net-libs/libsignal-protocol-c: Fix CVE-2022-48468

This commit fixes CVE-2022-48468 for this package's bundled
protobuf-c.

Here are some reference links about the issue:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48468
https://bugzilla.redhat.com/show_bug.cgi?id=2186673

For reference, here is the commit I made in Fedora to address the issue,
which includes this patch:

https://src.fedoraproject.org/rpms/libsignal-protocol-c/c/152eb06d164e7973fda49139bc5a51f3b23c0cf6?branch=rawhide

Closes: https://bugs.gentoo.org/905098
Signed-off-by: Randy Barlow <randy@electronsweatshop.com>
Closes: https://github.com/gentoo/gentoo/pull/30764
Signed-off-by: Joonas Niilola <juippis@gentoo.org>

2 files changed, 71 insertions, 0 deletions

diff --git a/net-libs/libsignal-protocol-c/files/libsignal-protocol-c-2.3.3-CVE-2022-48468.patch b/net-libs/libsignal-protocol-c/files/libsignal-protocol-c-2.3.3-CVE-2022-48468.patch
new file mode 100644
index 000000000000..8b3706dd8829
--- /dev/null
+++ b/net-libs/libsignal-protocol-c/files/libsignal-protocol-c-2.3.3-CVE-2022-48468.patch
@@ -0,0 +1,53 @@
+From 478dfe51552243b367cf2e9c5d047cbbd3c21635 Mon Sep 17 00:00:00 2001
+From: Randy Barlow <randy@electronsweatshop.com>
+Date: Fri, 18 Mar 2022 12:42:57 -0400
+Subject: [PATCH] CVE-2022-48468: unsigned integer overflow
+
+This commit combines two upstream commits from protobuf-c[0][1].
+The first fixes an unsigned integer overflow, and the second fixes a
+regression introduced by the first. I originally decided to amend the
+commit message of the first to mention that it fixes a CVE, but then I
+realized it would be better to bring the fix for the regression together
+with it.
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48468
+https://bugzilla.redhat.com/show_bug.cgi?id=2186673
+
+[0]
+https://github.com/protobuf-c/protobuf-c/pull/513/commits/289f5c18b195aa43d46a619d1188709abbfa9c82
+[1]
+https://github.com/protobuf-c/protobuf-c/pull/513/commits/0d1fd124a4e0a07b524989f6e64410ff648fba61
+
+Co-authored-by: 10054172 <hui.zhang@thalesgroup.com>
+Co-authored-by: "Todd C. Miller" <Todd.Miller@sudo.ws>
+Signed-off-by: 10054172 <hui.zhang@thalesgroup.com>
+Signed-off-by: Randy Barlow <randy@electronsweatshop.com>
+---
+ src/protobuf-c/protobuf-c.c | 11 +++++++----
+ 1 file changed, 7 insertions(+), 4 deletions(-)
+
+diff --git a/src/protobuf-c/protobuf-c.c b/src/protobuf-c/protobuf-c.c
+index 4f2f5bc..6ae5287 100644
+--- a/src/protobuf-c/protobuf-c.c
++++ b/src/protobuf-c/protobuf-c.c
+@@ -2456,10 +2456,13 @@ parse_required_member(ScannedMember *scanned_member,
+ 			return FALSE;
+ 
+ 		def_mess = scanned_member->field->default_value;
+-		subm = protobuf_c_message_unpack(scanned_member->field->descriptor,
+-						 allocator,
+-						 len - pref_len,
+-						 data + pref_len);
++		if (len >= pref_len)
++			subm = protobuf_c_message_unpack(scanned_member->field->descriptor,
++							 allocator,
++							 len - pref_len,
++							 data + pref_len);
++		else
++			subm = NULL;
+ 
+ 		if (maybe_clear &&
+ 		    *pmessage != NULL &&
+-- 
+2.39.2
+
diff --git a/net-libs/libsignal-protocol-c/libsignal-protocol-c-2.3.3-r1.ebuild b/net-libs/libsignal-protocol-c/libsignal-protocol-c-2.3.3-r1.ebuild
new file mode 100644
index 000000000000..27fe1d46128e
--- /dev/null
+++ b/net-libs/libsignal-protocol-c/libsignal-protocol-c-2.3.3-r1.ebuild
@@ -0,0 +1,18 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit cmake
+
+DESCRIPTION="Signal Protocol C Library"
+HOMEPAGE="https://www.whispersystems.org/"
+SRC_URI="https://github.com/signalapp/${PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz"
+KEYWORDS="~amd64 ~arm64 ~x86"
+
+LICENSE="GPL-3"
+SLOT="0"
+
+PATCHES=(
+	"${FILESDIR}"/${PN}-2.3.3-CVE-2022-48468.patch
+)