File fix-CVE-2025-50200.patch of Package rabbitmq-server
From ab095675a98991a5f5b25cd7671ad4658a7642c0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Lo=C3=AFc=20Hoguin?= <loic.hoguin@broadcom.com>
Date: Tue, 25 Mar 2025 12:33:00 +0100
Subject: [PATCH] Fix Cowboy crashes caused by double reply
Issue introduced in 383ddb16341.
---
.../src/rabbit_mgmt_util.erl | 17 +++++++++++++
.../src/rabbit_mgmt_wm_exchange_publish.erl | 25 ++++++-------------
.../src/rabbit_mgmt_wm_queue_actions.erl | 24 ++++++------------
.../src/rabbit_mgmt_wm_queue_get.erl | 24 ++++++------------
4 files changed, 41 insertions(+), 49 deletions(-)
Index: rabbitmq-server-3.13.7/deps/rabbitmq_management/src/rabbit_mgmt_util.erl
===================================================================
--- rabbitmq-server-3.13.7.orig/deps/rabbitmq_management/src/rabbit_mgmt_util.erl
+++ rabbitmq-server-3.13.7/deps/rabbitmq_management/src/rabbit_mgmt_util.erl
@@ -51,6 +51,8 @@
-export([disable_stats/1, enable_queue_totals/1]).
+-export([set_resp_not_found/2]).
+
-import(rabbit_misc, [pget/2]).
-include("rabbit_mgmt.hrl").
@@ -1145,3 +1147,18 @@ catch_no_such_user_or_vhost(Fun, Replace
%% error is thrown when the request is out of range
sublist(List, S, L) when is_integer(L), L >= 0 ->
lists:sublist(lists:nthtail(S-1, List), L).
+
+-spec set_resp_not_found(binary(), cowboy_req:req()) -> cowboy_req:req().
+set_resp_not_found(NotFoundBin, ReqData) ->
+ ErrorMessage = case rabbit_mgmt_util:vhost(ReqData) of
+ not_found ->
+ <<"vhost_not_found">>;
+ _ ->
+ NotFoundBin
+ end,
+ ReqData1 = cowboy_req:set_resp_header(
+ <<"content-type">>, <<"application/json">>, ReqData),
+ cowboy_req:set_resp_body(rabbit_json:encode(#{
+ <<"error">> => <<"not_found">>,
+ <<"reason">> => ErrorMessage
+ }), ReqData1).
Index: rabbitmq-server-3.13.7/deps/rabbitmq_management/src/rabbit_mgmt_wm_exchange_publish.erl
===================================================================
--- rabbitmq-server-3.13.7.orig/deps/rabbitmq_management/src/rabbit_mgmt_wm_exchange_publish.erl
+++ rabbitmq-server-3.13.7/deps/rabbitmq_management/src/rabbit_mgmt_wm_exchange_publish.erl
@@ -29,11 +29,14 @@ allowed_methods(ReqData, Context) ->
content_types_provided(ReqData, Context) ->
{rabbit_mgmt_util:responder_map(to_json), ReqData, Context}.
-resource_exists(ReqData, Context) ->
- {case rabbit_mgmt_wm_exchange:exchange(ReqData) of
- not_found -> raise_not_found(ReqData, Context);
- _ -> true
- end, ReqData, Context}.
+resource_exists(ReqData0, Context) ->
+ case rabbit_mgmt_wm_exchange:exchange(ReqData0) of
+ not_found ->
+ ReqData1 = rabbit_mgmt_util:set_resp_not_found(<<"exchange_not_found">>, ReqData0),
+ {false, ReqData1, Context};
+ _ ->
+ {true, ReqData0, Context}
+ end.
allow_missing_post(ReqData, Context) ->
{false, ReqData, Context}.
@@ -104,18 +107,6 @@ bad({{coordinator_unavailable, _}, _}, R
is_authorized(ReqData, Context) ->
rabbit_mgmt_util:is_authorized_vhost(ReqData, Context).
-raise_not_found(ReqData, Context) ->
- ErrorMessage = case rabbit_mgmt_util:vhost(ReqData) of
- not_found ->
- "vhost_not_found";
- _ ->
- "exchange_not_found"
- end,
- rabbit_mgmt_util:not_found(
- rabbit_data_coercion:to_binary(ErrorMessage),
- ReqData,
- Context).
-
%%--------------------------------------------------------------------
decode(Payload, <<"string">>) -> Payload;
Index: rabbitmq-server-3.13.7/deps/rabbitmq_management/src/rabbit_mgmt_wm_queue_actions.erl
===================================================================
--- rabbitmq-server-3.13.7.orig/deps/rabbitmq_management/src/rabbit_mgmt_wm_queue_actions.erl
+++ rabbitmq-server-3.13.7/deps/rabbitmq_management/src/rabbit_mgmt_wm_queue_actions.erl
@@ -26,11 +26,14 @@ variances(Req, Context) ->
allowed_methods(ReqData, Context) ->
{[<<"POST">>, <<"OPTIONS">>], ReqData, Context}.
-resource_exists(ReqData, Context) ->
- {case rabbit_mgmt_wm_queue:queue(ReqData) of
- not_found -> raise_not_found(ReqData, Context);
- _ -> true
- end, ReqData, Context}.
+resource_exists(ReqData0, Context) ->
+ case rabbit_mgmt_wm_queue:queue(ReqData0) of
+ not_found ->
+ ReqData1 = rabbit_mgmt_util:set_resp_not_found(<<"queue_not_found">>, ReqData0),
+ {false, ReqData1, Context};
+ _ ->
+ {true, ReqData0, Context}
+ end.
allow_missing_post(ReqData, Context) ->
{false, ReqData, Context}.
@@ -55,17 +58,6 @@ do_it(ReqData0, Context) ->
is_authorized(ReqData, Context) ->
rabbit_mgmt_util:is_authorized_admin(ReqData, Context).
-raise_not_found(ReqData, Context) ->
- ErrorMessage = case rabbit_mgmt_util:vhost(ReqData) of
- not_found ->
- "vhost_not_found";
- _ ->
- "queue_not_found"
- end,
- rabbit_mgmt_util:not_found(
- rabbit_data_coercion:to_binary(ErrorMessage),
- ReqData,
- Context).
%%--------------------------------------------------------------------
action(<<"sync">>, Q, ReqData, Context) when ?is_amqqueue(Q) ->
Index: rabbitmq-server-3.13.7/deps/rabbitmq_management/src/rabbit_mgmt_wm_queue_get.erl
===================================================================
--- rabbitmq-server-3.13.7.orig/deps/rabbitmq_management/src/rabbit_mgmt_wm_queue_get.erl
+++ rabbitmq-server-3.13.7/deps/rabbitmq_management/src/rabbit_mgmt_wm_queue_get.erl
@@ -29,11 +29,14 @@ allowed_methods(ReqData, Context) ->
content_types_provided(ReqData, Context) ->
{rabbit_mgmt_util:responder_map(to_json), ReqData, Context}.
-resource_exists(ReqData, Context) ->
- {case rabbit_mgmt_wm_queue:queue(ReqData) of
- not_found -> raise_not_found(ReqData, Context);
- _ -> true
- end, ReqData, Context}.
+resource_exists(ReqData0, Context) ->
+ case rabbit_mgmt_wm_queue:queue(ReqData0) of
+ not_found ->
+ ReqData1 = rabbit_mgmt_util:set_resp_not_found(<<"queue_not_found">>, ReqData0),
+ {false, ReqData1, Context};
+ _ ->
+ {true, ReqData0, Context}
+ end.
allow_missing_post(ReqData, Context) ->
{false, ReqData, Context}.
@@ -152,17 +155,6 @@ basic_get(Ch, Q, AckMode, Enc, Trunc) ->
is_authorized(ReqData, Context) ->
rabbit_mgmt_util:is_authorized_vhost(ReqData, Context).
-raise_not_found(ReqData, Context) ->
- ErrorMessage = case rabbit_mgmt_util:vhost(ReqData) of
- not_found ->
- "vhost_not_found";
- _ ->
- "queue_not_found"
- end,
- rabbit_mgmt_util:not_found(
- rabbit_data_coercion:to_binary(ErrorMessage),
- ReqData,
- Context).
%%--------------------------------------------------------------------
maybe_truncate(Payload, none) -> Payload;
