meta-openembedded/meta-python/recipes-devtools/python/python3-grpcio/CVE-2024-11407.patch

From e9046b2bbebc0cb7f5dc42008f807f6c7e98e791 Mon Sep 17 00:00:00 2001
From: Vignesh Babu <vigneshbabu@google.com>
Date: Thu, 12 Sep 2024 11:13:45 -0700
Subject: [PATCH] [EventEngine] Fix bug in Tx0cp code path in posix endpoint.

This fix ensures that the iov_base pointers point to the right address.

PiperOrigin-RevId: 673923651

CVE: CVE-2024-11407
Upstream-Status: Backport [https://github.com/grpc/grpc/commit/e9046b2bbebc0cb7f5dc42008f807f6c7e98e791]
Signed-off-by: Peter Marko <peter.marko@siemens.com>
---
 src/core/lib/event_engine/posix_engine/posix_endpoint.cc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/core/lib/event_engine/posix_engine/posix_endpoint.cc b/src/core/lib/event_engine/posix_engine/posix_endpoint.cc
index 7634bb1334b..c5708db02c5 100644
--- a/src/core/lib/event_engine/posix_engine/posix_endpoint.cc
+++ b/src/core/lib/event_engine/posix_engine/posix_endpoint.cc
@@ -240,7 +240,7 @@ msg_iovlen_type TcpZerocopySendRecord::PopulateIovs(size_t* unwind_slice_idx,
        iov_size++) {
     MutableSlice& slice = internal::SliceCast<MutableSlice>(
         buf_.MutableSliceAt(out_offset_.slice_idx));
-    iov[iov_size].iov_base = slice.begin();
+    iov[iov_size].iov_base = slice.begin() + out_offset_.byte_idx;
     iov[iov_size].iov_len = slice.length() - out_offset_.byte_idx;
     *sending_length += iov[iov_size].iov_len;
     ++(out_offset_.slice_idx);
-- 
2.30.2