[AUTO-CHERRYPICK] Patch ceph for CVE-2025-1744 [CRITICAL] - branch 3.0-dev (#12926)

CBL-Mariner-Bot · KavyaSree2610 · web-flow · commit 1e721f7e3849 · 2025-03-19T15:36:17.000-04:00
Co-authored-by: KavyaSree2610 &lt;92566732+KavyaSree2610@users.noreply.github.com&gt;
diff --git a/SPECS/ceph/CVE-2025-1744.patch b/SPECS/ceph/CVE-2025-1744.patch
@@ -0,0 +1,46 @@
+From b72bc56777fc7b4f63aabbf23217d082846397b7 Mon Sep 17 00:00:00 2001
+From: kavyasree <kkaitepalli@microsoft.com>
+Date: Tue, 11 Mar 2025 12:26:11 +0530
+Subject: [PATCH] Patch for CVE-2025-1744
+
+Reference: https://github.com/madler/zlib/commit/1eb7682f845ac9e9bf9ae35bbfb3bad5dacbd91d
+---
+ src/boost/libs/beast/test/extern/zlib-1.2.11/inflate.c       | 5 +++--
+ .../tools/boost_install/test/iostreams/zlib-1.2.11/inflate.c | 5 +++--
+ 2 files changed, 6 insertions(+), 4 deletions(-)
+
+diff --git a/src/boost/libs/beast/test/extern/zlib-1.2.11/inflate.c b/src/boost/libs/beast/test/extern/zlib-1.2.11/inflate.c
+index ac333e8c2..a32c9bdba 100644
+--- a/src/boost/libs/beast/test/extern/zlib-1.2.11/inflate.c
++++ b/src/boost/libs/beast/test/extern/zlib-1.2.11/inflate.c
+@@ -759,8 +759,9 @@ int flush;
+                 if (copy > have) copy = have;
+                 if (copy) {
+                     if (state->head != Z_NULL &&
+-                        state->head->extra != Z_NULL) {
+-                        len = state->head->extra_len - state->length;
++                        state->head->extra != Z_NULL && 
++                        (len = state->head->extra_len - state->length) <
++				state->head->extra_max) {
+                         zmemcpy(state->head->extra + len, next,
+                                 len + copy > state->head->extra_max ?
+                                 state->head->extra_max - len : copy);
+diff --git a/src/boost/tools/boost_install/test/iostreams/zlib-1.2.11/inflate.c b/src/boost/tools/boost_install/test/iostreams/zlib-1.2.11/inflate.c
+index ac333e8c2..91b2e6445 100644
+--- a/src/boost/tools/boost_install/test/iostreams/zlib-1.2.11/inflate.c
++++ b/src/boost/tools/boost_install/test/iostreams/zlib-1.2.11/inflate.c
+@@ -759,8 +759,9 @@ int flush;
+                 if (copy > have) copy = have;
+                 if (copy) {
+                     if (state->head != Z_NULL &&
+-                        state->head->extra != Z_NULL) {
+-                        len = state->head->extra_len - state->length;
++                        state->head->extra != Z_NULL &&
++                        (len = state->head->extra_len - state->length) <
++				state->head->extra_max) {
+                         zmemcpy(state->head->extra + len, next,
+                                 len + copy > state->head->extra_max ?
+                                 state->head->extra_max - len : copy);
+-- 
+2.34.1
+
diff --git a/SPECS/ceph/ceph.spec b/SPECS/ceph/ceph.spec
@@ -5,7 +5,7 @@
 Summary:        User space components of the Ceph file system
 Name:           ceph
 Version:        18.2.2
-Release:        5%{?dist}
+Release:        6%{?dist}
 License:        LGPLv2 and LGPLv3 and CC-BY-SA and GPLv2 and Boost and BSD and MIT and Public Domain and GPLv3 and ASL-2.0
 URL:            https://ceph.io/
 Vendor:         Microsoft Corporation
@@ -25,6 +25,7 @@ Patch10:        CVE-2020-10722.patch
 Patch11:        CVE-2024-25629.patch
 Patch12:        CVE-2021-24032.patch
 Patch13:        CVE-2020-10724.patch
+Patch14:	CVE-2025-1744.patch
 #
 # Copyright (C) 2004-2019 The Ceph Project Developers. See COPYING file
 # at the top-level directory of this distribution and at
@@ -2013,6 +2014,9 @@ exit 0
 %config %{_sysconfdir}/prometheus/ceph/ceph_default_alerts.yml
 
 %changelog
+* Tue 11 Mar 2025 Kavya Sree Kaitepalli <kkaitepalli@microsoft.com> - 18.2.2-6
+- Patch CVE-2025-1744
+
 * Wed Feb 05 2025 Kevin Lockwood <v-klockwood@microsoft.com> - 18.2.2-5
 - Fix for CVE-2012-2677
 - Fix for CVE-2020-10723
