repo: Assorted CVE fixes (IMPORTANT!) #32300
Conversation
Fix: [CVE-2024-23327](GHSA-4h5x-x9vh-m29j) Signed-off-by: Jacob Neil Taylor <[email protected]> Signed-off-by: Greg Greenway <[email protected]> Signed-off-by: Ryan Northey <[email protected]>
Fix [CVE-2024-23323](GHSA-x278-4w4x-r7ch) Signed-off-by: Yan Avlasov <[email protected]> Signed-off-by: Ryan Northey <[email protected]>
… interval Fix [CVE-2024-23322](GHSA-6p83-mfmh-qv38) Signed-off-by: Yan Avlasov <[email protected]> Signed-off-by: Ryan Northey <[email protected]> Signed-off-by: yanavlasov <[email protected]>
supported by the operating system Fix [CVE-2024-23325](GHSA-5m7c-mrwr-pm26) Signed-off-by: Greg Greenway <[email protected]> Signed-off-by: Ryan Northey <[email protected]>
Fix [CVE-2024-23324](GHSA-gq3v-vvhj-96j6) Signed-off-by: Kateryna Nezdolii <[email protected]> Signed-off-by: Ryan Northey <[email protected]>
phlax
requested review from
ggreenway,
soulxu,
alyssawilk and
lizan
as code owners
|
CC @envoyproxy/coverage-shephards: FYI only for changes made to |
i think we have been here before 8/ this PR will be rebased, the commits contain the linked CVEs this is what needs checking @RyanTheOptimist if you could look through that would be appreciated |
yes, i agree that the code changes look good. It would still be good to copy the links to the CVEs into the PR description so that when we see the commit in git history it has the relevant context. |
|
i already have to copy this information to each commit on each branch - ie 20+ and also to the release summaries given that the information is there and needs to be checked ill leave any further copypasta as an exercise for the reader |
|
I do not believe that "Assorted CVE fixes (IMPORTANT!)" meeds the requirements of a PR description from CONTRIBUTING.md. Feel free to get a second opinion from another maintainer. |
|
comment updated |
|
I believe the commit to sanitize the proxy protocol values seems wrong. The sanitizeUtf8String function used modifies the bytes in a non-recoverable way, but the actual value isn't always meant to be a valid utf8 string. I believe the proxy protocol spec allows for this. Materially, Google's private service connect (PSC) feature encodes a TLV value as a binary encoded int64. With this commit there's no way to recover the original value in most cases. Example value bytes that should be a valid PSC id I think either using set_bytes within |
|
I think this happened because Envoy is using a protobuf string for both moving data around internally, and sending protobufs flattened over the network. I agree this is an unintended change in behavior. I'm not sure what the best way to fix this is. Can you open an issue for this @fedya-at-db ? |
|
Thanks, I filed an issue here. |
Fix crash from AWS NLB healthchecks when proxy protocol is enabled
Fix: CVE-2024-23327
Cache RE object in uri template matcher.
Fix CVE-2024-23323
Fix crash when idle and request per try timeouts occur within backoff interval
Fix CVE-2024-23322
Fix crash when proxy protocol receives an address type that isn't supported by the operating system
Fix CVE-2024-23325
Proxy protocol: sanitise non utf8 chars in TLVs
Fix CVE-2024-23324