rabbitmq-c: Fix CVE-2023-35789

An issue was discovered in the C AMQP client library (aka rabbitmq-c) through 0.13.0 for RabbitMQ. Credentials can only be entered on the command line (e.g., for amqp-publish or amqp-consume) and are thus visible to local attackers by listing a process and its arguments. Reference: https://nvd.nist.gov/vuln/detail/CVE-2023-35789 Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com> Signed-off-by: Armin Kuster <akuster@mvista.com>
author: Soumya Sambu <soumya.sambu@windriver.com> 2023-09-06 13:22:04 +0000
committer: Armin Kuster <akuster@mvista.com> 2023-09-23 13:06:57 -0400
commit: 6548426c43a43f5fefcd6b24320eef786309db9b (patch)
tree: 9d9527dba85cd329d269b7d7e951549574f13f43
parent: 43a4259f68b72228bd17b2b5bdf08cb2fa0e6edb (diff)
download: meta-openembedded-6548426c43a43f5fefcd6b24320eef786309db9b.tar.gz
2 files changed, 138 insertions, 1 deletions
diff --git a/meta-oe/recipes-connectivity/rabbitmq-c/files/CVE-2023-35789.patch b/meta-oe/recipes-connectivity/rabbitmq-c/files/CVE-2023-35789.patch
new file mode 100644
index 0000000000..93949fc21d
--- /dev/null
+++ b/meta-oe/recipes-connectivity/rabbitmq-c/files/CVE-2023-35789.patch
@@ -0,0 +1,135 @@
+From 463054383fbeef889b409a7f843df5365288e2a0 Mon Sep 17 00:00:00 2001
+From: Christian Kastner <ckk@kvr.at>
+Date: Tue, 13 Jun 2023 14:21:52 +0200
+Subject: [PATCH] Add option to read username/password from file (#781)
+* Add option to read username/password from file
+CVE: CVE-2023-35789
+Upstream-Status: Backport [https://github.com/alanxz/rabbitmq-c/commit/463054383fbeef889b409a7f843df5365288e2a0]
+Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
+---
+ tools/common.c | 66 ++++++++++++++++++++++++++++++++++++++++++++++++++
+ 1 file changed, 66 insertions(+)
+diff --git a/tools/common.c b/tools/common.c
+index 53ea788..35b2b9f 100644
+--- a/tools/common.c
+++ b/tools/common.c
+@@ -54,6 +54,11 @@
+ #include "compat.h"
+ #endif
+/* For when reading auth data from a file */
+#define MAXAUTHTOKENLEN 128
+#define USERNAMEPREFIX "username:"
+#define PASSWORDPREFIX "password:"
+
+ void die(const char *fmt, ...) {
+   va_list ap;
+   va_start(ap, fmt);
+@@ -161,6 +166,7 @@ static char *amqp_vhost;
+ static char *amqp_username;
+ static char *amqp_password;
+ static int amqp_heartbeat = 0;
+static char *amqp_authfile;
+ #ifdef WITH_SSL
+ static int amqp_ssl = 0;
+ static char *amqp_cacert = "/etc/ssl/certs/cacert.pem";
+@@ -183,6 +189,8 @@ struct poptOption connect_options[] = {
+      "the password to login with", "password"},
+     {"heartbeat", 0, POPT_ARG_INT, &amqp_heartbeat, 0,
+      "heartbeat interval, set to 0 to disable", "heartbeat"},
+    {"authfile", 0, POPT_ARG_STRING, &amqp_authfile, 0,
+     "path to file containing username/password for authentication", "file"},
+ #ifdef WITH_SSL
+     {"ssl", 0, POPT_ARG_NONE, &amqp_ssl, 0, "connect over SSL/TLS", NULL},
+     {"cacert", 0, POPT_ARG_STRING, &amqp_cacert, 0,
+@@ -194,6 +202,50 @@ struct poptOption connect_options[] = {
+ #endif /* WITH_SSL */
+     {NULL, '\0', 0, NULL, 0, NULL, NULL}};
+void read_authfile(const char *path) {
+  size_t n;
+  FILE *fp = NULL;
+  char token[MAXAUTHTOKENLEN];
+
+  if ((amqp_username = malloc(MAXAUTHTOKENLEN)) == NULL ||
+      (amqp_password = malloc(MAXAUTHTOKENLEN)) == NULL) {
+    die("Out of memory");
+  } else if ((fp = fopen(path, "r")) == NULL) {
+    die("Could not read auth data file %s", path);
+  }
+
+  if (fgets(token, MAXAUTHTOKENLEN, fp) == NULL ||
+      strncmp(token, USERNAMEPREFIX, strlen(USERNAMEPREFIX))) {
+    die("Malformed auth file (missing username)");
+  }
+  strncpy(amqp_username, &token[strlen(USERNAMEPREFIX)], MAXAUTHTOKENLEN);
+  /* Missing newline means token was cut off */
+  n = strlen(amqp_username);
+  if (amqp_username[n - 1] != '\n') {
+    die("Username too long");
+  } else {
+    amqp_username[n - 1] = '\0';
+  }
+
+  if (fgets(token, MAXAUTHTOKENLEN, fp) == NULL ||
+      strncmp(token, PASSWORDPREFIX, strlen(PASSWORDPREFIX))) {
+    die("Malformed auth file (missing password)");
+  }
+  strncpy(amqp_password, &token[strlen(PASSWORDPREFIX)], MAXAUTHTOKENLEN);
+  /* Missing newline means token was cut off */
+  n = strlen(amqp_password);
+  if (amqp_password[n - 1] != '\n') {
+    die("Password too long");
+  } else {
+    amqp_password[n - 1] = '\0';
+  }
+
+  (void)fgetc(fp);
+  if (!feof(fp)) {
+    die("Malformed auth file (trailing data)");
+  }
+}
+
+ static void init_connection_info(struct amqp_connection_info *ci) {
+   ci->user = NULL;
+   ci->password = NULL;
+@@ -269,6 +321,8 @@ static void init_connection_info(struct amqp_connection_info *ci) {
+   if (amqp_username) {
+     if (amqp_url) {
+       die("--username and --url options cannot be used at the same time");
+    } else if (amqp_authfile) {
+      die("--username and --authfile options cannot be used at the same time");
+     }
+     ci->user = amqp_username;
+@@ -277,11 +331,23 @@ static void init_connection_info(struct amqp_connection_info *ci) {
+   if (amqp_password) {
+     if (amqp_url) {
+       die("--password and --url options cannot be used at the same time");
+    } else if (amqp_authfile) {
+      die("--password and --authfile options cannot be used at the same time");
+     }
+     ci->password = amqp_password;
+   }
+  if (amqp_authfile) {
+    if (amqp_url) {
+      die("--authfile and --url options cannot be used at the same time");
+    }
+
+    read_authfile(amqp_authfile);
+    ci->user = amqp_username;
+    ci->password = amqp_password;
+  }
+
+   if (amqp_vhost) {
+     if (amqp_url) {
+       die("--vhost and --url options cannot be used at the same time");
+--
+2.40.0
diff --git a/meta-oe/recipes-connectivity/rabbitmq-c/rabbitmq-c_0.11.0.bb b/meta-oe/recipes-connectivity/rabbitmq-c/rabbitmq-c_0.11.0.bb
index 304171c88c..1cc4ada3b5 100644
--- a/meta-oe/recipes-connectivity/rabbitmq-c/rabbitmq-c_0.11.0.bb
+++ b/meta-oe/recipes-connectivity/rabbitmq-c/rabbitmq-c_0.11.0.bb
@@ -3,7 +3,9 @@ HOMEPAGE = "https://github.com/alanxz/rabbitmq-c"
 LIC_FILES_CHKSUM = "file://LICENSE-MIT;md5=6b7424f9db80cfb11fdd5c980b583f53"
 LICENSE = "MIT"
-SRC_URI = "git://github.com/alanxz/rabbitmq-c.git;branch=master;protocol=https"
+SRC_URI = "git://github.com/alanxz/rabbitmq-c.git;branch=master;protocol=https \
+           file://CVE-2023-35789.patch \
+          "
 # v0.11.0-master
 SRCREV = "a64c08c68aff34d49a2ac152f04988cd921084f9"
author	Soumya Sambu <soumya.sambu@windriver.com>	2023-09-06 13:22:04 +0000
committer	Armin Kuster <akuster@mvista.com>	2023-09-23 13:06:57 -0400
commit	6548426c43a43f5fefcd6b24320eef786309db9b (patch)
tree	9d9527dba85cd329d269b7d7e951549574f13f43
parent	43a4259f68b72228bd17b2b5bdf08cb2fa0e6edb (diff)
download	meta-openembedded-6548426c43a43f5fefcd6b24320eef786309db9b.tar.gz

diff --git a/meta-oe/recipes-connectivity/rabbitmq-c/files/CVE-2023-35789.patch b/meta-oe/recipes-connectivity/rabbitmq-c/files/CVE-2023-35789.patch new file mode 100644 index 0000000000..93949fc21d --- /dev/null +++ b/meta-oe/recipes-connectivity/rabbitmq-c/files/CVE-2023-35789.patch
@@ -0,0 +1,135 @@
		1	From 463054383fbeef889b409a7f843df5365288e2a0 Mon Sep 17 00:00:00 2001
		2	From: Christian Kastner <ckk@kvr.at>
		3	Date: Tue, 13 Jun 2023 14:21:52 +0200
		4	Subject: [PATCH] Add option to read username/password from file (#781)
		5
		6	* Add option to read username/password from file
		7
		8	CVE: CVE-2023-35789
		9
		10	Upstream-Status: Backport [https://github.com/alanxz/rabbitmq-c/commit/463054383fbeef889b409a7f843df5365288e2a0]
		11
		12	Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
		13	---
		14	tools/common.c \| 66 ++++++++++++++++++++++++++++++++++++++++++++++++++
		15	1 file changed, 66 insertions(+)
		16
		17	diff --git a/tools/common.c b/tools/common.c
		18	index 53ea788..35b2b9f 100644
		19	--- a/tools/common.c
		20	+++ b/tools/common.c
		21	@@ -54,6 +54,11 @@
		22	#include "compat.h"
		23	#endif
		24
		25	+/* For when reading auth data from a file */
		26	+#define MAXAUTHTOKENLEN 128
		27	+#define USERNAMEPREFIX "username:"
		28	+#define PASSWORDPREFIX "password:"
		29	+
		30	void die(const char *fmt, ...) {
		31	va_list ap;
		32	va_start(ap, fmt);
		33	@@ -161,6 +166,7 @@ static char *amqp_vhost;
		34	static char *amqp_username;
		35	static char *amqp_password;
		36	static int amqp_heartbeat = 0;
		37	+static char *amqp_authfile;
		38	#ifdef WITH_SSL
		39	static int amqp_ssl = 0;
		40	static char *amqp_cacert = "/etc/ssl/certs/cacert.pem";
		41	@@ -183,6 +189,8 @@ struct poptOption connect_options[] = {
		42	"the password to login with", "password"},
		43	{"heartbeat", 0, POPT_ARG_INT, &amqp_heartbeat, 0,
		44	"heartbeat interval, set to 0 to disable", "heartbeat"},
		45	+ {"authfile", 0, POPT_ARG_STRING, &amqp_authfile, 0,
		46	+ "path to file containing username/password for authentication", "file"},
		47	#ifdef WITH_SSL
		48	{"ssl", 0, POPT_ARG_NONE, &amqp_ssl, 0, "connect over SSL/TLS", NULL},
		49	{"cacert", 0, POPT_ARG_STRING, &amqp_cacert, 0,
		50	@@ -194,6 +202,50 @@ struct poptOption connect_options[] = {
		51	#endif /* WITH_SSL */
		52	{NULL, '\0', 0, NULL, 0, NULL, NULL}};
		53
		54	+void read_authfile(const char *path) {
		55	+ size_t n;
		56	+ FILE *fp = NULL;
		57	+ char token[MAXAUTHTOKENLEN];
		58	+
		59	+ if ((amqp_username = malloc(MAXAUTHTOKENLEN)) == NULL \|\|
		60	+ (amqp_password = malloc(MAXAUTHTOKENLEN)) == NULL) {
		61	+ die("Out of memory");
		62	+ } else if ((fp = fopen(path, "r")) == NULL) {
		63	+ die("Could not read auth data file %s", path);
		64	+ }
		65	+
		66	+ if (fgets(token, MAXAUTHTOKENLEN, fp) == NULL \|\|
		67	+ strncmp(token, USERNAMEPREFIX, strlen(USERNAMEPREFIX))) {
		68	+ die("Malformed auth file (missing username)");
		69	+ }
		70	+ strncpy(amqp_username, &token[strlen(USERNAMEPREFIX)], MAXAUTHTOKENLEN);
		71	+ /* Missing newline means token was cut off */
		72	+ n = strlen(amqp_username);
		73	+ if (amqp_username[n - 1] != '\n') {
		74	+ die("Username too long");
		75	+ } else {
		76	+ amqp_username[n - 1] = '\0';
		77	+ }
		78	+
		79	+ if (fgets(token, MAXAUTHTOKENLEN, fp) == NULL \|\|
		80	+ strncmp(token, PASSWORDPREFIX, strlen(PASSWORDPREFIX))) {
		81	+ die("Malformed auth file (missing password)");
		82	+ }
		83	+ strncpy(amqp_password, &token[strlen(PASSWORDPREFIX)], MAXAUTHTOKENLEN);
		84	+ /* Missing newline means token was cut off */
		85	+ n = strlen(amqp_password);
		86	+ if (amqp_password[n - 1] != '\n') {
		87	+ die("Password too long");
		88	+ } else {
		89	+ amqp_password[n - 1] = '\0';
		90	+ }
		91	+
		92	+ (void)fgetc(fp);
		93	+ if (!feof(fp)) {
		94	+ die("Malformed auth file (trailing data)");
		95	+ }
		96	+}
		97	+
		98	static void init_connection_info(struct amqp_connection_info *ci) {
		99	ci->user = NULL;
		100	ci->password = NULL;
		101	@@ -269,6 +321,8 @@ static void init_connection_info(struct amqp_connection_info *ci) {
		102	if (amqp_username) {
		103	if (amqp_url) {
		104	die("--username and --url options cannot be used at the same time");
		105	+ } else if (amqp_authfile) {
		106	+ die("--username and --authfile options cannot be used at the same time");
		107	}
		108
		109	ci->user = amqp_username;
		110	@@ -277,11 +331,23 @@ static void init_connection_info(struct amqp_connection_info *ci) {
		111	if (amqp_password) {
		112	if (amqp_url) {
		113	die("--password and --url options cannot be used at the same time");
		114	+ } else if (amqp_authfile) {
		115	+ die("--password and --authfile options cannot be used at the same time");
		116	}
		117
		118	ci->password = amqp_password;
		119	}
		120
		121	+ if (amqp_authfile) {
		122	+ if (amqp_url) {
		123	+ die("--authfile and --url options cannot be used at the same time");
		124	+ }
		125	+
		126	+ read_authfile(amqp_authfile);
		127	+ ci->user = amqp_username;
		128	+ ci->password = amqp_password;
		129	+ }
		130	+
		131	if (amqp_vhost) {
		132	if (amqp_url) {
		133	die("--vhost and --url options cannot be used at the same time");
		134	--
		135	2.40.0


diff --git a/meta-oe/recipes-connectivity/rabbitmq-c/rabbitmq-c_0.11.0.bb b/meta-oe/recipes-connectivity/rabbitmq-c/rabbitmq-c_0.11.0.bb index 304171c88c..1cc4ada3b5 100644 --- a/meta-oe/recipes-connectivity/rabbitmq-c/rabbitmq-c_0.11.0.bb +++ b/meta-oe/recipes-connectivity/rabbitmq-c/rabbitmq-c_0.11.0.bb
@@ -3,7 +3,9 @@ HOMEPAGE = "https://github.com/alanxz/rabbitmq-c"
3	LIC_FILES_CHKSUM = "file://LICENSE-MIT;md5=6b7424f9db80cfb11fdd5c980b583f53"	3	LIC_FILES_CHKSUM = "file://LICENSE-MIT;md5=6b7424f9db80cfb11fdd5c980b583f53"
4	LICENSE = "MIT"	4	LICENSE = "MIT"
5		5
6	SRC_URI = "git://github.com/alanxz/rabbitmq-c.git;branch=master;protocol=https"	6	SRC_URI = "git://github.com/alanxz/rabbitmq-c.git;branch=master;protocol=https \
		7	file://CVE-2023-35789.patch \
		8	"
7	# v0.11.0-master	9	# v0.11.0-master
8	SRCREV = "a64c08c68aff34d49a2ac152f04988cd921084f9"	10	SRCREV = "a64c08c68aff34d49a2ac152f04988cd921084f9"
9		11