!24 Fix CVE-2023-35789

From: @starlet-dx 
Reviewed-by: @wang--ge 
Signed-off-by: @wang--ge

CVE-2019-18609.patch

@@ -0,0 +1,47 @@
+From fc85be7123050b91b054e45b91c78d3241a5047a Mon Sep 17 00:00:00 2001
+From: Alan Antonuk <alan.antonuk@gmail.com>
+Date: Sun, 3 Nov 2019 23:50:07 -0800
+Subject: [PATCH] lib: check frame_size is >= INT32_MAX
+
+When parsing a frame header, validate that the frame_size is less than
+or equal to INT32_MAX. Given frame_max is limited between 0 and
+INT32_MAX in amqp_login and friends, this does not change the API.
+
+This prevents a potential buffer overflow when a malicious client sends
+a frame_size that is close to UINT32_MAX, in which causes an overflow
+when computing state->target_size resulting in a small value there. A
+buffer is then allocated with the small amount, then memcopy copies the
+frame_size writing to memory beyond the end of the buffer.
+---
+ librabbitmq/amqp_connection.c | 15 ++++++++++++---
+ 1 file changed, 12 insertions(+), 3 deletions(-)
+
+diff --git a/librabbitmq/amqp_connection.c b/librabbitmq/amqp_connection.c
+index 034b2e96..b106f70a 100644
+--- a/librabbitmq/amqp_connection.c
++++ b/librabbitmq/amqp_connection.c
+@@ -287,12 +287,21 @@ int amqp_handle_input(amqp_connection_state_t state, amqp_bytes_t received_data,
+     case CONNECTION_STATE_HEADER: {
+       amqp_channel_t channel;
+       amqp_pool_t *channel_pool;
+-      /* frame length is 3 bytes in */
++      uint32_t frame_size;
++
+       channel = amqp_d16(amqp_offset(raw_frame, 1));
+ 
+-      state->target_size =
+-          amqp_d32(amqp_offset(raw_frame, 3)) + HEADER_SIZE + FOOTER_SIZE;
++      /* frame length is 3 bytes in */
++      frame_size = amqp_d32(amqp_offset(raw_frame, 3));
++      /* To prevent the target_size calculation below from overflowing, check
++       * that the stated frame_size is smaller than a signed 32-bit. Given
++       * the library only allows configuring frame_max as an int32_t, and
++       * frame_size is uint32_t, the math below is safe from overflow. */
++      if (frame_size >= INT32_MAX) {
++        return AMQP_STATUS_BAD_AMQP_DATA;
++      }
+ 
++      state->target_size = frame_size + HEADER_SIZE + FOOTER_SIZE;
+       if ((size_t)state->frame_max < state->target_size) {
+         return AMQP_STATUS_BAD_AMQP_DATA;
+       }

CVE-2023-35789.patch

@@ -0,0 +1,127 @@
+From 463054383fbeef889b409a7f843df5365288e2a0 Mon Sep 17 00:00:00 2001
+From: Christian Kastner <ckk@kvr.at>
+Date: Tue, 13 Jun 2023 14:21:52 +0200
+Subject: [PATCH] Add option to read username/password from file (#781)
+
+* Add option to read username/password from file
+---
+ tools/common.c | 66 ++++++++++++++++++++++++++++++++++++++++++++++++++
+ 1 file changed, 66 insertions(+)
+
+diff --git a/tools/common.c b/tools/common.c
+index 73b47e25..7efe557b 100644
+--- a/tools/common.c
++++ b/tools/common.c
+@@ -18,6 +18,11 @@
+ #include "compat.h"
+ #endif
+ 
++/* For when reading auth data from a file */
++#define MAXAUTHTOKENLEN 128
++#define USERNAMEPREFIX "username:"
++#define PASSWORDPREFIX "password:"
++
+ void die(const char *fmt, ...) {
+   va_list ap;
+   va_start(ap, fmt);
+@@ -125,6 +130,7 @@ static char *amqp_vhost;
+ static char *amqp_username;
+ static char *amqp_password;
+ static int amqp_heartbeat = 0;
++static char *amqp_authfile;
+ #ifdef WITH_SSL
+ static int amqp_ssl = 0;
+ static char *amqp_cacert = "/etc/ssl/certs/cacert.pem";
+@@ -147,6 +153,8 @@ struct poptOption connect_options[] = {
+      "the password to login with", "password"},
+     {"heartbeat", 0, POPT_ARG_INT, &amqp_heartbeat, 0,
+      "heartbeat interval, set to 0 to disable", "heartbeat"},
++    {"authfile", 0, POPT_ARG_STRING, &amqp_authfile, 0,
++     "path to file containing username/password for authentication", "file"},
+ #ifdef WITH_SSL
+     {"ssl", 0, POPT_ARG_NONE, &amqp_ssl, 0, "connect over SSL/TLS", NULL},
+     {"cacert", 0, POPT_ARG_STRING, &amqp_cacert, 0,
+@@ -158,6 +166,50 @@ struct poptOption connect_options[] = {
+ #endif /* WITH_SSL */
+     {NULL, '\0', 0, NULL, 0, NULL, NULL}};
+ 
++void read_authfile(const char *path) {
++  size_t n;
++  FILE *fp = NULL;
++  char token[MAXAUTHTOKENLEN];
++
++  if ((amqp_username = malloc(MAXAUTHTOKENLEN)) == NULL ||
++      (amqp_password = malloc(MAXAUTHTOKENLEN)) == NULL) {
++    die("Out of memory");
++  } else if ((fp = fopen(path, "r")) == NULL) {
++    die("Could not read auth data file %s", path);
++  }
++
++  if (fgets(token, MAXAUTHTOKENLEN, fp) == NULL ||
++      strncmp(token, USERNAMEPREFIX, strlen(USERNAMEPREFIX))) {
++    die("Malformed auth file (missing username)");
++  }
++  strncpy(amqp_username, &token[strlen(USERNAMEPREFIX)], MAXAUTHTOKENLEN);
++  /* Missing newline means token was cut off */
++  n = strlen(amqp_username);
++  if (amqp_username[n - 1] != '\n') {
++    die("Username too long");
++  } else {
++    amqp_username[n - 1] = '\0';
++  }
++
++  if (fgets(token, MAXAUTHTOKENLEN, fp) == NULL ||
++      strncmp(token, PASSWORDPREFIX, strlen(PASSWORDPREFIX))) {
++    die("Malformed auth file (missing password)");
++  }
++  strncpy(amqp_password, &token[strlen(PASSWORDPREFIX)], MAXAUTHTOKENLEN);
++  /* Missing newline means token was cut off */
++  n = strlen(amqp_password);
++  if (amqp_password[n - 1] != '\n') {
++    die("Password too long");
++  } else {
++    amqp_password[n - 1] = '\0';
++  }
++
++  (void)fgetc(fp);
++  if (!feof(fp)) {
++    die("Malformed auth file (trailing data)");
++  }
++}
++
+ static void init_connection_info(struct amqp_connection_info *ci) {
+   ci->user = NULL;
+   ci->password = NULL;
+@@ -237,6 +289,8 @@ static void init_connection_info(struct amqp_connection_info *ci) {
+   if (amqp_username) {
+     if (amqp_url) {
+       die("--username and --url options cannot be used at the same time");
++    } else if (amqp_authfile) {
++      die("--username and --authfile options cannot be used at the same time");
+     }
+ 
+     ci->user = amqp_username;
+@@ -245,11 +299,23 @@ static void init_connection_info(struct amqp_connection_info *ci) {
+   if (amqp_password) {
+     if (amqp_url) {
+       die("--password and --url options cannot be used at the same time");
++    } else if (amqp_authfile) {
++      die("--password and --authfile options cannot be used at the same time");
+     }
+ 
+     ci->password = amqp_password;
+   }
+ 
++  if (amqp_authfile) {
++    if (amqp_url) {
++      die("--authfile and --url options cannot be used at the same time");
++    }
++
++    read_authfile(amqp_authfile);
++    ci->user = amqp_username;
++    ci->password = amqp_password;
++  }
++
+   if (amqp_vhost) {
+     if (amqp_url) {
+       die("--vhost and --url options cannot be used at the same time");

backport-0001-Fix-instructions-for-default-build.patch

@@ -0,0 +1,26 @@
+From 1fa5f63e6ba34d6d29fea7db62fde1b2bf96d914 Mon Sep 17 00:00:00 2001
+From: Ross Cousens <rcousens@users.noreply.github.com>
+Date: Mon, 16 Jul 2018 10:18:04 +1000
+Subject: [PATCH] Fix instructions for default build
+
+The order of arguments were incorrect, --build must directly specify the directory afterwards.
+---
+ README.md | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/README.md b/README.md
+index 5255315..b7776c6 100644
+--- a/README.md
++++ b/README.md
+@@ -52,7 +52,7 @@ systems are:
+ 
+     mkdir build && cd build
+     cmake ..
+-    cmake --build [--config Release] .
++    cmake --build . [--config Release]
+ 
+ The --config Release flag should be used in multi-configuration generators e.g.,
+ Visual Studio or XCode.
+-- 
+2.37.3.windows.1
+

backport-0001-OpenSSL-should-ignore-missing-config-file.patch

@@ -0,0 +1,32 @@
+From 23c8fd736abda6331e38ca045735d636390336f5 Mon Sep 17 00:00:00 2001
+From: Alan Antonuk <alan.antonuk@gmail.com>
+Date: Sat, 8 Sep 2018 11:48:35 -0700
+Subject: [PATCH] OpenSSL should ignore missing config file
+
+When initializing OpenSSL in v1.1.0 or later, tell OpenSSL to ignore
+missing openssl.cnf.
+
+Fixes #523
+---
+ librabbitmq/amqp_openssl.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/librabbitmq/amqp_openssl.c b/librabbitmq/amqp_openssl.c
+index bcd5ba5..1fac25d 100644
+--- a/librabbitmq/amqp_openssl.c
++++ b/librabbitmq/amqp_openssl.c
+@@ -584,8 +584,9 @@ static int setup_openssl(void) {
+   CRYPTO_set_locking_callback(ssl_locking_callback);
+ 
+ #ifdef AMQP_OPENSSL_V110
+-  if (CONF_modules_load_file(NULL, "rabbitmq-c", CONF_MFLAGS_DEFAULT_SECTION) <=
+-      0) {
++  if (CONF_modules_load_file(
++          NULL, "rabbitmq-c",
++          CONF_MFLAGS_DEFAULT_SECTION | CONF_MFLAGS_IGNORE_MISSING_FILE) <= 0) {
+     status = AMQP_STATUS_SSL_ERROR;
+     goto out;
+   }
+-- 
+2.37.3.windows.1
+

librabbitmq.spec

@@ -0,0 +1,89 @@
+%global git_commit 77e3805d1662034339c3c19bcdaaa62a56c1fa7e
+%global git_short_commit %(tmp=%{git_commit}; echo ${tmp:0:7})
+%global project_name rabbitmq-c
+
+Name:      librabbitmq
+Version:   0.9.0
+Release:   7
+Summary:   The AMQP client library
+License:   MIT
+URL:       https://github.com/alanxz/rabbitmq-c
+
+Source0:   https://github.com/alanxz/%{project_name}/archive/%{git_commit}/%{project_name}-%{version}-%{git_short_commit}.tar.gz
+Patch6000: CVE-2019-18609.patch
+Patch6001: backport-0001-Fix-instructions-for-default-build.patch
+Patch6002: backport-0001-OpenSSL-should-ignore-missing-config-file.patch
+Patch0003: CVE-2023-35789.patch
+
+BuildRequires:	cmake > 2.8
+BuildRequires:	popt-devel > 1.14
+BuildRequires:	openssl-devel xmlto git
+Provides:		%{name}-tools
+Obsoletes:		%{name}-tools
+
+%description
+This is a C-language AMQP client library for use with AMQP servers speaking protocol versions 0-9-1.
+
+%package devel
+Summary:	Development files for %{name}
+Requires:   %{name} = %{version}-%{release}
+
+%description devel
+Libraries and header files of %{name} are all in the %{name}-devel package.
+
+%package	help
+Summary:	Help manual for %{name}
+
+%description	help
+The %{name}-help package conatins man manual etc
+
+%prep
+%autosetup -n %{project_name}-%{git_commit} -p1 -Sgit
+sed -e '/test_basic/d' -i tests/CMakeLists.txt
+
+%build
+%cmake -DBUILD_TOOLS_DOCS:BOOL=ON -DBUILD_STATIC_LIBS:BOOL=ON
+%make_build
+
+%install
+%make_install
+rm %{buildroot}%{_libdir}/%{name}.a
+
+%check
+grep @ %{buildroot}%{_libdir}/pkgconfig/librabbitmq.pc && exit 1
+make test
+
+%files
+%license LICENSE-MIT AUTHORS
+%doc THANKS TODO *.md
+%{_libdir}/%{name}.so.4*
+%{_bindir}/amqp-*
+
+%files devel
+%{_libdir}/%{name}.so
+%{_includedir}/amqp*
+%{_libdir}/pkgconfig/%{name}.pc
+
+%files help
+%doc %{_mandir}/man1/amqp-*.1*
+%doc %{_mandir}/man7/librabbitmq-tools.7*
+
+
+%changelog
+* Fri Jun 30 2023 yaoxin <yao_xin001@hoperun.com> - 0.9.0-7
+- Fix CVE-2023-35789
+
+* Sat Jan 7 2023 mengwenhua <mengwenhua@xfusion.com> - 0.9.0-6
+- OpenSSL should ignore missing config file
+
+* Fri Jan 6 2023 mengwenhua <mengwenhua@xfusion.com> - 0.9.0-5
+- Type:bugfix
+- CVE:NA
+- SUG:NA
+- DESC:Fix instructions for default build
+
+* Wed Sep 16 2020 zhanghua <zhanghua40@huawei.com> - 0.9.0-4
+- Fix CVE-2019-18609
+
+* Sat Dec 14 2019 openEuler Buildteam <buildteam@openeuler.org> - 0.9.0-3
+- Package init