From 9e757b16bcc543a94807c2627b44892d88ffff7f Mon Sep 17 00:00:00 2001
From: root <root@LAPTOP-U10L01QQ.localdomain>
Date: Fri, 18 Mar 2022 16:54:30 +0800
Subject: [PATCH] fix CVE-2021-22570

Signed-off-by: wangxiaochao <wangxiaochao2@huawei.com>
(cherry picked from commit b669ba64ad561f3aca36b3e02ef4a8a2aca4a110)
---
 0003-fix-CVE-2021-22570.patch | 73 +++++++++++++++++++++++++++++++++++
 protobuf.spec                 |  9 ++++-
 2 files changed, 81 insertions(+), 1 deletion(-)
 create mode 100644 0003-fix-CVE-2021-22570.patch

diff --git a/0003-fix-CVE-2021-22570.patch b/0003-fix-CVE-2021-22570.patch
new file mode 100644
index 0000000..fa6fb40
--- /dev/null
+++ b/0003-fix-CVE-2021-22570.patch
@@ -0,0 +1,73 @@
+From 5afdc4d13ac997204873e734b20c30b6efc253d1 Mon Sep 17 00:00:00 2001
+From: wangxiaochao <wangxiaochao2@huawei.com>
+Date: Fri, 18 Mar 2022 14:46:35 +0800
+Subject: [PATCH] fix CVE-2021-22570
+
+Signed-off-by: wangxiaochao <wangxiaochao2@huawei.com>
+
+---
+ src/google/protobuf/descriptor.cc | 20 ++++++++++++++++++++
+ 1 file changed, 20 insertions(+)
+
+diff --git a/src/google/protobuf/descriptor.cc b/src/google/protobuf/descriptor.cc
+index 8998e1b..e6f7ec2 100644
+--- a/src/google/protobuf/descriptor.cc
++++ b/src/google/protobuf/descriptor.cc
+@@ -2626,6 +2626,8 @@ void Descriptor::DebugString(int depth, std::string* contents,
+       const Descriptor::ReservedRange* range = reserved_range(i);
+       if (range->end == range->start + 1) {
+         strings::SubstituteAndAppend(contents, "$0, ", range->start);
++      } else if (range->end > FieldDescriptor::kMaxNumber) {
++        strings::SubstituteAndAppend(contents, "$0 to max, ", range->start);            
+       } else {
+         strings::SubstituteAndAppend(contents, "$0 to $1, ", range->start,
+                                   range->end - 1);
+@@ -2829,6 +2831,8 @@ void EnumDescriptor::DebugString(
+       const EnumDescriptor::ReservedRange* range = reserved_range(i);
+       if (range->end == range->start) {
+         strings::SubstituteAndAppend(contents, "$0, ", range->start);
++      } else if (range->end == INT_MAX) {
++        strings::SubstituteAndAppend(contents, "$0 to max, ", range->start);
+       } else {
+         strings::SubstituteAndAppend(contents, "$0 to $1, ", range->start,
+                                   range->end);
+@@ -4019,6 +4023,11 @@ bool DescriptorBuilder::AddSymbol(const std::string& full_name,
+   // Use its file as the parent instead.
+   if (parent == nullptr) parent = file_;
+ 
++  if (full_name.find('\0') != std::string::npos) {
++    AddError(full_name, proto, DescriptorPool::ErrorCollector::NAME,
++             "\"" + full_name + "\" contains null character.");
++    return false;
++  }
+   if (tables_->AddSymbol(full_name, symbol)) {
+     if (!file_tables_->AddAliasUnderParent(parent, name, symbol)) {
+       // This is only possible if there was already an error adding something of
+@@ -4059,6 +4068,11 @@ bool DescriptorBuilder::AddSymbol(const std::string& full_name,
+ void DescriptorBuilder::AddPackage(const std::string& name,
+                                    const Message& proto,
+                                    const FileDescriptor* file) {
++  if (name.find('\0') != std::string::npos) {
++    AddError(name, proto, DescriptorPool::ErrorCollector::NAME,
++             "\"" + name + "\" contains null character.");
++    return;
++  }
+   if (tables_->AddSymbol(name, Symbol(file))) {
+     // Success.  Also add parent package, if any.
+     std::string::size_type dot_pos = name.find_last_of('.');
+@@ -4372,6 +4386,12 @@ FileDescriptor* DescriptorBuilder::BuildFileImpl(
+   }
+   result->pool_ = pool_;
+ 
++  if (result->name().find('\0') != std::string::npos) {
++    AddError(result->name(), proto, DescriptorPool::ErrorCollector::NAME,
++             "\"" + result->name() + "\" contains null character.");
++    return nullptr;
++  }
++
+   // Add to tables.
+   if (!tables_->AddFile(result)) {
+     AddError(proto.name(), proto, DescriptorPool::ErrorCollector::OTHER,
+-- 
+2.25.1
+
diff --git a/protobuf.spec b/protobuf.spec
index 4c9ebe6..b3e133f 100644
--- a/protobuf.spec
+++ b/protobuf.spec
@@ -8,7 +8,7 @@
 Summary:        Protocol Buffers - Google's data interchange format
 Name:           protobuf
 Version:        3.14.0
-Release:        2
+Release:        3
 License:        BSD
 URL:            https://github.com/protocolbuffers/protobuf
 Source:         https://github.com/protocolbuffers/protobuf/releases/download/v%{version}%{?rcver}/%{name}-all-%{version}%{?rcver}.tar.gz
@@ -16,6 +16,7 @@ Source1:        protobuf-init.el
 
 Patch9000:      0001-add-secure-compile-option-in-Makefile.patch
 Patch9001:      0002-add-secure-compile-fs-check-in-Makefile.patch
+Patch9002:      0003-fix-CVE-2021-22570.patch
 BuildRequires:  make autoconf automake emacs gcc-c++ libtool pkgconfig zlib-devel
 
 %description
@@ -318,6 +319,12 @@ install -p -m 0644 %{SOURCE1} %{buildroot}%{_emacs_sitestartdir}
 %endif
 
 %changelog
+* Fri Mar 18 2022 wangxiaochao <wangxiaochao2@huawei.com> - 3.14.0-3
+- Type:buxfix
+- ID:NA
+- SUG:NA
+- DESC: fix CVE-2021-22570
+
 * Thu Mar 10 2022 wangxiaochao <wangxiaochao2@huawei.com> - 3.14.0-2
 - Type:buxfix
 - ID:NA
-- 
Gitee