From 1373d347f0b1385e44042c8d9c73d1a70af55fc5 Mon Sep 17 00:00:00 2001
From: "Laszlo Boszormenyi (GCS)" <gcs@debian.org>
Date: Tue, 4 Apr 2023 16:09:31 +0100
Subject: [PATCH] CVE-2021-22570

commit a00125024e9231d76746bd394fef8876f5cc15e2
Merge: 5c028d6cf 468bc193e
Author: Deanna Garcia <deannagarcia@google.com>
Date:   Fri Jan 22 00:24:30 2021 +0000

    Sync from Piper @353127564

    PROTOBUF_SYNC_PIPER

Backport:
 * Reduce to the actually relevant changes introduced in the actual merge.


Gbp-Pq: Name CVE-2021-22570.patch
---
 src/google/protobuf/descriptor.cc | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/src/google/protobuf/descriptor.cc b/src/google/protobuf/descriptor.cc
index fc3a9c7..74aaf7f 100644
--- a/src/google/protobuf/descriptor.cc
+++ b/src/google/protobuf/descriptor.cc
@@ -3980,6 +3980,11 @@ bool DescriptorBuilder::AddSymbol(
   // Use its file as the parent instead.
   if (parent == NULL) parent = file_;
 
+  if (full_name.find('\0') != std::string::npos) {
+    AddError(full_name, proto, DescriptorPool::ErrorCollector::NAME,
+             "\"" + full_name + "\" contains null character.");
+    return false;
+  }
   if (tables_->AddSymbol(full_name, symbol)) {
     if (!file_tables_->AddAliasUnderParent(parent, name, symbol)) {
       // This is only possible if there was already an error adding something of
@@ -4017,6 +4022,11 @@ bool DescriptorBuilder::AddSymbol(
 
 void DescriptorBuilder::AddPackage(
     const string& name, const Message& proto, const FileDescriptor* file) {
+  if (name.find('\0') != std::string::npos) {
+    AddError(name, proto, DescriptorPool::ErrorCollector::NAME,
+             "\"" + name + "\" contains null character.");
+    return;
+  }
   if (tables_->AddSymbol(name, Symbol(file))) {
     // Success.  Also add parent package, if any.
     string::size_type dot_pos = name.find_last_of('.');
@@ -4293,6 +4303,12 @@ FileDescriptor* DescriptorBuilder::BuildFileImpl(
   }
   result->pool_ = pool_;
 
+  if (result->name().find('\0') != std::string::npos) {
+    AddError(result->name(), proto, DescriptorPool::ErrorCollector::NAME,
+             "\"" + result->name() + "\" contains null character.");
+    return nullptr;
+  }
+
   // Add to tables.
   if (!tables_->AddFile(result)) {
     AddError(proto.name(), proto, DescriptorPool::ErrorCollector::OTHER,
-- 
2.30.2