Fix CVE-2024-27532 for fluent-bit

microsoft · Nov 14, 2024 · 6fe672b · 6fe672b
1 parent 6750465
commit 6fe672b
Show file tree

Hide file tree

Showing 2 changed files with 48 additions and 2 deletions.
diff --git a/SPECS/fluent-bit/CVE-2024-27532.patch b/SPECS/fluent-bit/CVE-2024-27532.patch
@@ -0,0 +1,42 @@
+From bd866ae9686ea914f57e83bd5b2e9c7a5a2a7323 Mon Sep 17 00:00:00 2001
+From: Sudipta Pandit <[email protected]>
+Date: Thu, 14 Nov 2024 13:32:31 +0530
+Subject: [PATCH] Fix CVE-2024-27532
+
+Reference: https://github.com/bytecodealliance/wasm-micro-runtime/pull/3133
+
+---
+ .../core/iwasm/interpreter/wasm_loader.c                       | 2 +-
+ .../core/iwasm/interpreter/wasm_mini_loader.c                  | 3 ++-
+ 2 files changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/lib/wasm-micro-runtime-WAMR-1.3.0/core/iwasm/interpreter/wasm_loader.c b/lib/wasm-micro-runtime-WAMR-1.3.0/core/iwasm/interpreter/wasm_loader.c
+index 87af8526f..2254ba577 100644
+--- a/lib/wasm-micro-runtime-WAMR-1.3.0/core/iwasm/interpreter/wasm_loader.c
++++ b/lib/wasm-micro-runtime-WAMR-1.3.0/core/iwasm/interpreter/wasm_loader.c
+@@ -6694,7 +6694,7 @@ wasm_loader_check_br(WASMLoaderContext *loader_ctx, uint32 depth,
+     uint16 cell_num;
+
+     bh_assert(loader_ctx->csp_num > 0);
+-    if (loader_ctx->csp_num < depth + 1) {
++    if (loader_ctx->csp_num - 1 < depth) {
+         set_error_buf(error_buf, error_buf_size,
+                       "unknown label, "
+                       "unexpected end of section or function");
+diff --git a/lib/wasm-micro-runtime-WAMR-1.3.0/core/iwasm/interpreter/wasm_mini_loader.c b/lib/wasm-micro-runtime-WAMR-1.3.0/core/iwasm/interpreter/wasm_mini_loader.c
+index 157a82cc3..ee01db71d 100644
+--- a/lib/wasm-micro-runtime-WAMR-1.3.0/core/iwasm/interpreter/wasm_mini_loader.c
++++ b/lib/wasm-micro-runtime-WAMR-1.3.0/core/iwasm/interpreter/wasm_mini_loader.c
+@@ -5199,7 +5199,8 @@ wasm_loader_check_br(WASMLoaderContext *loader_ctx, uint32 depth,
+     int32 i, available_stack_cell;
+     uint16 cell_num;
+
+-    if (loader_ctx->csp_num < depth + 1) {
++    bh_assert(loader_ctx->csp_num > 0);
++    if (loader_ctx->csp_num - 1 < depth) {
+         set_error_buf(error_buf, error_buf_size,
+                       "unknown label, "
+                       "unexpected end of section or function");
+-- 
+2.34.1
+
diff --git a/SPECS/fluent-bit/fluent-bit.spec b/SPECS/fluent-bit/fluent-bit.spec
@@ -1,7 +1,7 @@
 Summary:        Fast and Lightweight Log processor and forwarder for Linux, BSD and OSX
 Name:           fluent-bit
 Version:        2.2.3
-Release:        4%{?dist}
+Release:        5%{?dist}
 License:        Apache-2.0
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
@@ -12,6 +12,7 @@ Patch1:         in_emitter_fix_issue_8198.patch
 Patch2:         fix_issue_8025.patch
 Patch3:         CVE-2024-26455.patch
 Patch4:         CVE-2024-25629.patch
+Patch5:         CVE-2024-27532.patch
 BuildRequires:  bison
 BuildRequires:  cmake
 BuildRequires:  cyrus-sasl-devel
@@ -85,6 +86,9 @@ Development files for %{name}
 %{_libdir}/fluent-bit/*.so
 
 %changelog
+* Thu Nov 14 2024 Sudipta Pandit <[email protected]> - 2.2.3-5
+- Backport fix for CVE-2024-27532
+
 * Tue Oct 15 2024 Chris Gunn <[email protected]> - 2.2.3-4
 - CVE-2024-26455
 - CVE-2024-25629
@@ -93,7 +97,7 @@ Development files for %{name}
 - Apply patch in_emitter_fix_issue_8198.patch to fix #8198 ( Potential log loss during high load at Multiline & Rewrite Tag Filter (in_emitter) )
 - Fix issue #8025 with a patch ( in_tail: missing log for offset processing due to non-existent old inodes in sqlite )
 
-* Wed May 30 2024 Sindhu Karri <[email protected]> - 2.2.3-2
+* Thu May 30 2024 Sindhu Karri <[email protected]> - 2.2.3-2
 - Fix CVE-2024-34250 with a patch
 
 * Tue May 28 2024 CBL-Mariner Servicing Account <[email protected]> - 2.2.3-1