PR#18: Backported CVE-2022-21716 fix from upstream - rpms/python-twisted

rpms / python-twisted

#18 Backported CVE-2022-21716 fix from upstream

Opened 4 months ago by dherrera. Modified 4 months ago

rpms/ dherrera/python-twisted epel8 into epel8

Backported CVE-2022-21716 fix from upstream

Diego Herrera • 4 months ago

28be644

0002-CVE-2022-21716.patch

file added

+51

		`@@ -0,0 +1,51 @@`
		`+ diff --git a/src/twisted/conch/ssh/transport.py b/src/twisted/conch/ssh/transport.py`
		`+ index bd76b0a..a477d27 100644`
		`+ --- a/src/twisted/conch/ssh/transport.py`
		`+ +++ b/src/twisted/conch/ssh/transport.py`
		`+ @@ -677,6 +677,14 @@ class SSHTransportBase(protocol.Protocol):`
		`+ """`
		`+ self.buf = self.buf + data`
		`+ if not self.gotVersion:`
		`+ + if len(self.buf) > 4096:`
		`+ + self.sendDisconnect(`
		`+ + DISCONNECT_CONNECTION_LOST,`
		`+ + b"Peer version string longer than 4KB. "`
		`+ + b"Preventing a denial of service attack.",`
		`+ + )`
		`+ + return`
		`+ +`
		`+ if self.buf.find(b'\n', self.buf.find(b'SSH-')) == -1:`
		`+ return`
		`+`
		`+ diff --git a/src/twisted/conch/test/test_transport.py b/src/twisted/conch/test/test_transport.py`
		`+ index 98a3515..449dd3f 100644`
		`+ --- a/src/twisted/conch/test/test_transport.py`
		`+ +++ b/src/twisted/conch/test/test_transport.py`
		`+ @@ -522,6 +522,27 @@ class BaseSSHTransportTests(BaseSSHTransportBaseCase, TransportTestCase):`
		`+ r')*$')`
		`+ self.assertRegex(softwareVersion, softwareVersionRegex)`
		`+`
		`+ + def test_dataReceiveVersionNotSentMemoryDOS(self):`
		`+ + """`
		`+ + When the peer is not sending its SSH version but keeps sending data,`
		`+ + the connection is disconnected after 4KB to prevent buffering too`
		`+ + much and running our of memory.`
		`+ + """`
		`+ + sut = MockTransportBase()`
		`+ + sut.makeConnection(self.transport)`
		`+ +`
		`+ + # Data can be received over multiple chunks.`
		`+ + sut.dataReceived(b"SSH-2-Server-Identifier")`
		`+ + sut.dataReceived(b"1234567890" * 406)`
		`+ + sut.dataReceived(b"1235678")`
		`+ + self.assertFalse(self.transport.disconnecting)`
		`+ +`
		`+ + # Here we are going over the limit.`
		`+ + sut.dataReceived(b"1234567")`
		`+ + # Once a lot of data is received without an SSH version string,`
		`+ + # the transport is disconnected.`
		`+ + self.assertTrue(self.transport.disconnecting)`
		`+ + self.assertIn(b"Preventing a denial of service attack", self.transport.value())`
		`+`
		`+ def test_sendPacketPlain(self):`
		`+ """`

python-twisted.spec

file modified

+7 -1

		`@@ -7,7 +7,7 @@`

		`Name: python-%{pypi_name}`
		`Version: 19.10.0`
		`- Release: 2%{?dist}`
		`+ Release: 3%{?dist}`
		`Summary: Twisted is a networking engine written in Python`

		`License: MIT`
		`@@ -20,6 +20,9 @@`
		`# CVE-2020-10109`
		`Patch2: https://github.com/twisted/twisted/commit/d2f6dd9b3766509f40c980aac67ca8475da67c6f.patch#/0001-Refactor-to-reduce-duplication.patch`
		`Patch3: https://github.com/twisted/twisted/commit/4a7d22e490bb8ff836892cc99a1f54b85ccb0281.patch#/0001-Fix-several-request-smuggling-attacks.patch`
		`+ # Backported CVE-2022-21716 fix`
		`+ # https://github.com/twisted/twisted/commit/98387b39e9f0b21462f6abc7a1325dc370fcdeb1.patch`
		`+ Patch4: 0002-CVE-2022-21716.patch`

		`%description`
		`%{common_description}`
		`@@ -134,6 +137,9 @@`


		`%changelog`
		`+ * Mon Nov 28 17:45:05 CLT 2022 Diego Herrera <dherrera@redhat.com> - 19.10.0-3`
		`+ - Backported CVE-2022-21716 fix from upstream`
		`+`
		`* Tue Mar 17 16:31:05 CET 2020 Robert-André Mauchin <zebob.m@gmail.com> - 19.10.0-2`
		`- Security fix for CVE-2020-10108 (#1813439, #1813442)`
		`- Security fix for CVE-2020-10109 (#1813447, #1813450)`

dherrera commented 4 months ago

This PR back ports the following patch from version 22.10 to version 19.10
https://github.com/twisted/twisted/commit/98387b39e9f0b21462f6abc7a1325dc370fcdeb1

This fixes RHBZ#2060973 on EPEL8 without the need to do an incompatible upgrade.

Metadata

Assignee

None

Tags

No Tags

Changes Summary 2

+51

file added