CaROS/meta-openembedded
3
1
Fork 0
mirror of git://git.openembedded.org/meta-openembedded synced 2026-01-01 13:58:06 +00:00
Code Issues Packages Projects Releases Wiki Activity

nodejs: Fix CVE-2022-32212

Browse Source 
Add patch to fix CVE-2022-32212

Link: https://sources.debian.org/src/nodejs/12.22.12~dfsg-1~deb11u3/debian/patches/cve-2022-32212.patch

Signed-off-by: Poonam Jadhav <Poonam.Jadhav@kpit.com>
Signed-off-by: Omkar Patil <omkarpatil10.93@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
This commit is contained in:
Poonam Jadhav 2023-03-03 18:02:12 +05:30 committed by Armin Kuster
parent 0a7d275985
commit df7fba3744
2 changed files with 134 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

133
meta-oe/recipes-devtools/nodejs/nodejs/CVE-2022-32212.patch Normal file
View File

@ -0,0 +1,133 @@
commit 48c5aa5cab718d04473fa2761d532657c84b8131
Author: Tobias Nießen <tniessen@tnie.de>
Date: Fri May 27 21:18:49 2022 +0000
src: fix IPv4 validation in inspector_socket
Co-authored-by: RafaelGSS <rafael.nunu@hotmail.com>
PR-URL: https://github.com/nodejs-private/node-private/pull/320
Backport-PR-URL: https://github.com/nodejs-private/node-private/pull/325
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: RafaelGSS <rafael.nunu@hotmail.com>
CVE-ID: CVE-2022-32212
CVE: CVE-2022-32212
Upstream-Status: Backport [https://sources.debian.org/src/nodejs/12.22.12~dfsg-1~deb11u3/debian/patches/cve-2022-32212.patch]
Comment: No hunks refreshed
Signed-off-by: Poonam Jadhav <Poonam.Jadhav@kpit.com>
Index: nodejs-12.22.12~dfsg/src/inspector_socket.cc
===================================================================
--- nodejs-12.22.12~dfsg.orig/src/inspector_socket.cc
+++ nodejs-12.22.12~dfsg/src/inspector_socket.cc
@@ -168,14 +168,22 @@ static std::string TrimPort(const std::s
static bool IsIPAddress(const std::string& host) {
if (host.length() >= 4 && host.front() == '[' && host.back() == ']')
return true;
- int quads = 0;
+ uint_fast16_t accum = 0;
+ uint_fast8_t quads = 0;
+ bool empty = true;
+ auto endOctet = [&accum, &quads, &empty](bool final = false) {
+ return !empty && accum <= 0xff && ++quads <= 4 && final == (quads == 4) &&
+ (empty = true) && !(accum = 0);
+ };
for (char c : host) {
- if (c == '.')
- quads++;
- else if (!isdigit(c))
+ if (isdigit(c)) {
+ if ((accum = (accum * 10) + (c - '0')) > 0xff) return false;
+ empty = false;
+ } else if (c != '.' || !endOctet()) {
return false;
+ }
}
- return quads == 3;
+ return endOctet(true);
}
// Constants for hybi-10 frame format.
Index: nodejs-12.22.12~dfsg/test/cctest/test_inspector_socket.cc
===================================================================
--- nodejs-12.22.12~dfsg.orig/test/cctest/test_inspector_socket.cc
+++ nodejs-12.22.12~dfsg/test/cctest/test_inspector_socket.cc
@@ -851,4 +851,78 @@ TEST_F(InspectorSocketTest, HostCheckedF
expect_failure_no_delegate(UPGRADE_REQUEST);
}
+TEST_F(InspectorSocketTest, HostIPChecked) {
+ const std::string INVALID_HOST_IP_REQUEST = "GET /json HTTP/1.1\r\n"
+ "Host: 10.0.2.555:9229\r\n\r\n";
+ send_in_chunks(INVALID_HOST_IP_REQUEST.c_str(),
+ INVALID_HOST_IP_REQUEST.length());
+ expect_handshake_failure();
+}
+
+TEST_F(InspectorSocketTest, HostNegativeIPChecked) {
+ const std::string INVALID_HOST_IP_REQUEST = "GET /json HTTP/1.1\r\n"
+ "Host: 10.0.-23.255:9229\r\n\r\n";
+ send_in_chunks(INVALID_HOST_IP_REQUEST.c_str(),
+ INVALID_HOST_IP_REQUEST.length());
+ expect_handshake_failure();
+}
+
+TEST_F(InspectorSocketTest, HostIpOctetOutOfIntRangeChecked) {
+ const std::string INVALID_HOST_IP_REQUEST =
+ "GET /json HTTP/1.1\r\n"
+ "Host: 127.0.0.4294967296:9229\r\n\r\n";
+ send_in_chunks(INVALID_HOST_IP_REQUEST.c_str(),
+ INVALID_HOST_IP_REQUEST.length());
+ expect_handshake_failure();
+}
+
+TEST_F(InspectorSocketTest, HostIpOctetFarOutOfIntRangeChecked) {
+ const std::string INVALID_HOST_IP_REQUEST =
+ "GET /json HTTP/1.1\r\n"
+ "Host: 127.0.0.18446744073709552000:9229\r\n\r\n";
+ send_in_chunks(INVALID_HOST_IP_REQUEST.c_str(),
+ INVALID_HOST_IP_REQUEST.length());
+ expect_handshake_failure();
+}
+
+TEST_F(InspectorSocketTest, HostIpEmptyOctetStartChecked) {
+ const std::string INVALID_HOST_IP_REQUEST = "GET /json HTTP/1.1\r\n"
+ "Host: .0.0.1:9229\r\n\r\n";
+ send_in_chunks(INVALID_HOST_IP_REQUEST.c_str(),
+ INVALID_HOST_IP_REQUEST.length());
+ expect_handshake_failure();
+}
+
+TEST_F(InspectorSocketTest, HostIpEmptyOctetMidChecked) {
+ const std::string INVALID_HOST_IP_REQUEST = "GET /json HTTP/1.1\r\n"
+ "Host: 127..0.1:9229\r\n\r\n";
+ send_in_chunks(INVALID_HOST_IP_REQUEST.c_str(),
+ INVALID_HOST_IP_REQUEST.length());
+ expect_handshake_failure();
+}
+
+TEST_F(InspectorSocketTest, HostIpEmptyOctetEndChecked) {
+ const std::string INVALID_HOST_IP_REQUEST = "GET /json HTTP/1.1\r\n"
+ "Host: 127.0.0.:9229\r\n\r\n";
+ send_in_chunks(INVALID_HOST_IP_REQUEST.c_str(),
+ INVALID_HOST_IP_REQUEST.length());
+ expect_handshake_failure();
+}
+
+TEST_F(InspectorSocketTest, HostIpTooFewOctetsChecked) {
+ const std::string INVALID_HOST_IP_REQUEST = "GET /json HTTP/1.1\r\n"
+ "Host: 127.0.1:9229\r\n\r\n";
+ send_in_chunks(INVALID_HOST_IP_REQUEST.c_str(),
+ INVALID_HOST_IP_REQUEST.length());
+ expect_handshake_failure();
+}
+
+TEST_F(InspectorSocketTest, HostIpTooManyOctetsChecked) {
+ const std::string INVALID_HOST_IP_REQUEST = "GET /json HTTP/1.1\r\n"
+ "Host: 127.0.0.0.1:9229\r\n\r\n";
+ send_in_chunks(INVALID_HOST_IP_REQUEST.c_str(),
+ INVALID_HOST_IP_REQUEST.length());
+ expect_handshake_failure();
+}
+
} // anonymous namespace

1
meta-oe/recipes-devtools/nodejs/nodejs_12.22.12.bb
View File

@ -22,6 +22,7 @@ SRC_URI = "http://nodejs.org/dist/v${PV}/node-v${PV}.tar.xz \
file://big-endian.patch \
file://mips-warnings.patch \
file://0001-Remove-use-of-register-r7-because-llvm-now-issues-an.patch \
file://CVE-2022-32212.patch \
"
SRC_URI_append_class-target = " \
file://0002-Using-native-binaries.patch \