Fix CVE-2024-27532 for fluent-bit

microsoft · Nov 14, 2024 · e8731ca · e8731ca
1 parent 4f0ad92
commit e8731ca
Show file tree

Hide file tree

Showing 2 changed files with 47 additions and 1 deletion.
diff --git a/SPECS/fluent-bit/CVE-2024-27532.patch b/SPECS/fluent-bit/CVE-2024-27532.patch
@@ -0,0 +1,42 @@
+From bd866ae9686ea914f57e83bd5b2e9c7a5a2a7323 Mon Sep 17 00:00:00 2001
+From: Sudipta Pandit <[email protected]>
+Date: Thu, 14 Nov 2024 13:32:31 +0530
+Subject: [PATCH] Fix CVE-2024-27532
+
+Reference: https://github.com/bytecodealliance/wasm-micro-runtime/pull/3133
+
+---
+ .../core/iwasm/interpreter/wasm_loader.c                       | 2 +-
+ .../core/iwasm/interpreter/wasm_mini_loader.c                  | 3 ++-
+ 2 files changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/lib/wasm-micro-runtime-WAMR-1.3.0/core/iwasm/interpreter/wasm_loader.c b/lib/wasm-micro-runtime-WAMR-1.3.0/core/iwasm/interpreter/wasm_loader.c
+index 87af8526f..2254ba577 100644
+--- a/lib/wasm-micro-runtime-WAMR-1.3.0/core/iwasm/interpreter/wasm_loader.c
++++ b/lib/wasm-micro-runtime-WAMR-1.3.0/core/iwasm/interpreter/wasm_loader.c
+@@ -6694,7 +6694,7 @@ wasm_loader_check_br(WASMLoaderContext *loader_ctx, uint32 depth,
+     uint16 cell_num;
+
+     bh_assert(loader_ctx->csp_num > 0);
+-    if (loader_ctx->csp_num < depth + 1) {
++    if (loader_ctx->csp_num - 1 < depth) {
+         set_error_buf(error_buf, error_buf_size,
+                       "unknown label, "
+                       "unexpected end of section or function");
+diff --git a/lib/wasm-micro-runtime-WAMR-1.3.0/core/iwasm/interpreter/wasm_mini_loader.c b/lib/wasm-micro-runtime-WAMR-1.3.0/core/iwasm/interpreter/wasm_mini_loader.c
+index 157a82cc3..ee01db71d 100644
+--- a/lib/wasm-micro-runtime-WAMR-1.3.0/core/iwasm/interpreter/wasm_mini_loader.c
++++ b/lib/wasm-micro-runtime-WAMR-1.3.0/core/iwasm/interpreter/wasm_mini_loader.c
+@@ -5199,7 +5199,8 @@ wasm_loader_check_br(WASMLoaderContext *loader_ctx, uint32 depth,
+     int32 i, available_stack_cell;
+     uint16 cell_num;
+
+-    if (loader_ctx->csp_num < depth + 1) {
++    bh_assert(loader_ctx->csp_num > 0);
++    if (loader_ctx->csp_num - 1 < depth) {
+         set_error_buf(error_buf, error_buf_size,
+                       "unknown label, "
+                       "unexpected end of section or function");
+-- 
+2.34.1
+
diff --git a/SPECS/fluent-bit/fluent-bit.spec b/SPECS/fluent-bit/fluent-bit.spec
@@ -1,7 +1,7 @@
 Summary:        Fast and Lightweight Log processor and forwarder for Linux, BSD and OSX
 Name:           fluent-bit
 Version:        3.0.6
-Release:        2%{?dist}
+Release:        3%{?dist}
 License:        Apache-2.0
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -10,6 +10,7 @@ Source0:        https://github.com/fluent/%{name}/archive/refs/tags/v%{version}.
 Patch0:         CVE-2024-34250.patch
 Patch1:         CVE-2024-25629.patch
 Patch2:         CVE-2024-28182.patch
+Patch3:         CVE-2024-27532.patch
 BuildRequires:  bison
 BuildRequires:  cmake
 BuildRequires:  cyrus-sasl-devel
@@ -83,6 +84,9 @@ Development files for %{name}
 %{_libdir}/fluent-bit/*.so
 
 %changelog
+* Thu Nov 14 2024 Sudipta Pandit <[email protected]> - 3.0.6-3
+- Backport fixes for CVE-2024-27532
+
 * Tue Oct 15 2024 Chris Gunn <[email protected]> - 3.0.6-2
 - CVE-2024-34250
 - CVE-2024-25629