[thirdparty](patch) Fix brpc (1.4.0) security issue CVE-2023-31039 (#…

…44066) patch brpc apache/brpc#2218 (fixed in 1.5.0) to fix https://www.cve.org/CVERecord?id=CVE-2023-31039
apache · Nov 17, 2024 · e455f26 · e455f26
1 parent 43facc4
commit e455f26
Showing 1 changed file with 36 additions and 0 deletions.
diff --git a/thirdparty/patches/brpc-1.5.0-remove-wordexp.patch b/thirdparty/patches/brpc-1.5.0-remove-wordexp.patch
@@ -0,0 +1,36 @@
+diff --git a/src/brpc/server.cpp b/src/brpc/server.cpp
+index 380ebb20d4..b4758ad8c8 100644
+--- a/src/brpc/server.cpp
++++ b/src/brpc/server.cpp
+@@ -16,7 +16,6 @@
+ // under the License.
+
+
+-#include <wordexp.h>                                // wordexp
+ #include <iomanip>
+ #include <arpa/inet.h>                              // inet_aton
+ #include <fcntl.h>                                  // O_CREAT
+@@ -1716,23 +1715,7 @@ void Server::GenerateVersionIfNeeded() {
+     }
+ }
+
+-static std::string ExpandPath(const std::string &path) {
+-    if (path.empty()) {
+-        return std::string();
+-    }
+-    std::string ret;
+-    wordexp_t p;
+-    wordexp(path.c_str(), &p, 0);
+-    CHECK_EQ(p.we_wordc, 1u);
+-    if (p.we_wordc == 1) {
+-        ret = p.we_wordv[0];
+-    }
+-    wordfree(&p);
+-    return ret;
+-}
+-
+ void Server::PutPidFileIfNeeded() {
+-    _options.pid_file = ExpandPath(_options.pid_file);
+     if (_options.pid_file.empty()) {
+         return;
+     }