaultSmtpRequest(CharSequence command, CharSequence... parameters) {
+ 
+     DefaultSmtpRequest(SmtpCommand command, List<CharSequence> parameters) {
+         this.command = ObjectUtil.checkNotNull(command, "command");
++        SmtpUtils.validateSMTPParameters(parameters);
+         this.parameters = parameters != null ?
+                 Collections.unmodifiableList(parameters) : Collections.<CharSequence>emptyList();
+     }
+diff --git a/codec-smtp/src/main/java/io/netty/handler/codec/smtp/SmtpUtils.java b/codec-smtp/src/main/java/io/netty/handler/codec/smtp/SmtpUtils.java
+index a1af99658b2..993f27b1b3b 100644
+--- a/codec-smtp/src/main/java/io/netty/handler/codec/smtp/SmtpUtils.java
++++ b/codec-smtp/src/main/java/io/netty/handler/codec/smtp/SmtpUtils.java
+@@ -28,5 +28,49 @@ static List<CharSequence> toUnmodifiableList(CharSequence... sequences) {
+         return Collections.unmodifiableList(Arrays.asList(sequences));
+     }
+ 
++    /**
++     * Validates SMTP parameters to prevent SMTP command injection.
++     * Throws IllegalArgumentException if any parameter contains CRLF sequences.
++     */
++    static void validateSMTPParameters(CharSequence... parameters) {
++        if (parameters != null) {
++            for (CharSequence parameter : parameters) {
++                if (parameter != null) {
++                    validateSMTPParameter(parameter);
++                }
++            }
++        }
++    }
++
++    /**
++     * Validates SMTP parameters to prevent SMTP command injection.
++     * Throws IllegalArgumentException if any parameter contains CRLF sequences.
++     */
++    static void validateSMTPParameters(List<CharSequence> parameters) {
++        if (parameters != null) {
++            for (CharSequence parameter : parameters) {
++                if (parameter != null) {
++                    validateSMTPParameter(parameter);
++                }
++            }
++        }
++    }
++
++    private static void validateSMTPParameter(CharSequence parameter) {
++        if (parameter instanceof String) {
++            String paramStr = (String) parameter;
++            if (paramStr.indexOf('\r') != -1 || paramStr.indexOf('\n') != -1) {
++                throw new IllegalArgumentException("SMTP parameter contains CRLF characters: " + parameter);
++            }
++        } else {
++            for (int i = 0; i < parameter.length(); i++) {
++                char c = parameter.charAt(i);
++                if (c == '\r' || c == '\n') {
++                    throw new IllegalArgumentException("SMTP parameter contains CRLF characters: " + parameter);
++                }
++            }
++        }
++    }
++
+     private SmtpUtils() { }
+ }
+diff --git a/codec-smtp/src/test/java/io/netty/handler/codec/smtp/SmtpRequestsTest.java b/codec-smtp/src/test/java/io/netty/handler/codec/smtp/SmtpRequestsTest.java
+new file mode 100644
+index 00000000000..f7b5b6a6078
+--- /dev/null
++++ b/codec-smtp/src/test/java/io/netty/handler/codec/smtp/SmtpRequestsTest.java
+@@ -0,0 +1,73 @@
++/*
++ * Copyright 2025 The Netty Project
++ *
++ * The Netty Project licenses this file to you under the Apache License,
++ * version 2.0 (the "License"); you may not use this file except in compliance
++ * with the License. You may obtain a copy of the License at:
++ *
++ *   https://www.apache.org/licenses/LICENSE-2.0
++ *
++ * Unless required by applicable law or agreed to in writing, software
++ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
++ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
++ * License for the specific language governing permissions and limitations
++ * under the License.
++ */
++package io.netty.handler.codec.smtp;
++
++import org.junit.jupiter.api.Test;
++import org.junit.jupiter.api.function.Executable;
++
++import static org.junit.jupiter.api.Assertions.assertThrows;
++
++public class SmtpRequestsTest {
++    @Test
++    public void testSmtpInjectionWithCarriageReturn() {
++        assertThrows(IllegalArgumentException.class, new Executable() {
++            @Override
++            public void execute() {
++                SmtpRequests.mail("test@example.com\rQUIT");
++            }
++        });
++    }
++
++    @Test
++    public void testSmtpInjectionWithLineFeed() {
++        assertThrows(IllegalArgumentException.class, new Executable() {
++            @Override
++            public void execute() {
++                SmtpRequests.mail("test@example.com\nQUIT");
++            }
++        });
++    }
++
++    @Test
++    public void testSmtpInjectionWithCRLF() {
++        assertThrows(IllegalArgumentException.class, new Executable() {
++            @Override
++            public void execute() {
++                SmtpRequests.rcpt("test@example.com\r\nQUIT");
++            }
++        });
++    }
++
++    @Test
++    public void testSmtpInjectionInAuthParameter() {
++        assertThrows(IllegalArgumentException.class, new Executable() {
++            @Override
++            public void execute() {
++                SmtpRequests.auth("PLAIN", "dGVzdA\rQUIT");
++            }
++        });
++    }
++
++    @Test
++    public void testSmtpInjectionInHelo() {
++        assertThrows(IllegalArgumentException.class, new Executable() {
++            @Override
++            public void execute() {
++                SmtpRequests.helo("localhost\r\nQUIT");
++            }
++        });
++    }
++}
diff --git a/netty.spec b/netty.spec
index c6f6b96..40b793b 100644
--- a/netty.spec
+++ b/netty.spec
@@ -2,7 +2,7 @@
 
 Name:             netty
 Version:          4.1.13
-Release:          23
+Release:          24
 Summary:          Asynchronous event-driven network application Java framework
 License:          ASL 2.0
 URL:              https://netty.io/
@@ -34,6 +34,7 @@ Patch0021:        fix-strip.patch
 Patch0022:        CVE-2022-41881.patch
 Patch0023:        CVE-2024-29025.patch
 Patch0024:        CVE-2022-24823.patch
+Patch0025:        CVE-2025-59419.patch
 
 BuildRequires:    maven-local mvn(ant-contrib:ant-contrib)
 BuildRequires:    mvn(com.jcraft:jzlib) mvn(commons-logging:commons-logging)
@@ -158,6 +159,9 @@ export CFLAGS="$RPM_OPT_FLAGS" LDFLAGS="$RPM_LD_FLAGS"
 
 
 %changelog
+* Thu Oct 16 2025 wangkai <13474090681@163.com> - 4.1.13-24
+- Fix CVE-2025-59419
+
 * Fri Aug 22 2025 hdliu <dev03108@linx-info.com> - 4.1.13-23
 - Fix CVE-2022-24823
 
-- 
Gitee