[AUTO-CHERRYPICK] fluent-bit: CVE-2023-48105 - branch main (#6991)

Co-authored-by: Chris Gunn <chrisgun@microsoft.com>
2023-12-12 15:14:09 -08:00 · 2023-12-12 15:14:09 -08:00 · 1d36cf47db
--- a/SPECS/fluent-bit/CVE-2023-48105.patch
+++ b/SPECS/fluent-bit/CVE-2023-48105.patch
@ -0,0 +1,128 @@
+From f2d00052a7e1a409c9ebf27e7aa276f9a700e62c Mon Sep 17 00:00:00 2001
+From: Chris Gunn <chrisgun@microsoft.com>
+Date: Tue, 5 Dec 2023 16:04:12 -0800
+Subject: [PATCH] Patch CVE-2023-48105 in vendored wasm-micro-runtime.
+
+Backport of the following commits from wasm-micro-runtime upstream:
+7f8292ffd12b0881ce7b9797a9075da09c849cae
+---
+ .../core/iwasm/aot/aot_runtime.c                            | 6 ++++++
+ .../core/iwasm/interpreter/wasm_loader.c                    | 5 ++++-
+ .../core/iwasm/interpreter/wasm_runtime.c                   | 6 ++++++
+ .../product-mini/platforms/posix/main.c                     | 3 +++
+ .../product-mini/platforms/windows/main.c                   | 3 +++
+ 5 files changed, 22 insertions(+), 1 deletion(-)
+
+diff --git a/lib/wasm-micro-runtime-WAMR-1.2.2/core/iwasm/aot/aot_runtime.c b/lib/wasm-micro-runtime-WAMR-1.2.2/core/iwasm/aot/aot_runtime.c
+index b5c406b96..94af2775d 100644
+--- a/lib/wasm-micro-runtime-WAMR-1.2.2/core/iwasm/aot/aot_runtime.c
+++ b/lib/wasm-micro-runtime-WAMR-1.2.2/core/iwasm/aot/aot_runtime.c
+@@ -495,6 +495,12 @@ memory_instantiate(AOTModuleInstance *module_inst, AOTModule *module,
+         if (max_page_count > DEFAULT_MAX_PAGES)
+             max_page_count = DEFAULT_MAX_PAGES;
+     }
+    else { /* heap_size == 0 */
+        if (init_page_count == DEFAULT_MAX_PAGES) {
+            num_bytes_per_page = UINT32_MAX;
+            init_page_count = max_page_count = 1;
+        }
+    }
+ 
+     LOG_VERBOSE("Memory instantiate:");
+     LOG_VERBOSE("  page bytes: %u, init pages: %u, max pages: %u",
+diff --git a/lib/wasm-micro-runtime-WAMR-1.2.2/core/iwasm/interpreter/wasm_loader.c b/lib/wasm-micro-runtime-WAMR-1.2.2/core/iwasm/interpreter/wasm_loader.c
+index a3c4f4224..961b297fc 100644
+--- a/lib/wasm-micro-runtime-WAMR-1.2.2/core/iwasm/interpreter/wasm_loader.c
+++ b/lib/wasm-micro-runtime-WAMR-1.2.2/core/iwasm/interpreter/wasm_loader.c
+@@ -173,7 +173,6 @@ fail:
+ 
+ #define read_uint8(p) TEMPLATE_READ_VALUE(uint8, p)
+ #define read_uint32(p) TEMPLATE_READ_VALUE(uint32, p)
+-#define read_bool(p) TEMPLATE_READ_VALUE(bool, p)
+ 
+ #define read_leb_int64(p, p_end, res)                                   \
+     do {                                                                \
+@@ -490,6 +489,7 @@ load_init_expr(const uint8 **p_buf, const uint8 *buf_end,
+             if (type != VALUE_TYPE_V128)
+                 goto fail_type_mismatch;
+ 
+            CHECK_BUF(p, p_end, 1);
+             flag = read_uint8(p);
+             (void)flag;
+ 
+@@ -7301,6 +7301,7 @@ re_scan:
+                 BlockType block_type;
+ 
+                 p_org = p - 1;
+                CHECK_BUF(p, p_end, 1);
+                 value_type = read_uint8(p);
+                 if (is_byte_a_type(value_type)) {
+                     /* If the first byte is one of these special values:
+@@ -9254,6 +9255,7 @@ re_scan:
+ #if (WASM_ENABLE_WAMR_COMPILER != 0) || (WASM_ENABLE_JIT != 0)
+             case WASM_OP_SIMD_PREFIX:
+             {
+                CHECK_BUF(p, p_end, 1);
+                 opcode = read_uint8(p);
+                 /* follow the order of enum WASMSimdEXTOpcode in wasm_opcode.h
+                  */
+@@ -9912,6 +9914,7 @@ re_scan:
+ #if WASM_ENABLE_SHARED_MEMORY != 0
+             case WASM_OP_ATOMIC_PREFIX:
+             {
+                CHECK_BUF(p, p_end, 1);
+                 opcode = read_uint8(p);
+ #if WASM_ENABLE_FAST_INTERP != 0
+                 emit_byte(loader_ctx, opcode);
+diff --git a/lib/wasm-micro-runtime-WAMR-1.2.2/core/iwasm/interpreter/wasm_runtime.c b/lib/wasm-micro-runtime-WAMR-1.2.2/core/iwasm/interpreter/wasm_runtime.c
+index 29365024d..1803d574e 100644
+--- a/lib/wasm-micro-runtime-WAMR-1.2.2/core/iwasm/interpreter/wasm_runtime.c
+++ b/lib/wasm-micro-runtime-WAMR-1.2.2/core/iwasm/interpreter/wasm_runtime.c
+@@ -284,6 +284,12 @@ memory_instantiate(WASMModuleInstance *module_inst, WASMMemoryInstance *memory,
+         if (max_page_count > DEFAULT_MAX_PAGES)
+             max_page_count = DEFAULT_MAX_PAGES;
+     }
+    else { /* heap_size == 0 */
+        if (init_page_count == DEFAULT_MAX_PAGES) {
+            num_bytes_per_page = UINT32_MAX;
+            init_page_count = max_page_count = 1;
+        }
+    }
+ 
+     LOG_VERBOSE("Memory instantiate:");
+     LOG_VERBOSE("  page bytes: %u, init pages: %u, max pages: %u",
+diff --git a/lib/wasm-micro-runtime-WAMR-1.2.2/product-mini/platforms/posix/main.c b/lib/wasm-micro-runtime-WAMR-1.2.2/product-mini/platforms/posix/main.c
+index 2e96ccddd..b3a68785c 100644
+--- a/lib/wasm-micro-runtime-WAMR-1.2.2/product-mini/platforms/posix/main.c
+++ b/lib/wasm-micro-runtime-WAMR-1.2.2/product-mini/platforms/posix/main.c
+@@ -186,8 +186,11 @@ app_instance_repl(wasm_module_inst_t module_inst)
+             break;
+         }
+         if (app_argc != 0) {
+            const char *exception;
+             wasm_application_execute_func(module_inst, app_argv[0],
+                                           app_argc - 1, app_argv + 1);
+            if ((exception = wasm_runtime_get_exception(module_inst)))
+                printf("%s\n", exception);
+         }
+         free(app_argv);
+     }
+diff --git a/lib/wasm-micro-runtime-WAMR-1.2.2/product-mini/platforms/windows/main.c b/lib/wasm-micro-runtime-WAMR-1.2.2/product-mini/platforms/windows/main.c
+index 26fa7dcc9..88e081197 100644
+--- a/lib/wasm-micro-runtime-WAMR-1.2.2/product-mini/platforms/windows/main.c
+++ b/lib/wasm-micro-runtime-WAMR-1.2.2/product-mini/platforms/windows/main.c
+@@ -162,8 +162,11 @@ app_instance_repl(wasm_module_inst_t module_inst)
+             break;
+         }
+         if (app_argc != 0) {
+            const char *exception;
+             wasm_application_execute_func(module_inst, app_argv[0],
+                                           app_argc - 1, app_argv + 1);
+            if ((exception = wasm_runtime_get_exception(module_inst)))
+                printf("%s\n", exception);
+         }
+         free(app_argv);
+     }
+-- 
+2.43.0
+
--- a/SPECS/fluent-bit/fluent-bit.spec
+++ b/SPECS/fluent-bit/fluent-bit.spec
@ -1,12 +1,13 @@
 Summary:        Fast and Lightweight Log processor and forwarder for Linux, BSD and OSX
 Name:           fluent-bit
 Version:        2.1.10
-Release:        1%{?dist}
+Release:        2%{?dist}
 License:        Apache-2.0
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
 URL:            https://fluentbit.io
 Source0:        https://github.com/fluent/%{name}/archive/refs/tags/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
+Patch0:         CVE-2023-48105.patch
 BuildRequires:  bison
 BuildRequires:  cmake
 BuildRequires:  cyrus-sasl-devel
@ -49,8 +50,10 @@ Development files for %{name}
    -DFLB_OUT_TD=Off \
    -DFLB_OUT_ES=Off \
    -DFLB_SHARED_LIB=On \
+%if %{with_check}
    -DFLB_TESTS_RUNTIME=On \
-    -DFLB_TESTS_INTERNAL=Off \
+    -DFLB_TESTS_INTERNAL=On \
+%endif
    -DFLB_RELEASE=On \
    -DFLB_DEBUG=Off \
    -DFLB_TLS=On \
@ -62,6 +65,9 @@ Development files for %{name}
 %install
 %cmake_install

+%check
+%ctest --exclude-regex "flb-rt-in_podman_metrics|flb-rt-filter_lua|.*\\.sh"
+
 %files
 %license LICENSE
 %doc README.md
@ -75,6 +81,9 @@ Development files for %{name}
 %{_libdir}/fluent-bit/*.so

 %changelog
+* Wed Dec 06 2023 Chris Gunn <chrisgun@Microsoft.com> - 2.1.10-2
+- CVE-2023-48105
+
 * Tue Oct 31 2023 CBL-Mariner Servicing Account <cblmargh@microsoft.com> - 2.1.10-1
 - Auto-upgrade to 2.1.10 - upgrade to latest