CVE fix (#373)

* Fixes for CVE-2024-21646

* changelog update

* add back function

* fix windows build

* move install for windows compiler

Author: kashifkhan

.azure-pipelines/client.test.live.yml

@@ -98,11 +98,11 @@ jobs:
         displayName: Install build script requirements
    
       - script: |
+          call "$(VS_ENTERPRISE_PATH)\VC\Auxiliary\Build\vcvars64.bat"
           python -m pip install cibuildwheel==2.16.2
         displayName: Install cibuildwheel 2.16.2
 
       - pwsh: |
-          call "$(VS_ENTERPRISE_PATH)\VC\Auxiliary\Build\vcvars64.bat"
           cibuildwheel --output-dir dist .
         displayName: 'Build uAMQP Wheel'
         env:

HISTORY.rst

@@ -2,6 +2,11 @@
 
 Release History
 ===============
+1.6.7 (2024-01-17)
++++++++++++++++++++
+
+- Fixes for CVE-2024-21646
+
 1.6.6 (2023-11-16)
 +++++++++++++++++++
 

src/vendor/azure-uamqp-c/deps/azure-c-shared-utility/CMakeLists.txt

@@ -373,6 +373,7 @@ set(source_h_files
     ./inc/azure_c_shared_utility/tlsio.h
     ./inc/azure_c_shared_utility/optionhandler.h
     ./inc/azure_c_shared_utility/memory_data.h
+    ./inc/azure_c_shared_utility/safe_math.h
     ${LOGGING_STACKTRACE_H_FILE}
 )
 

src/vendor/azure-uamqp-c/deps/azure-c-shared-utility/inc/azure_c_shared_utility/safe_math.h

@@ -0,0 +1,17 @@
+// Copyright (c) Microsoft. All rights reserved.
+// Licensed under the MIT license. See LICENSE file in the project root for full license information.
+
+#ifndef SAFE_MATH_H
+#define SAFE_MATH_H
+
+#ifndef SIZE_MAX
+#define SIZE_MAX ((size_t)((size_t)~(size_t)0))
+#endif
+
+#define safe_add_size_t(a, b) ((((size_t)(a)) < ((size_t)(SIZE_MAX - ((size_t)(b))))) ? ((size_t)(a) + (size_t)(b)) : SIZE_MAX)
+
+#define safe_subtract_size_t(a, b) (((a) >= (b)) ? ((size_t)(a) - (size_t)(b)) : SIZE_MAX)
+
+#define safe_multiply_size_t(a, b) (((a) == 0 || (b) == 0) ? 0 : (((SIZE_MAX / (size_t)(a)) >= (size_t)(b)) ? (size_t)(a) * (size_t)(b) : SIZE_MAX))
+
+#endif // SAFE_MATH_H