From 988751415d80e01c4e202ba50b9a4acbbca41c49 Mon Sep 17 00:00:00 2001 From: Peter Marko Date: Sun, 26 Jan 2025 12:01:07 +0100 Subject: python3-grpcio: patch CVE-2024-11407 Cherry-pick commit [1] mentioned in [2]. [1] https://github.com/grpc/grpc/commit/e9046b2bbebc0cb7f5dc42008f807f6c7e98e791 [2] https://nvd.nist.gov/vuln/detail/CVE-2024-11407 Signed-off-by: Peter Marko Signed-off-by: Armin Kuster --- .../python/python3-grpcio/CVE-2024-11407.patch | 32 ++++++++++++++++++++++ .../python/python3-grpcio_1.62.2.bb | 1 + 2 files changed, 33 insertions(+) create mode 100644 meta-python/recipes-devtools/python/python3-grpcio/CVE-2024-11407.patch diff --git a/meta-python/recipes-devtools/python/python3-grpcio/CVE-2024-11407.patch b/meta-python/recipes-devtools/python/python3-grpcio/CVE-2024-11407.patch new file mode 100644 index 0000000000..eef5e7239e --- /dev/null +++ b/meta-python/recipes-devtools/python/python3-grpcio/CVE-2024-11407.patch @@ -0,0 +1,32 @@ +From e9046b2bbebc0cb7f5dc42008f807f6c7e98e791 Mon Sep 17 00:00:00 2001 +From: Vignesh Babu +Date: Thu, 12 Sep 2024 11:13:45 -0700 +Subject: [PATCH] [EventEngine] Fix bug in Tx0cp code path in posix endpoint. + +This fix ensures that the iov_base pointers point to the right address. + +PiperOrigin-RevId: 673923651 + +CVE: CVE-2024-11407 +Upstream-Status: Backport [https://github.com/grpc/grpc/commit/e9046b2bbebc0cb7f5dc42008f807f6c7e98e791] +Signed-off-by: Peter Marko +--- + src/core/lib/event_engine/posix_engine/posix_endpoint.cc | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/core/lib/event_engine/posix_engine/posix_endpoint.cc b/src/core/lib/event_engine/posix_engine/posix_endpoint.cc +index 7634bb1334b..c5708db02c5 100644 +--- a/src/core/lib/event_engine/posix_engine/posix_endpoint.cc ++++ b/src/core/lib/event_engine/posix_engine/posix_endpoint.cc +@@ -240,7 +240,7 @@ msg_iovlen_type TcpZerocopySendRecord::PopulateIovs(size_t* unwind_slice_idx, + iov_size++) { + MutableSlice& slice = internal::SliceCast( + buf_.MutableSliceAt(out_offset_.slice_idx)); +- iov[iov_size].iov_base = slice.begin(); ++ iov[iov_size].iov_base = slice.begin() + out_offset_.byte_idx; + iov[iov_size].iov_len = slice.length() - out_offset_.byte_idx; + *sending_length += iov[iov_size].iov_len; + ++(out_offset_.slice_idx); +-- +2.30.2 + diff --git a/meta-python/recipes-devtools/python/python3-grpcio_1.62.2.bb b/meta-python/recipes-devtools/python/python3-grpcio_1.62.2.bb index 59bfbf5538..b12b509142 100644 --- a/meta-python/recipes-devtools/python/python3-grpcio_1.62.2.bb +++ b/meta-python/recipes-devtools/python/python3-grpcio_1.62.2.bb @@ -12,6 +12,7 @@ SRC_URI += "file://0001-Include-missing-cstdint-header.patch \ file://0001-crypto-use-_Generic-only-if-defined-__cplusplus.patch;patchdir=third_party/boringssl-with-bazel/src/ \ file://0001-target.h-define-proper-macro-for-ppc-ppc64.patch \ file://0001-PR-1644-unscaledcycleclock-remove-RISC-V-support.patch \ + file://CVE-2024-11407.patch \ " SRC_URI[sha256sum] = "c77618071d96b7a8be2c10701a98537823b9c65ba256c0b9067e0594cdbd954d" -- cgit v1.2.3-54-g00ecf