diff options
| author | Peter Marko <peter.marko@siemens.com> | 2025-01-19 19:57:17 +0100 |
|---|---|---|
| committer | Armin Kuster <akuster808@gmail.com> | 2025-01-20 19:45:30 -0500 |
| commit | 6e917b832d1d0a826b6a36f59aef0388bfe64f43 (patch) | |
| tree | 228938a55df6d93fd59e7832d711f2eb92381ffd | |
| parent | f8840edf8c474ea410744f92624da66dcac9e816 (diff) | |
| download | meta-openembedded-6e917b832d1d0a826b6a36f59aef0388bfe64f43.tar.gz | |
grpc: patch CVE-2024-11407
Cherry-pick commit [1] mentioned in [2].
[1] https://github.com/grpc/grpc/commit/e9046b2bbebc0cb7f5dc42008f807f6c7e98e791
[2] https://nvd.nist.gov/vuln/detail/CVE-2024-11407
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
| -rw-r--r-- | meta-oe/recipes-devtools/grpc/grpc/CVE-2024-11407.patch | 32 | ||||
| -rw-r--r-- | meta-oe/recipes-devtools/grpc/grpc_1.60.1.bb | 1 |
2 files changed, 33 insertions, 0 deletions
diff --git a/meta-oe/recipes-devtools/grpc/grpc/CVE-2024-11407.patch b/meta-oe/recipes-devtools/grpc/grpc/CVE-2024-11407.patch new file mode 100644 index 0000000000..beaff6a423 --- /dev/null +++ b/meta-oe/recipes-devtools/grpc/grpc/CVE-2024-11407.patch | |||
| @@ -0,0 +1,32 @@ | |||
| 1 | From e9046b2bbebc0cb7f5dc42008f807f6c7e98e791 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Vignesh Babu <vigneshbabu@google.com> | ||
| 3 | Date: Thu, 12 Sep 2024 11:13:45 -0700 | ||
| 4 | Subject: [PATCH] [EventEngine] Fix bug in Tx0cp code path in posix endpoint. | ||
| 5 | |||
| 6 | This fix ensures that the iov_base pointers point to the right address. | ||
| 7 | |||
| 8 | PiperOrigin-RevId: 673923651 | ||
| 9 | |||
| 10 | CVE: CVE-2024-11407 | ||
| 11 | Upstream-Status: Backport [https://github.com/grpc/grpc/commit/e9046b2bbebc0cb7f5dc42008f807f6c7e98e791] | ||
| 12 | Signed-off-by: Peter Marko <peter.marko@siemens.com> | ||
| 13 | --- | ||
| 14 | src/core/lib/event_engine/posix_engine/posix_endpoint.cc | 2 +- | ||
| 15 | 1 file changed, 1 insertion(+), 1 deletion(-) | ||
| 16 | |||
| 17 | diff --git a/src/core/lib/event_engine/posix_engine/posix_endpoint.cc b/src/core/lib/event_engine/posix_engine/posix_endpoint.cc | ||
| 18 | index 7634bb1334b..c5708db02c5 100644 | ||
| 19 | --- a/src/core/lib/event_engine/posix_engine/posix_endpoint.cc | ||
| 20 | +++ b/src/core/lib/event_engine/posix_engine/posix_endpoint.cc | ||
| 21 | @@ -239,7 +239,7 @@ msg_iovlen_type TcpZerocopySendRecord::PopulateIovs(size_t* unwind_slice_idx, | ||
| 22 | iov_size++) { | ||
| 23 | MutableSlice& slice = internal::SliceCast<MutableSlice>( | ||
| 24 | buf_.MutableSliceAt(out_offset_.slice_idx)); | ||
| 25 | - iov[iov_size].iov_base = slice.begin(); | ||
| 26 | + iov[iov_size].iov_base = slice.begin() + out_offset_.byte_idx; | ||
| 27 | iov[iov_size].iov_len = slice.length() - out_offset_.byte_idx; | ||
| 28 | *sending_length += iov[iov_size].iov_len; | ||
| 29 | ++(out_offset_.slice_idx); | ||
| 30 | -- | ||
| 31 | 2.30.2 | ||
| 32 | |||
diff --git a/meta-oe/recipes-devtools/grpc/grpc_1.60.1.bb b/meta-oe/recipes-devtools/grpc/grpc_1.60.1.bb index 4557fcc908..1594353ef5 100644 --- a/meta-oe/recipes-devtools/grpc/grpc_1.60.1.bb +++ b/meta-oe/recipes-devtools/grpc/grpc_1.60.1.bb | |||
| @@ -25,6 +25,7 @@ BRANCH = "v1.60.x" | |||
| 25 | SRC_URI = "gitsm://github.com/grpc/grpc.git;protocol=https;name=grpc;branch=${BRANCH} \ | 25 | SRC_URI = "gitsm://github.com/grpc/grpc.git;protocol=https;name=grpc;branch=${BRANCH} \ |
| 26 | file://0001-cmake-Link-with-libatomic-on-rv32-rv64.patch \ | 26 | file://0001-cmake-Link-with-libatomic-on-rv32-rv64.patch \ |
| 27 | file://CVE-2024-7246.patch \ | 27 | file://CVE-2024-7246.patch \ |
| 28 | file://CVE-2024-11407.patch \ | ||
| 28 | " | 29 | " |
| 29 | # Fixes build with older compilers 4.8 especially on ubuntu 14.04 | 30 | # Fixes build with older compilers 4.8 especially on ubuntu 14.04 |
| 30 | CXXFLAGS:append:class-native = " -Wl,--no-as-needed" | 31 | CXXFLAGS:append:class-native = " -Wl,--no-as-needed" |