From 8d6af64c0bb2a4e61c636b6b796821f1ceb24492 Mon Sep 17 00:00:00 2001
From: CentOS Sources <bugs@centos.org>
Date: Nov 03 2020 11:43:31 +0000
Subject: import librabbitmq-0.9.0-2.el8


---

diff --git a/SOURCES/rabbitmq-c-0.9.0-CVE-2019-18609.patch b/SOURCES/rabbitmq-c-0.9.0-CVE-2019-18609.patch
new file mode 100644
index 0000000..9524be8
--- /dev/null
+++ b/SOURCES/rabbitmq-c-0.9.0-CVE-2019-18609.patch
@@ -0,0 +1,28 @@
+diff -up rabbitmq-c-0.9.0/librabbitmq/amqp_connection.c.CVE-2019-18609 rabbitmq-c-0.9.0/librabbitmq/amqp_connection.c
+--- rabbitmq-c-0.9.0/librabbitmq/amqp_connection.c.CVE-2019-18609	2020-04-06 15:10:07.002386201 +0200
++++ rabbitmq-c-0.9.0/librabbitmq/amqp_connection.c	2020-04-06 15:17:03.624425371 +0200
+@@ -287,12 +287,21 @@ int amqp_handle_input(amqp_connection_st
+     case CONNECTION_STATE_HEADER: {
+       amqp_channel_t channel;
+       amqp_pool_t *channel_pool;
+-      /* frame length is 3 bytes in */
++      uint32_t frame_size;
++
+       channel = amqp_d16(amqp_offset(raw_frame, 1));
+ 
+-      state->target_size =
+-          amqp_d32(amqp_offset(raw_frame, 3)) + HEADER_SIZE + FOOTER_SIZE;
++      /* frame length is 3 bytes in */
++      frame_size = amqp_d32(amqp_offset(raw_frame, 3));
++      /* To prevent the target_size calculation below from overflowing, check
++       * that the stated frame_size is smaller than a signed 32-bit. Given
++       * the library only allows configuring frame_max as an int32_t, and
++       * frame_size is uint32_t, the math below is safe from overflow. */
++      if (frame_size >= INT32_MAX) {
++        return AMQP_STATUS_BAD_AMQP_DATA;
++      }
+ 
++      state->target_size = frame_size + HEADER_SIZE + FOOTER_SIZE;
+       if ((size_t)state->frame_max < state->target_size) {
+         return AMQP_STATUS_BAD_AMQP_DATA;
+       }
diff --git a/SPECS/librabbitmq.spec b/SPECS/librabbitmq.spec
index b509462..2d9749a 100644
--- a/SPECS/librabbitmq.spec
+++ b/SPECS/librabbitmq.spec
@@ -10,10 +10,11 @@
 Name:      librabbitmq
 Summary:   Client library for AMQP
 Version:   0.9.0
-Release:   1%{?dist}
+Release:   2%{?dist}
 License:   MIT
 URL:       https://github.com/alanxz/rabbitmq-c
 Source0:   https://github.com/alanxz/rabbitmq-c/archive/v%{version}.tar.gz
+Patch0:    rabbitmq-c-0.9.0-CVE-2019-18609.patch
 
 BuildRequires: gcc
 BuildRequires: cmake > 2.8
@@ -55,6 +56,7 @@ amqp-publish        Publish a message on an AMQP server
 
 %prep
 %setup -q -n rabbitmq-c-%{version}
+%patch0 -p1 -b .CVE-2019-18609
 
 # Copy sources to be included in -devel docs.
 cp -pr examples Examples
@@ -104,6 +106,9 @@ make test
 
 
 %changelog
+* Mon Apr 06 2020 Than Ngo <than@redhat.com> - 0.9.0-2
+- Resolves: #1809992, CVE-2019-18609
+
 * Thu Jun 28 2018 Than Ngo <than@redhat.com> - 0.9.0-1
 - update to 0.9.0