fix(ngtcp2): CVE-2024-52811

[deepin-ci-robot]

CVE-2024-52811 修复

漏洞描述

Fix heap buffer overflow when writing not validated ACK to qlog.

在 ngtcp2_conn::conn_recv_pkt 处理 ACK 帧时，新增的逻辑跳过了 conn_recv_ack，导致同时跳过了 ngtcp2_pkt_validate_ack 验证。未验证的 ACK 仍然被写入 qlog，导致堆缓冲区溢出。

修复内容

• 将 ngtcp2_pkt_validate_ack 调用从 conn_recv_ack 函数移出到调用前的三个位置
• 确保在写入 qlog 之前验证 ACK

相关链接

• Upstream: ngtcp2/ngtcp2@44b662b
• NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52811
• GHSA: GHSA-4gmv-gf46-r4g5

Commit 信息

fix(ngtcp2): CVE-2024-52811Fix heap buffer overflow when writing not validated ACK to qlog.In conn_recv_pkt for an ACK, there was logic to skip conn_recv_ackif an ack has already been processed in the payload. However, thiscauses us to also skip ngtcp2_pkt_validate_ack. The ack which wasskipped still got written to qlog, leading to a heap overflow.Upstream: https://github.com/ngtcp2/ngtcp2/commit/44b662bd139c23fee1703bf256c13349e2e624a1Generated-By: glm-5.1Co-Authored-By: Security Agent <security@openclaw.ai>

---

🤖 Generated by CVE-Fixer AI Agent

[deepin-ci-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign zccrs for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• https:/raw.githubusercontent.com/deepin-community/template-repository/master/debian/deepin/OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[github-actions]

TAG Bot

TAG: 1.6.0-1deepin1
EXISTED: no
DISTRIBUTION: unstable

[hudeng-go]

/integrate

[github-actions]

AutoIntegrationPr Bot
auto integrate with pr url: deepin-community/Repository-Integration#3905
PrNumber: 3905
PrBranch: auto-integration-25144114273