Fix CVE-2025-46728

(cherry picked from commit 5b70273b2a63cb68bc608e76e2f20b9d40d05de0)
2025-05-07 21:46:04 +08:00 · 2025-05-07 21:46:04 +08:00 · 20ee62ba18
commit 20ee62ba18
parent 4226caefd4
2 changed files with 112 additions and 1 deletions
--- a/CVE-2025-46728.patch
+++ b/CVE-2025-46728.patch
@ -0,0 +1,107 @@
+From 7b752106ac42bd5b907793950d9125a0972c8e8e Mon Sep 17 00:00:00 2001
+From: Ville Vesilehto <ville@vesilehto.fi>
+Date: Sat, 3 May 2025 11:39:01 +0300
+Subject: [PATCH] Merge commit from fork
+
+* fix(parser): Limit line length in getline
+
+Prevents potential infinite loop and memory exhaustion in
+stream_line_reader::getline by enforcing max line length.
+
+Signed-off-by: Ville Vesilehto <ville@vesilehto.fi>
+
+* fix: increase default max line length to 32k
+
+LONG_QUERY_VALUE test is set at 25k.
+
+Signed-off-by: Ville Vesilehto <ville@vesilehto.fi>
+
+* test(client): expect read error with too long query
+
+Adds a test case (`TooLongQueryValue`) to verify client behavior
+when the request URI is excessively long, exceeding
+`CPPHTTPLIB_MAX_LINE_LENGTH`. In this scenario, the server is
+expected to reset the connection.
+
+Signed-off-by: Ville Vesilehto <ville@vesilehto.fi>
+
+---------
+
+Signed-off-by: Ville Vesilehto <ville@vesilehto.fi>
+
+Origin: https://github.com/yhirose/cpp-httplib/commit/7b752106ac42bd5b907793950d9125a0972c8e8e
+---
+ httplib.h    |  9 +++++++++
+ test/test.cc | 15 +++++++++++++++
+ 2 files changed, 24 insertions(+)
+
+diff --git a/httplib.h b/httplib.h
+index 86a7452..b13f7b6 100644
+--- a/httplib.h
+++ b/httplib.h
+@@ -113,6 +113,10 @@
+ #define CPPHTTPLIB_LISTEN_BACKLOG 5
+ #endif
+ 
+#ifndef CPPHTTPLIB_MAX_LINE_LENGTH
+#define CPPHTTPLIB_MAX_LINE_LENGTH 32768
+#endif
+
+ /*
+  * Headers
+  */
+@@ -2559,6 +2563,11 @@ inline bool stream_line_reader::getline() {
+   glowable_buffer_.clear();
+ 
+   for (size_t i = 0;; i++) {
+    if (size() >= CPPHTTPLIB_MAX_LINE_LENGTH) {
+      // Treat exceptionally long lines as an error to
+      // prevent infinite loops/memory exhaustion
+      return false;
+    }
+     char byte;
+     auto n = strm_.read(&byte, 1);
+ 
+diff --git a/test/test.cc b/test/test.cc
+index e702e36..eefa33b 100644
+--- a/test/test.cc
+++ b/test/test.cc
+@@ -33,6 +33,9 @@ const int PORT = 1234;
+ const string LONG_QUERY_VALUE = string(25000, '@');
+ const string LONG_QUERY_URL = "/long-query-value?key=" + LONG_QUERY_VALUE;
+ 
+const string TOO_LONG_QUERY_VALUE = string(35000, '@');
+const string TOO_LONG_QUERY_URL = "/too-long-query-value?key=" + TOO_LONG_QUERY_VALUE;
+
+ const std::string JSON_DATA = "{\"hello\":\"world\"}";
+ 
+ const string LARGE_DATA = string(1024 * 1024 * 100, '@'); // 100MB
+@@ -1991,6 +1994,11 @@ protected:
+                EXPECT_EQ(LONG_QUERY_URL, req.target);
+                EXPECT_EQ(LONG_QUERY_VALUE, req.get_param_value("key"));
+              })
+        .Get("/too-long-query-value",
+             [&](const Request &req, Response & /*res*/) {
+               EXPECT_EQ(TOO_LONG_QUERY_URL, req.target);
+               EXPECT_EQ(TOO_LONG_QUERY_VALUE, req.get_param_value("key"));
+             })
+         .Get("/array-param",
+              [&](const Request &req, Response & /*res*/) {
+                EXPECT_EQ(3u, req.get_param_value_count("array"));
+@@ -2697,6 +2705,13 @@ TEST_F(ServerTest, LongQueryValue) {
+   EXPECT_EQ(414, res->status);
+ }
+ 
+TEST_F(ServerTest, TooLongQueryValue) {
+  auto res = cli_.Get(TOO_LONG_QUERY_URL.c_str());
+
+  ASSERT_FALSE(res);
+  EXPECT_EQ(Error::Read, res.error());
+}
+
+ TEST_F(ServerTest, TooLongHeader) {
+   Request req;
+   req.method = "GET";
+-- 
+2.49.0
+
--- a/cpp-httplib.spec
+++ b/cpp-httplib.spec
@ -1,11 +1,12 @@
 Name:    cpp-httplib
 Version: 0.14.0
-Release: 3
+Release: 4
 Summary: A C++ header-only HTTP/HTTPS server and client library 
 License: MIT
 URL:	 https://github.com/yhirose/cpp-httplib
 Source0: https://github.com/yhirose/cpp-httplib/archive/v%{version}/cpp-httplib-%{version}.tar.gz
 Patch0:  CVE-2025-0825.patch
+Patch1:  CVE-2025-46728.patch

 BuildRequires:  gcc-c++ meson >= 0.47.0 openssl openssl-devel brotli-devel gtest-devel zlib-devel
 Requires:       openssl-devel, glibc-devel, zlib-devel
@ -43,6 +44,9 @@ export GTEST_FILTER='_Online$'
 %{_libdir}/pkgconfig/%{name}.pc

 %changelog
+* Wed May 07 2025 yaoxin <1024769339@qq.com> - 0.14.0-4
+- Fix CVE-2025-46728
+
 * Fri Feb 07 2025 yaoxin <1024769339@qq.com> - 0.14.0-3
 - Fix CVE-2025-0825