Add patch to fix CVE-2023-51714.

2024-01-13 14:53:21 +01:00 · 2024-01-13 14:53:21 +01:00 · 532d4c36fb
commit 532d4c36fb
parent 8c55320705
3 changed files with 23 additions and 0 deletions
--- a/debian/changelog
+++ b/debian/changelog
@ -1,5 +1,8 @@
 qt6-base (6.4.2+dfsg-21) UNRELEASED; urgency=medium

+  [ Patrick Franz ]
+  * Add patch to fix CVE-2023-51714.
+
 -- Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>  Sat, 13 Jan 2024 14:49:42 +0100

 qt6-base (6.4.2+dfsg-20) unstable; urgency=medium
--- a/debian/patches/cve-2023-51714.diff
+++ b/debian/patches/cve-2023-51714.diff
@ -0,0 +1,17 @@
+diff --git a/src/network/access/http2/hpacktable.cpp b/src/network/access/http2/hpacktable.cpp
+index 0b69ee86a9..f20ec92d4c 100644
+--- a/src/network/access/http2/hpacktable.cpp
+++ b/src/network/access/http2/hpacktable.cpp
+@@ -26,8 +26,10 @@ HeaderSize entry_size(QByteArrayView name, QByteArrayView value)
+     // for counting the number of references to the name and value would have
+     // 32 octets of overhead."
+
+-    const unsigned sum = unsigned(name.size() + value.size());
+-    if (std::numeric_limits<unsigned>::max() - 32 < sum)
+    size_t sum;
+    if (qAddOverflow(size_t(name.size()), size_t(value.size()), &sum))
+        return HeaderSize();
+    if (sum > (std::numeric_limits<unsigned>::max() - 32))
+         return HeaderSize();
+     return HeaderSize(true, quint32(sum + 32));
+ }
--- a/debian/patches/series
+++ b/debian/patches/series
@ -1,3 +1,6 @@
+# fixed in 6.6.2
+cve-2023-51714.diff
+
 # fixed in 6.5.4, 6.6.1
 libxkbcommon_1.6.0.diff
 cve-2023-37369.diff