From f1694553a835ec6fa910eae5d084c975e58ceebe Mon Sep 17 00:00:00 2001
From: CentOS Sources <bugs@centos.org>
Date: May 20 2020 10:49:44 +0000
Subject: import librabbitmq-0.8.0-3.el7


---

diff --git a/SOURCES/rabbitmq-c-0.8.0-CVE-2019-18609.patch b/SOURCES/rabbitmq-c-0.8.0-CVE-2019-18609.patch
new file mode 100644
index 0000000..0ece908
--- /dev/null
+++ b/SOURCES/rabbitmq-c-0.8.0-CVE-2019-18609.patch
@@ -0,0 +1,28 @@
+diff -up rabbitmq-c-0.8.0/librabbitmq/amqp_connection.c.me rabbitmq-c-0.8.0/librabbitmq/amqp_connection.c
+--- rabbitmq-c-0.8.0/librabbitmq/amqp_connection.c.me	2020-03-04 14:23:48.842930475 +0100
++++ rabbitmq-c-0.8.0/librabbitmq/amqp_connection.c	2020-03-04 14:27:56.678381483 +0100
+@@ -296,11 +296,21 @@ int amqp_handle_input(amqp_connection_st
+   case CONNECTION_STATE_HEADER: {
+     amqp_channel_t channel;
+     amqp_pool_t *channel_pool;
+-    /* frame length is 3 bytes in */
++    uint32_t frame_size;
++
+     channel = amqp_d16(raw_frame, 1);
+ 
+-    state->target_size
+-      = amqp_d32(raw_frame, 3) + HEADER_SIZE + FOOTER_SIZE;
++    /* frame length is 3 bytes in */
++    frame_size = amqp_d32(raw_frame, 3);
++    /* To prevent the target_size calculation below from overflowing, check
++     * that the stated frame_size is smaller than a signed 32-bit. Given
++     * the library only allows configuring frame_max as an int32_t, and
++     * frame_size is uint32_t, the math below is safe from overflow. */
++    if (frame_size >= INT32_MAX) {
++      return AMQP_STATUS_BAD_AMQP_DATA;
++    }
++
++    state->target_size = frame_size + HEADER_SIZE + FOOTER_SIZE;
+ 
+     if ((size_t)state->frame_max < state->target_size) {
+       return AMQP_STATUS_BAD_AMQP_DATA;
diff --git a/SPECS/librabbitmq.spec b/SPECS/librabbitmq.spec
index 327f2fb..4100be1 100644
--- a/SPECS/librabbitmq.spec
+++ b/SPECS/librabbitmq.spec
@@ -1,11 +1,12 @@
 Name: librabbitmq
 Summary: C-language AMQP client library
 Version: 0.8.0
-Release: 2%{?dist}
+Release: 3%{?dist}
 License: MIT
 Group: System Environment/Libraries
 URL: https://github.com/alanxz/rabbitmq-c
 Source0: https://github.com/alanxz/rabbitmq-c/releases/download/v%{version}/rabbitmq-c-%{version}.tar.gz
+Patch0: rabbitmq-c-0.8.0-CVE-2019-18609.patch
 
 BuildRequires: cmake > 2.8
 BuildRequires: openssl-devel
@@ -36,6 +37,7 @@ This package contains examples built using librabbitmq.
 
 %prep
 %setup -q -n rabbitmq-c-%{version}
+%patch0 -p1 -b .CVE-2019-18609
 
 %build
 %cmake -DBUILD_EXAMPLES:BOOL=ON \
@@ -73,6 +75,9 @@ make test
 %doc %{_mandir}/man*/*
 
 %changelog
+* Wed Mar 04 2020 Than Ngo <than@redhat.com> - 0.8.0-3
+- Resolves: #1809991, CVE-2019-18609 - integer overflow
+
 * Mon Dec 04 2017 Than Ngo <than@redhat.com> - 0.8.0-2
 - Related: #1363736 - fix explicit package version requirement