From c06522d7cf5655e605220e2849564e39d07d1466 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=9D=8E=E7=92=90?= Date: Mon, 13 May 2024 11:35:06 +0800 Subject: [PATCH] Fix the CVE-2022-45907 --- ...ity-Do-not-blindly-eval-input-string.patch | 104 ++++++++++++++++++ pytorch.spec | 6 +- 2 files changed, 109 insertions(+), 1 deletion(-) create mode 100644 0002-fix-the-CVE-2022-45907-that-JIT-Security-Do-not-blindly-eval-input-string.patch diff --git a/0002-fix-the-CVE-2022-45907-that-JIT-Security-Do-not-blindly-eval-input-string.patch b/0002-fix-the-CVE-2022-45907-that-JIT-Security-Do-not-blindly-eval-input-string.patch new file mode 100644 index 0000000..3c43016 --- /dev/null +++ b/0002-fix-the-CVE-2022-45907-that-JIT-Security-Do-not-blindly-eval-input-string.patch @@ -0,0 +1,104 @@ +From 767f6aa49fe20a2766b9843d01e3b7f7793df6a3 Mon Sep 17 00:00:00 2001 +From: Nikita Shulga +Date: Thu, 17 Nov 2022 22:05:27 +0000 +Subject: [PATCH] [JIT][Security] Do not blindly eval input string (#89189) + +Introduce `_eval_no_call` method, that evaluates statement only if it +does not contain any calls(done by examining the bytecode), thus preventing command injection exploit + +Added simple unit test to check for that +`torch.jit.annotations.get_signature` would not result in calling random +code. + +Although, this code path exists for Python-2 compatibility, and perhaps +should be simply removed. + +Fixes https://github.com/pytorch/pytorch/issues/88868 + +Pull Request resolved: https://github.com/pytorch/pytorch/pull/89189 +Approved by: https://github.com/suo +--- + test/test_jit.py | 8 ++++++++ + torch/csrc/jit/frontend/script_type_parser.cpp | 2 +- + torch/jit/annotations.py | 14 ++++++++++++-- + 3 files changed, 21 insertions(+), 3 deletions(-) + +diff --git a/test/test_jit.py b/test/test_jit.py +index 13c27b0efa..6cbc091d50 100644 +--- a/test/test_jit.py ++++ b/test/test_jit.py +@@ -3951,6 +3951,14 @@ def foo(x): + return a + 2 + torch.jit.script(invalid4) + ++ def test_calls_in_type_annotations(self): ++ with self.assertRaisesRegex(RuntimeError, "Type annotation should not contain calls"): ++ def spooky(a): ++ # type: print("Hello") -> Tensor # noqa: F723 ++ return a + 2 ++ print(torch.__file__) ++ torch.jit.annotations.get_signature(spooky, None, 1, True) ++ + def test_is_optional(self): + ann = Union[List[int], List[float]] + torch._jit_internal.is_optional(ann) +diff --git a/torch/csrc/jit/frontend/script_type_parser.cpp b/torch/csrc/jit/frontend/script_type_parser.cpp +index f5d6f640d4..d05ec95fb9 100644 +--- a/torch/csrc/jit/frontend/script_type_parser.cpp ++++ b/torch/csrc/jit/frontend/script_type_parser.cpp +@@ -316,7 +316,7 @@ std::vector ScriptTypeParser::evaluateDefaults( + // We then run constant prop on this graph and check the results are + // constant. This approach avoids having to have separate handling of + // default arguments from standard expressions by piecing together existing +- // machinery for graph generation, constant propgation, and constant ++ // machinery for graph generation, constant propagation, and constant + // extraction. + auto tuple_type = Subscript::create( + r, +diff --git a/torch/jit/annotations.py b/torch/jit/annotations.py +index a4a36ce36a..a6ff2d04d2 100644 +--- a/torch/jit/annotations.py ++++ b/torch/jit/annotations.py +@@ -1,4 +1,5 @@ + import ast ++import dis + import enum + import inspect + import re +@@ -144,6 +145,15 @@ def check_fn(fn, loc): + raise torch.jit.frontend.FrontendError(loc, "Expected a single top-level function") + + ++def _eval_no_call(stmt, glob, loc): ++ """Evaluate statement as long as it does not contain any method/function calls""" ++ bytecode = compile(stmt, "", mode="eval") ++ for insn in dis.get_instructions(bytecode): ++ if "CALL" in insn.opname: ++ raise RuntimeError(f"Type annotation should not contain calls, but '{stmt}' does") ++ return eval(bytecode, glob, loc) # type: ignore[arg-type] # noqa: P204 ++ ++ + def parse_type_line(type_line, rcb, loc): + """Parses a type annotation specified as a comment. + +@@ -154,7 +164,7 @@ def parse_type_line(type_line, rcb, loc): + arg_ann_str, ret_ann_str = split_type_line(type_line) + + try: +- arg_ann = eval(arg_ann_str, {}, EvalEnv(rcb)) # type: ignore[arg-type] # noqa: P204 ++ arg_ann = _eval_no_call(arg_ann_str, {}, EvalEnv(rcb)) + except (NameError, SyntaxError) as e: + raise RuntimeError("Failed to parse the argument list of a type annotation") from e + +@@ -162,7 +172,7 @@ def parse_type_line(type_line, rcb, loc): + arg_ann = (arg_ann,) + + try: +- ret_ann = eval(ret_ann_str, {}, EvalEnv(rcb)) # type: ignore[arg-type] # noqa: P204 ++ ret_ann = _eval_no_call(ret_ann_str, {}, EvalEnv(rcb)) + except (NameError, SyntaxError) as e: + raise RuntimeError("Failed to parse the return type of a type annotation") from e + +-- +2.27.0 + diff --git a/pytorch.spec b/pytorch.spec index 73c7523..268d69a 100644 --- a/pytorch.spec +++ b/pytorch.spec @@ -1,13 +1,14 @@ %global _empty_manifest_terminate_build 0 Name: pytorch Version: 2.1.2 -Release: 2 +Release: 3 Summary: Tensors and Dynamic neural networks in Python with strong GPU acceleration License: BSD-3-Clause URL: https://pytorch.org/ Source0: https://github.com/pytorch/pytorch/releases/download/v%{version}/pytorch-v%{version}.tar.gz Patch1: 0001-add-Wno-error-nonnull-for-test-cpp-api.patch +Patch2: 0002-fix-the-CVE-2022-45907-that-JIT-Security-Do-not-blindly-eval-input-string.patch BuildRequires: g++ Requires: python3-future Requires: python3-numpy @@ -86,6 +87,9 @@ mv %{buildroot}/doclist.lst . %{_docdir}/* %changelog +* Mon May 13 2024 lilu - 2.1.2-3 +- fix the CVE-2022-45907 that JIT Security Do not blindly eval input string + * Thu Jan 11 2024 Dongxing Wang - 2.1.2-2 - Patch: Add -Wno-error=nonnull for test/cpp/api/ -- Gitee