diff options
author | Vivek Kumbhar <vkumbhar@mvista.com> | 2022-12-20 19:08:44 +0530 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2023-01-06 17:33:14 +0000 |
commit | da2f8dd755cfb1ecfe096949bfbabb1d0cded40c (patch) | |
tree | e2529f8b14725872d5dd7dad043628ec57b8fdfb /meta/recipes-devtools/go/go-1.14/CVE-2022-41717.patch | |
parent | 16b4b0bd4b6a3583b921df04e0ce7febb44759b3 (diff) | |
download | poky-da2f8dd755cfb1ecfe096949bfbabb1d0cded40c.tar.gz |
go: fix CVE-2022-41717 Excessive memory use in got server
(From OE-Core rev: a483f182676d87b7035e37fac8e21226fbd9fd63)
Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-devtools/go/go-1.14/CVE-2022-41717.patch')
-rw-r--r-- | meta/recipes-devtools/go/go-1.14/CVE-2022-41717.patch | 75 |
1 files changed, 75 insertions, 0 deletions
diff --git a/meta/recipes-devtools/go/go-1.14/CVE-2022-41717.patch b/meta/recipes-devtools/go/go-1.14/CVE-2022-41717.patch new file mode 100644 index 0000000000..8bf22ee4d4 --- /dev/null +++ b/meta/recipes-devtools/go/go-1.14/CVE-2022-41717.patch | |||
@@ -0,0 +1,75 @@ | |||
1 | From 618120c165669c00a1606505defea6ca755cdc27 Mon Sep 17 00:00:00 2001 | ||
2 | From: Damien Neil <dneil@google.com> | ||
3 | Date: Wed, 30 Nov 2022 16:46:33 -0500 | ||
4 | Subject: [PATCH] [release-branch.go1.19] net/http: update bundled | ||
5 | golang.org/x/net/http2 | ||
6 | |||
7 | Disable cmd/internal/moddeps test, since this update includes PRIVATE | ||
8 | track fixes. | ||
9 | |||
10 | For #56350. | ||
11 | For #57009. | ||
12 | Fixes CVE-2022-41717. | ||
13 | |||
14 | Change-Id: I5c6ce546add81f361dcf0d5123fa4eaaf8f0a03b | ||
15 | Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1663835 | ||
16 | Reviewed-by: Tatiana Bradley <tatianabradley@google.com> | ||
17 | Reviewed-by: Julie Qiu <julieqiu@google.com> | ||
18 | Reviewed-on: https://go-review.googlesource.com/c/go/+/455363 | ||
19 | TryBot-Result: Gopher Robot <gobot@golang.org> | ||
20 | Run-TryBot: Jenny Rakoczy <jenny@golang.org> | ||
21 | Reviewed-by: Michael Pratt <mpratt@google.com> | ||
22 | |||
23 | Upstream-Status: Backport [https://github.com/golang/go/commit/618120c165669c00a1606505defea6ca755cdc27] | ||
24 | CVE-2022-41717 | ||
25 | Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com> | ||
26 | --- | ||
27 | src/net/http/h2_bundle.go | 18 +++++++++++------- | ||
28 | 1 file changed, 11 insertions(+), 7 deletions(-) | ||
29 | |||
30 | diff --git a/src/net/http/h2_bundle.go b/src/net/http/h2_bundle.go | ||
31 | index 83f2a72..cc03a62 100644 | ||
32 | --- a/src/net/http/h2_bundle.go | ||
33 | +++ b/src/net/http/h2_bundle.go | ||
34 | @@ -4096,6 +4096,7 @@ type http2serverConn struct { | ||
35 | headerTableSize uint32 | ||
36 | peerMaxHeaderListSize uint32 // zero means unknown (default) | ||
37 | canonHeader map[string]string // http2-lower-case -> Go-Canonical-Case | ||
38 | + canonHeaderKeysSize int // canonHeader keys size in bytes | ||
39 | writingFrame bool // started writing a frame (on serve goroutine or separate) | ||
40 | writingFrameAsync bool // started a frame on its own goroutine but haven't heard back on wroteFrameCh | ||
41 | needsFrameFlush bool // last frame write wasn't a flush | ||
42 | @@ -4278,6 +4279,13 @@ func (sc *http2serverConn) condlogf(err error, format string, args ...interface{ | ||
43 | } | ||
44 | } | ||
45 | |||
46 | +// maxCachedCanonicalHeadersKeysSize is an arbitrarily-chosen limit on the size | ||
47 | +// of the entries in the canonHeader cache. | ||
48 | +// This should be larger than the size of unique, uncommon header keys likely to | ||
49 | +// be sent by the peer, while not so high as to permit unreasonable memory usage | ||
50 | +// if the peer sends an unbounded number of unique header keys. | ||
51 | +const http2maxCachedCanonicalHeadersKeysSize = 2048 | ||
52 | + | ||
53 | func (sc *http2serverConn) canonicalHeader(v string) string { | ||
54 | sc.serveG.check() | ||
55 | http2buildCommonHeaderMapsOnce() | ||
56 | @@ -4293,14 +4301,10 @@ func (sc *http2serverConn) canonicalHeader(v string) string { | ||
57 | sc.canonHeader = make(map[string]string) | ||
58 | } | ||
59 | cv = CanonicalHeaderKey(v) | ||
60 | - // maxCachedCanonicalHeaders is an arbitrarily-chosen limit on the number of | ||
61 | - // entries in the canonHeader cache. This should be larger than the number | ||
62 | - // of unique, uncommon header keys likely to be sent by the peer, while not | ||
63 | - // so high as to permit unreaasonable memory usage if the peer sends an unbounded | ||
64 | - // number of unique header keys. | ||
65 | - const maxCachedCanonicalHeaders = 32 | ||
66 | - if len(sc.canonHeader) < maxCachedCanonicalHeaders { | ||
67 | + size := 100 + len(v)*2 // 100 bytes of map overhead + key + value | ||
68 | + if sc.canonHeaderKeysSize+size <= http2maxCachedCanonicalHeadersKeysSize { | ||
69 | sc.canonHeader[v] = cv | ||
70 | + sc.canonHeaderKeysSize += size | ||
71 | } | ||
72 | return cv | ||
73 | } | ||
74 | -- | ||
75 | 2.30.2 | ||