From 628b6ff517769c80bbc4b86fbdb7a4539ddd280e Mon Sep 17 00:00:00 2001
From: Ankita Pareek <56152556+Ankita13-code@users.noreply.github.com>
Date: Sat, 23 Nov 2024 01:59:33 +0530
Subject: [PATCH] fluent-bit: Address CVE-2024-25431 (#11096)

Signed-off-by: ankita <ankitapareek@microsoft.com>
Co-authored-by: ankita <ankitapareek@microsoft.com>
Co-authored-by: Mykhailo Bykhovtsev <108374904+mbykhovtsev-ms@users.noreply.github.com>
Co-authored-by: jslobodzian <joslobo@microsoft.com>
(cherry picked from commit 3988fcb627b98aaabe3a925db4bf086325073946)
---
 SPECS/fluent-bit/CVE-2024-25431.patch | 48 +++++++++++++++++++++++++++
 SPECS/fluent-bit/fluent-bit.spec      | 16 +++++++++
 2 files changed, 64 insertions(+)
 create mode 100644 SPECS/fluent-bit/CVE-2024-25431.patch

diff --git a/SPECS/fluent-bit/CVE-2024-25431.patch b/SPECS/fluent-bit/CVE-2024-25431.patch
new file mode 100644
index 00000000000..d0b4906e6c0
--- /dev/null
+++ b/SPECS/fluent-bit/CVE-2024-25431.patch
@@ -0,0 +1,48 @@
+diff --git a/lib/wasm-micro-runtime-WAMR-1.3.0/core/iwasm/interpreter/wasm_loader.c b/lib/wasm-micro-runtime-WAMR-1.3.0/core/iwasm/interpreter/wasm_loader.c
+index 2a06f42..506ee29 100644
+--- a/lib/wasm-micro-runtime-WAMR-1.3.0/core/iwasm/interpreter/wasm_loader.c
++++ b/lib/wasm-micro-runtime-WAMR-1.3.0/core/iwasm/interpreter/wasm_loader.c
+@@ -3980,14 +3980,22 @@ check_wasi_abi_compatibility(const WASMModule *module,
+     /* clang-format on */
+ 
+     WASMExport *initialize = NULL, *memory = NULL, *start = NULL;
++    uint32 import_function_count = module->import_function_count;
++    WASMType *func_type;
+ 
+     /* (func (export "_start") (...) */
+     start = wasm_loader_find_export(module, "", "_start", EXPORT_KIND_FUNC,
+                                     error_buf, error_buf_size);
+     if (start) {
+-        WASMType *func_type =
+-            module->functions[start->index - module->import_function_count]
+-                ->func_type;
++        if (start->index < import_function_count) {
++            set_error_buf(
++                error_buf, error_buf_size,
++                "the builtin _start function can not be an import function");
++            return false;
++        }
++
++        func_type =
++            module->functions[start->index - import_function_count]->func_type;
+         if (func_type->param_count || func_type->result_count) {
+             set_error_buf(error_buf, error_buf_size,
+                           "the signature of builtin _start function is wrong");
+@@ -3999,8 +4007,15 @@ check_wasi_abi_compatibility(const WASMModule *module,
+     initialize = wasm_loader_find_export(
+         module, "", "_initialize", EXPORT_KIND_FUNC, error_buf, error_buf_size);
+     if (initialize) {
+-        WASMType *func_type =
+-            module->functions[initialize->index - module->import_function_count]
++        if (initialize->index < import_function_count) {
++            set_error_buf(error_buf, error_buf_size,
++                          "the builtin _initialize function can not be an "
++                          "import function");
++            return false;
++        }
++
++        func_type =
++            module->functions[initialize->index - import_function_count]
+                 ->func_type;
+         if (func_type->param_count || func_type->result_count) {
+             set_error_buf(
diff --git a/SPECS/fluent-bit/fluent-bit.spec b/SPECS/fluent-bit/fluent-bit.spec
index d53d88689a4..a2b25ca5b80 100644
--- a/SPECS/fluent-bit/fluent-bit.spec
+++ b/SPECS/fluent-bit/fluent-bit.spec
@@ -1,13 +1,24 @@
 Summary:        Fast and Lightweight Log processor and forwarder for Linux, BSD and OSX
 Name:           fluent-bit
+<<<<<<< HEAD
 Version:        3.1.9
 Release:        1%{?dist}
+=======
+Version:        3.0.6
+Release:        3%{?dist}
+>>>>>>> 3988fcb62 (fluent-bit: Address CVE-2024-25431 (#11096))
 License:        Apache-2.0
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
 URL:            https://fluentbit.io
 Source0:        https://github.com/fluent/%{name}/archive/refs/tags/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
 Patch0:         CVE-2024-34250.patch
+<<<<<<< HEAD
+=======
+Patch1:         CVE-2024-25629.patch
+Patch2:         CVE-2024-28182.patch
+Patch3:         CVE-2024-25431.patch
+>>>>>>> 3988fcb62 (fluent-bit: Address CVE-2024-25431 (#11096))
 BuildRequires:  bison
 BuildRequires:  cmake
 BuildRequires:  cyrus-sasl-devel
@@ -82,9 +93,14 @@ Development files for %{name}
 %{_libdir}/fluent-bit/*.so
 
 %changelog
+<<<<<<< HEAD
 * Tue Nov 05 2024 Paul Meyer <paul.meyer@microsoft.com> - 3.1.9-1
 - Update to 3.1.9 to enable Lua filter plugin using system luajit library.
 - Remove patches for CVE-2024-25629 and CVE-2024-28182 as they are fixed in 3.1.9.
+=======
+* Fri Nov 15 2024 Ankita Pareek <ankitapareek@microsoft.com> - 3.0.6-3
+- Address CVE-2024-25431
+>>>>>>> 3988fcb62 (fluent-bit: Address CVE-2024-25431 (#11096))
 
 * Tue Oct 15 2024 Chris Gunn <chrisgun@microsoft.com> - 3.0.6-2
 - CVE-2024-34250