1 files changed, 133 insertions, 0 deletions

diff --git a/meta-oe/recipes-devtools/nodejs/nodejs/CVE-2022-32212.patch b/meta-oe/recipes-devtools/nodejs/nodejs/CVE-2022-32212.patch
new file mode 100644
index 0000000000..f7b4b61f47
--- /dev/null
+++ b/meta-oe/recipes-devtools/nodejs/nodejs/CVE-2022-32212.patch
@@ -0,0 +1,133 @@
+commit 48c5aa5cab718d04473fa2761d532657c84b8131
+Author: Tobias Nießen <tniessen@tnie.de>
+Date:   Fri May 27 21:18:49 2022 +0000
+
+    src: fix IPv4 validation in inspector_socket
+
+    Co-authored-by: RafaelGSS <rafael.nunu@hotmail.com>
+    PR-URL: https://github.com/nodejs-private/node-private/pull/320
+    Backport-PR-URL: https://github.com/nodejs-private/node-private/pull/325
+    Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
+    Reviewed-By: RafaelGSS <rafael.nunu@hotmail.com>
+    CVE-ID: CVE-2022-32212
+
+CVE: CVE-2022-32212
+Upstream-Status: Backport [https://sources.debian.org/src/nodejs/12.22.12~dfsg-1~deb11u3/debian/patches/cve-2022-32212.patch]
+Comment: No hunks refreshed
+Signed-off-by: Poonam Jadhav <Poonam.Jadhav@kpit.com>
+
+Index: nodejs-12.22.12~dfsg/src/inspector_socket.cc
+===================================================================
+--- nodejs-12.22.12~dfsg.orig/src/inspector_socket.cc
++++ nodejs-12.22.12~dfsg/src/inspector_socket.cc
+@@ -168,14 +168,22 @@ static std::string TrimPort(const std::s
+ static bool IsIPAddress(const std::string& host) {
+   if (host.length() >= 4 && host.front() == '[' && host.back() == ']')
+     return true;
+-  int quads = 0;
++  uint_fast16_t accum = 0;
++  uint_fast8_t quads = 0;
++  bool empty = true;
++  auto endOctet = [&accum, &quads, &empty](bool final = false) {
++    return !empty && accum <= 0xff && ++quads <= 4 && final == (quads == 4) &&
++           (empty = true) && !(accum = 0);
++  };
+   for (char c : host) {
+-    if (c == '.')
+-      quads++;
+-    else if (!isdigit(c))
++    if (isdigit(c)) {
++      if ((accum = (accum * 10) + (c - '0')) > 0xff) return false;
++      empty = false;
++    } else if (c != '.' || !endOctet()) {
+       return false;
++    }
+   }
+-  return quads == 3;
++  return endOctet(true);
+ }
+ 
+ // Constants for hybi-10 frame format.
+Index: nodejs-12.22.12~dfsg/test/cctest/test_inspector_socket.cc
+===================================================================
+--- nodejs-12.22.12~dfsg.orig/test/cctest/test_inspector_socket.cc
++++ nodejs-12.22.12~dfsg/test/cctest/test_inspector_socket.cc
+@@ -851,4 +851,78 @@ TEST_F(InspectorSocketTest, HostCheckedF
+   expect_failure_no_delegate(UPGRADE_REQUEST);
+ }
+ 
++TEST_F(InspectorSocketTest, HostIPChecked) {
++  const std::string INVALID_HOST_IP_REQUEST = "GET /json HTTP/1.1\r\n"
++                                              "Host: 10.0.2.555:9229\r\n\r\n";
++  send_in_chunks(INVALID_HOST_IP_REQUEST.c_str(),
++                 INVALID_HOST_IP_REQUEST.length());
++  expect_handshake_failure();
++}
++
++TEST_F(InspectorSocketTest, HostNegativeIPChecked) {
++  const std::string INVALID_HOST_IP_REQUEST = "GET /json HTTP/1.1\r\n"
++                                              "Host: 10.0.-23.255:9229\r\n\r\n";
++  send_in_chunks(INVALID_HOST_IP_REQUEST.c_str(),
++                 INVALID_HOST_IP_REQUEST.length());
++  expect_handshake_failure();
++}
++
++TEST_F(InspectorSocketTest, HostIpOctetOutOfIntRangeChecked) {
++  const std::string INVALID_HOST_IP_REQUEST =
++      "GET /json HTTP/1.1\r\n"
++      "Host: 127.0.0.4294967296:9229\r\n\r\n";
++  send_in_chunks(INVALID_HOST_IP_REQUEST.c_str(),
++                 INVALID_HOST_IP_REQUEST.length());
++  expect_handshake_failure();
++}
++
++TEST_F(InspectorSocketTest, HostIpOctetFarOutOfIntRangeChecked) {
++  const std::string INVALID_HOST_IP_REQUEST =
++      "GET /json HTTP/1.1\r\n"
++      "Host: 127.0.0.18446744073709552000:9229\r\n\r\n";
++  send_in_chunks(INVALID_HOST_IP_REQUEST.c_str(),
++                 INVALID_HOST_IP_REQUEST.length());
++  expect_handshake_failure();
++}
++
++TEST_F(InspectorSocketTest, HostIpEmptyOctetStartChecked) {
++  const std::string INVALID_HOST_IP_REQUEST = "GET /json HTTP/1.1\r\n"
++                                              "Host: .0.0.1:9229\r\n\r\n";
++  send_in_chunks(INVALID_HOST_IP_REQUEST.c_str(),
++                 INVALID_HOST_IP_REQUEST.length());
++  expect_handshake_failure();
++}
++
++TEST_F(InspectorSocketTest, HostIpEmptyOctetMidChecked) {
++  const std::string INVALID_HOST_IP_REQUEST = "GET /json HTTP/1.1\r\n"
++                                              "Host: 127..0.1:9229\r\n\r\n";
++  send_in_chunks(INVALID_HOST_IP_REQUEST.c_str(),
++                 INVALID_HOST_IP_REQUEST.length());
++  expect_handshake_failure();
++}
++
++TEST_F(InspectorSocketTest, HostIpEmptyOctetEndChecked) {
++  const std::string INVALID_HOST_IP_REQUEST = "GET /json HTTP/1.1\r\n"
++                                              "Host: 127.0.0.:9229\r\n\r\n";
++  send_in_chunks(INVALID_HOST_IP_REQUEST.c_str(),
++                 INVALID_HOST_IP_REQUEST.length());
++  expect_handshake_failure();
++}
++
++TEST_F(InspectorSocketTest, HostIpTooFewOctetsChecked) {
++  const std::string INVALID_HOST_IP_REQUEST = "GET /json HTTP/1.1\r\n"
++                                              "Host: 127.0.1:9229\r\n\r\n";
++  send_in_chunks(INVALID_HOST_IP_REQUEST.c_str(),
++                 INVALID_HOST_IP_REQUEST.length());
++  expect_handshake_failure();
++}
++
++TEST_F(InspectorSocketTest, HostIpTooManyOctetsChecked) {
++  const std::string INVALID_HOST_IP_REQUEST = "GET /json HTTP/1.1\r\n"
++                                              "Host: 127.0.0.0.1:9229\r\n\r\n";
++  send_in_chunks(INVALID_HOST_IP_REQUEST.c_str(),
++                 INVALID_HOST_IP_REQUEST.length());
++  expect_handshake_failure();
++}
++
+ }  // anonymous namespace