diff options
author | Hitendra Prajapati <hprajapati@mvista.com> | 2022-08-26 17:40:02 +0530 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2022-09-03 13:10:37 +0100 |
commit | 1a1eceee49adf1b90b4ecdbabbfdb70373526f9c (patch) | |
tree | fe3f26d99a81c1eabcb356d659a6361a5b8cbb76 /meta/recipes-devtools/go/go-1.14/CVE-2022-32148.patch | |
parent | 7d67a61029c49b3459b65da4da2c5022f3826713 (diff) | |
download | poky-1a1eceee49adf1b90b4ecdbabbfdb70373526f9c.tar.gz |
golang: fix CVE-2022-30635 and CVE-2022-32148
Source: https://github.com/golang/go
MR: 120628, 120631
Type: Security Fix
Disposition: Backport from https://github.com/golang/go/commit/ed2f33e1a7e0d18f61bd56f7ee067331d612c27e && https://github.com/golang/go/commit/ed2f33e1a7e0d18f61bd56f7ee067331d612c27e
ChangeID: fbd8d61bdc2e9cb0cdbe9879e02aed218ee93dbe
Description:
Fixed CVE:
1. CVE-2022-30635
2. CVE-2022-32148
(From OE-Core rev: 2c4fb77f417464d9cd40f0ebd8cc52e6e6ca689e)
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-devtools/go/go-1.14/CVE-2022-32148.patch')
-rw-r--r-- | meta/recipes-devtools/go/go-1.14/CVE-2022-32148.patch | 49 |
1 files changed, 49 insertions, 0 deletions
diff --git a/meta/recipes-devtools/go/go-1.14/CVE-2022-32148.patch b/meta/recipes-devtools/go/go-1.14/CVE-2022-32148.patch new file mode 100644 index 0000000000..aab98e99fd --- /dev/null +++ b/meta/recipes-devtools/go/go-1.14/CVE-2022-32148.patch | |||
@@ -0,0 +1,49 @@ | |||
1 | From 0fe3adec199e8cd2c101933f75d8cd617de70350 Mon Sep 17 00:00:00 2001 | ||
2 | From: Hitendra Prajapati <hprajapati@mvista.com> | ||
3 | Date: Fri, 26 Aug 2022 12:48:13 +0530 | ||
4 | Subject: [PATCH] CVE-2022-32148 | ||
5 | |||
6 | Upstream-Status: Backport [https://github.com/golang/go/commit/ed2f33e1a7e0d18f61bd56f7ee067331d612c27e] | ||
7 | CVE: CVE-2022-32148 | ||
8 | Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> | ||
9 | --- | ||
10 | src/net/http/header.go | 6 ++++++ | ||
11 | src/net/http/header_test.go | 5 +++++ | ||
12 | 2 files changed, 11 insertions(+) | ||
13 | |||
14 | diff --git a/src/net/http/header.go b/src/net/http/header.go | ||
15 | index b9b5391..221f613 100644 | ||
16 | --- a/src/net/http/header.go | ||
17 | +++ b/src/net/http/header.go | ||
18 | @@ -100,6 +100,12 @@ func (h Header) Clone() Header { | ||
19 | sv := make([]string, nv) // shared backing array for headers' values | ||
20 | h2 := make(Header, len(h)) | ||
21 | for k, vv := range h { | ||
22 | + if vv == nil { | ||
23 | + // Preserve nil values. ReverseProxy distinguishes | ||
24 | + // between nil and zero-length header values. | ||
25 | + h2[k] = nil | ||
26 | + continue | ||
27 | + } | ||
28 | n := copy(sv, vv) | ||
29 | h2[k] = sv[:n:n] | ||
30 | sv = sv[n:] | ||
31 | diff --git a/src/net/http/header_test.go b/src/net/http/header_test.go | ||
32 | index 4789362..80c0035 100644 | ||
33 | --- a/src/net/http/header_test.go | ||
34 | +++ b/src/net/http/header_test.go | ||
35 | @@ -235,6 +235,11 @@ func TestCloneOrMakeHeader(t *testing.T) { | ||
36 | in: Header{"foo": {"bar"}}, | ||
37 | want: Header{"foo": {"bar"}}, | ||
38 | }, | ||
39 | + { | ||
40 | + name: "nil value", | ||
41 | + in: Header{"foo": nil}, | ||
42 | + want: Header{"foo": nil}, | ||
43 | + }, | ||
44 | } | ||
45 | |||
46 | for _, tt := range tests { | ||
47 | -- | ||
48 | 2.25.1 | ||
49 | |||