diff options
| author |   Chen Qi <Qi.Chen@windriver.com> | 2023-09-14 12:00:25 +0800 |
|---|---|---|
| committer |   Armin Kuster <akuster808@gmail.com> | 2023-09-15 07:22:08 -0400 |
| commit | 63a9c4978136caa12f9a5dccb5123e5b9d09f7e8 (patch) | |
| tree | 0e30f19314489c2d20a109a602dcf30633ca5844 | |
| parent | acd40940f01534853907a070e6015de52cd50114 (diff) | |
| download | meta-openembedded-contrib-63a9c4978136caa12f9a5dccb5123e5b9d09f7e8.tar.gz | |
grpc: fix CVE-2023-32732
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
| -rw-r--r-- | meta-oe/recipes-devtools/grpc/grpc/0001-fix-CVE-2023-32732.patch | 81 | ||||
| -rw-r--r-- | meta-oe/recipes-devtools/grpc/grpc_1.50.1.bb | 1 |
2 files changed, 82 insertions, 0 deletions
diff --git a/meta-oe/recipes-devtools/grpc/grpc/0001-fix-CVE-2023-32732.patch b/meta-oe/recipes-devtools/grpc/grpc/0001-fix-CVE-2023-32732.patch new file mode 100644 index 0000000000..ab46897b12 --- /dev/null +++ b/meta-oe/recipes-devtools/grpc/grpc/0001-fix-CVE-2023-32732.patch @@ -0,0 +1,81 @@ +From d39489045b5aa73e27713e3cbacb8832c1140ec8 Mon Sep 17 00:00:00 2001 +From: Chen Qi <Qi.Chen@windriver.com> +Date: Wed, 9 Aug 2023 13:33:45 +0800 +Subject: [PATCH] fix CVE-2023-32732 + +CVE: CVE-2023-32732 + +Upstream-Status: Backport [https://github.com/grpc/grpc/pull/32309/commits/6a7850ef4f042ac26559854266dddc79bfbc75b2] +The original patch is adjusted to fit the current 1.50.1 version. + +Signed-off-by: Chen Qi <Qi.Chen@windriver.com> +--- + .../ext/transport/chttp2/transport/hpack_parser.cc | 10 +++++++--- + src/core/ext/transport/chttp2/transport/internal.h | 2 -- + src/core/ext/transport/chttp2/transport/parsing.cc | 6 ++---- + 3 files changed, 9 insertions(+), 9 deletions(-) + +diff --git a/src/core/ext/transport/chttp2/transport/hpack_parser.cc b/src/core/ext/transport/chttp2/transport/hpack_parser.cc +index f2e49022dc3..cd459d15238 100644 +--- a/src/core/ext/transport/chttp2/transport/hpack_parser.cc ++++ b/src/core/ext/transport/chttp2/transport/hpack_parser.cc +@@ -1211,12 +1211,16 @@ class HPackParser::Parser { + "). GRPC_ARG_MAX_METADATA_SIZE can be set to increase this limit.", + *frame_length_, metadata_size_limit_); + if (metadata_buffer_ != nullptr) metadata_buffer_->Clear(); ++ // StreamId is used as a signal to skip this stream but keep the connection ++ // alive + return input_->MaybeSetErrorAndReturn( + [] { + return grpc_error_set_int( +- GRPC_ERROR_CREATE_FROM_STATIC_STRING( +- "received initial metadata size exceeds limit"), +- GRPC_ERROR_INT_GRPC_STATUS, GRPC_STATUS_RESOURCE_EXHAUSTED); ++ grpc_error_set_int( ++ GRPC_ERROR_CREATE_FROM_STATIC_STRING( ++ "received initial metadata size exceeds limit"), ++ GRPC_ERROR_INT_GRPC_STATUS, GRPC_STATUS_RESOURCE_EXHAUSTED), ++ GRPC_ERROR_INT_STREAM_ID, 0); + }, + false); + } +diff --git a/src/core/ext/transport/chttp2/transport/internal.h b/src/core/ext/transport/chttp2/transport/internal.h +index 4a2f4261d83..f8b544d9583 100644 +--- a/src/core/ext/transport/chttp2/transport/internal.h ++++ b/src/core/ext/transport/chttp2/transport/internal.h +@@ -542,8 +542,6 @@ struct grpc_chttp2_stream { + + grpc_core::Timestamp deadline = grpc_core::Timestamp::InfFuture(); + +- /** saw some stream level error */ +- grpc_error_handle forced_close_error = GRPC_ERROR_NONE; + /** how many header frames have we received? */ + uint8_t header_frames_received = 0; + /** number of bytes received - reset at end of parse thread execution */ +diff --git a/src/core/ext/transport/chttp2/transport/parsing.cc b/src/core/ext/transport/chttp2/transport/parsing.cc +index 980f13543f6..afe6da190b6 100644 +--- a/src/core/ext/transport/chttp2/transport/parsing.cc ++++ b/src/core/ext/transport/chttp2/transport/parsing.cc +@@ -22,6 +22,7 @@ + #include <string.h> + + #include <string> ++#include <utility> + + #include "absl/base/attributes.h" + #include "absl/status/status.h" +@@ -719,10 +720,7 @@ static grpc_error_handle parse_frame_slice(grpc_chttp2_transport* t, + } + grpc_chttp2_parsing_become_skip_parser(t); + if (s) { +- s->forced_close_error = err; +- grpc_chttp2_add_rst_stream_to_next_write(t, t->incoming_stream_id, +- GRPC_HTTP2_PROTOCOL_ERROR, +- &s->stats.outgoing); ++ grpc_chttp2_cancel_stream(t, s, std::exchange(err, absl::OkStatus())); + } else { + GRPC_ERROR_UNREF(err); + } +-- +2.34.1 + diff --git a/meta-oe/recipes-devtools/grpc/grpc_1.50.1.bb b/meta-oe/recipes-devtools/grpc/grpc_1.50.1.bb index 7b8a25c277..b3956ce40c 100644 --- a/meta-oe/recipes-devtools/grpc/grpc_1.50.1.bb +++ b/meta-oe/recipes-devtools/grpc/grpc_1.50.1.bb @@ -26,6 +26,7 @@ SRC_URI = "gitsm://github.com/grpc/grpc.git;protocol=https;name=grpc;branch=${BR file://0001-Revert-Changed-GRPCPP_ABSEIL_SYNC-to-GPR_ABSEIL_SYNC.patch \ file://0001-cmake-add-separate-export-for-plugin-targets.patch \ file://0001-cmake-Link-with-libatomic-on-rv32-rv64.patch \ + file://0001-fix-CVE-2023-32732.patch \ " # Fixes build with older compilers 4.8 especially on ubuntu 14.04 CXXFLAGS:append:class-native = " -Wl,--no-as-needed" |