diff options
author | Hitendra Prajapati <hprajapati@mvista.com> | 2022-08-29 11:05:47 +0530 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2022-09-03 13:10:37 +0100 |
commit | 964b78a02d7d1629297d37cff74fccc599615a68 (patch) | |
tree | 5a026b0693348786730680ca867e94ac821646b0 /meta/recipes-devtools/go | |
parent | 1a1eceee49adf1b90b4ecdbabbfdb70373526f9c (diff) | |
download | poky-964b78a02d7d1629297d37cff74fccc599615a68.tar.gz |
golang: CVE-2022-32189 a denial of service
Source: https://github.com/golang/go
MR: 120634
Type: Security Fix
Disposition: Backport from https://github.com/golang/go/commit/703c8ab7e5ba75c95553d4e249309297abad7102
ChangeID: 3ade323dd52a6b654358f6738a0b3411ccc6d3f8
Description:
CVE-2022-32189 golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service.
(From OE-Core rev: 9b3420c9a91059eb55754078bb1e733972e94489)
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-devtools/go')
-rw-r--r-- | meta/recipes-devtools/go/go-1.14.inc | 1 | ||||
-rw-r--r-- | meta/recipes-devtools/go/go-1.14/CVE-2022-32189.patch | 113 |
2 files changed, 114 insertions, 0 deletions
diff --git a/meta/recipes-devtools/go/go-1.14.inc b/meta/recipes-devtools/go/go-1.14.inc index 7c32246012..1458a11b3f 100644 --- a/meta/recipes-devtools/go/go-1.14.inc +++ b/meta/recipes-devtools/go/go-1.14.inc | |||
@@ -31,6 +31,7 @@ SRC_URI += "\ | |||
31 | file://CVE-2022-30633.patch \ | 31 | file://CVE-2022-30633.patch \ |
32 | file://CVE-2022-30635.patch \ | 32 | file://CVE-2022-30635.patch \ |
33 | file://CVE-2022-32148.patch \ | 33 | file://CVE-2022-32148.patch \ |
34 | file://CVE-2022-32189.patch \ | ||
34 | " | 35 | " |
35 | 36 | ||
36 | SRC_URI_append_libc-musl = " file://0009-ld-replace-glibc-dynamic-linker-with-musl.patch" | 37 | SRC_URI_append_libc-musl = " file://0009-ld-replace-glibc-dynamic-linker-with-musl.patch" |
diff --git a/meta/recipes-devtools/go/go-1.14/CVE-2022-32189.patch b/meta/recipes-devtools/go/go-1.14/CVE-2022-32189.patch new file mode 100644 index 0000000000..15fda7de1b --- /dev/null +++ b/meta/recipes-devtools/go/go-1.14/CVE-2022-32189.patch | |||
@@ -0,0 +1,113 @@ | |||
1 | From 027e7e1578d3d7614f7586eff3894b83d9709e14 Mon Sep 17 00:00:00 2001 | ||
2 | From: Hitendra Prajapati <hprajapati@mvista.com> | ||
3 | Date: Mon, 29 Aug 2022 10:08:34 +0530 | ||
4 | Subject: [PATCH] CVE-2022-32189 | ||
5 | |||
6 | Upstream-Status: Backport [https://github.com/golang/go/commit/703c8ab7e5ba75c95553d4e249309297abad7102] | ||
7 | CVE: CVE-2022-32189 | ||
8 | Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> | ||
9 | --- | ||
10 | src/math/big/floatmarsh.go | 7 +++++++ | ||
11 | src/math/big/floatmarsh_test.go | 12 ++++++++++++ | ||
12 | src/math/big/ratmarsh.go | 6 ++++++ | ||
13 | src/math/big/ratmarsh_test.go | 12 ++++++++++++ | ||
14 | 4 files changed, 37 insertions(+) | ||
15 | |||
16 | diff --git a/src/math/big/floatmarsh.go b/src/math/big/floatmarsh.go | ||
17 | index d1c1dab..990e085 100644 | ||
18 | --- a/src/math/big/floatmarsh.go | ||
19 | +++ b/src/math/big/floatmarsh.go | ||
20 | @@ -8,6 +8,7 @@ package big | ||
21 | |||
22 | import ( | ||
23 | "encoding/binary" | ||
24 | + "errors" | ||
25 | "fmt" | ||
26 | ) | ||
27 | |||
28 | @@ -67,6 +68,9 @@ func (z *Float) GobDecode(buf []byte) error { | ||
29 | *z = Float{} | ||
30 | return nil | ||
31 | } | ||
32 | + if len(buf) < 6 { | ||
33 | + return errors.New("Float.GobDecode: buffer too small") | ||
34 | + } | ||
35 | |||
36 | if buf[0] != floatGobVersion { | ||
37 | return fmt.Errorf("Float.GobDecode: encoding version %d not supported", buf[0]) | ||
38 | @@ -83,6 +87,9 @@ func (z *Float) GobDecode(buf []byte) error { | ||
39 | z.prec = binary.BigEndian.Uint32(buf[2:]) | ||
40 | |||
41 | if z.form == finite { | ||
42 | + if len(buf) < 10 { | ||
43 | + return errors.New("Float.GobDecode: buffer too small for finite form float") | ||
44 | + } | ||
45 | z.exp = int32(binary.BigEndian.Uint32(buf[6:])) | ||
46 | z.mant = z.mant.setBytes(buf[10:]) | ||
47 | } | ||
48 | diff --git a/src/math/big/floatmarsh_test.go b/src/math/big/floatmarsh_test.go | ||
49 | index c056d78..401f45a 100644 | ||
50 | --- a/src/math/big/floatmarsh_test.go | ||
51 | +++ b/src/math/big/floatmarsh_test.go | ||
52 | @@ -137,3 +137,15 @@ func TestFloatJSONEncoding(t *testing.T) { | ||
53 | } | ||
54 | } | ||
55 | } | ||
56 | + | ||
57 | +func TestFloatGobDecodeShortBuffer(t *testing.T) { | ||
58 | + for _, tc := range [][]byte{ | ||
59 | + []byte{0x1, 0x0, 0x0, 0x0}, | ||
60 | + []byte{0x1, 0xfa, 0x0, 0x0, 0x0, 0x0}, | ||
61 | + } { | ||
62 | + err := NewFloat(0).GobDecode(tc) | ||
63 | + if err == nil { | ||
64 | + t.Error("expected GobDecode to return error for malformed input") | ||
65 | + } | ||
66 | + } | ||
67 | +} | ||
68 | diff --git a/src/math/big/ratmarsh.go b/src/math/big/ratmarsh.go | ||
69 | index fbc7b60..56102e8 100644 | ||
70 | --- a/src/math/big/ratmarsh.go | ||
71 | +++ b/src/math/big/ratmarsh.go | ||
72 | @@ -45,12 +45,18 @@ func (z *Rat) GobDecode(buf []byte) error { | ||
73 | *z = Rat{} | ||
74 | return nil | ||
75 | } | ||
76 | + if len(buf) < 5 { | ||
77 | + return errors.New("Rat.GobDecode: buffer too small") | ||
78 | + } | ||
79 | b := buf[0] | ||
80 | if b>>1 != ratGobVersion { | ||
81 | return fmt.Errorf("Rat.GobDecode: encoding version %d not supported", b>>1) | ||
82 | } | ||
83 | const j = 1 + 4 | ||
84 | i := j + binary.BigEndian.Uint32(buf[j-4:j]) | ||
85 | + if len(buf) < int(i) { | ||
86 | + return errors.New("Rat.GobDecode: buffer too small") | ||
87 | + } | ||
88 | z.a.neg = b&1 != 0 | ||
89 | z.a.abs = z.a.abs.setBytes(buf[j:i]) | ||
90 | z.b.abs = z.b.abs.setBytes(buf[i:]) | ||
91 | diff --git a/src/math/big/ratmarsh_test.go b/src/math/big/ratmarsh_test.go | ||
92 | index 351d109..55a9878 100644 | ||
93 | --- a/src/math/big/ratmarsh_test.go | ||
94 | +++ b/src/math/big/ratmarsh_test.go | ||
95 | @@ -123,3 +123,15 @@ func TestRatXMLEncoding(t *testing.T) { | ||
96 | } | ||
97 | } | ||
98 | } | ||
99 | + | ||
100 | +func TestRatGobDecodeShortBuffer(t *testing.T) { | ||
101 | + for _, tc := range [][]byte{ | ||
102 | + []byte{0x2}, | ||
103 | + []byte{0x2, 0x0, 0x0, 0x0, 0xff}, | ||
104 | + } { | ||
105 | + err := NewRat(1, 2).GobDecode(tc) | ||
106 | + if err == nil { | ||
107 | + t.Error("expected GobDecode to return error for malformed input") | ||
108 | + } | ||
109 | + } | ||
110 | +} | ||
111 | -- | ||
112 | 2.25.1 | ||
113 | |||