diff options
author | Hitendra Prajapati <hprajapati@mvista.com> | 2022-06-24 17:42:53 +0530 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2022-07-08 08:27:20 +0100 |
commit | 6013fc2606d7dbd251d69ee6f1d25d54ca2b67b1 (patch) | |
tree | 3e2fc70bc41e031710d40a3a505aa46d0440a446 /meta/recipes-devtools/go | |
parent | 3f2da49c2b6c16bcca84496e7fc6102952786605 (diff) | |
download | poky-6013fc2606d7dbd251d69ee6f1d25d54ca2b67b1.tar.gz |
golang: CVE-2021-31525 net/http: panic in ReadRequest and ReadResponse when reading a very large header
Source: https://github.com/argoheyard/lang-net
MR: 114874
Type: Security Fix
Disposition: Backport from https://github.com/argoheyard/lang-net/commit/701957006ef151feb43f86aa99c8a1f474f69282
ChangeID: bd3c4f9f44dd1c45e810172087004778522d28eb
Description:
CVE-2021-31525 golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header.
(From OE-Core rev: 2850ef58f2a39a5ab19b1062d1b50160fec4daa8)
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-devtools/go')
-rw-r--r-- | meta/recipes-devtools/go/go-1.14.inc | 1 | ||||
-rw-r--r-- | meta/recipes-devtools/go/go-1.14/CVE-2021-31525.patch | 38 |
2 files changed, 39 insertions, 0 deletions
diff --git a/meta/recipes-devtools/go/go-1.14.inc b/meta/recipes-devtools/go/go-1.14.inc index 773d252bd1..b160222f76 100644 --- a/meta/recipes-devtools/go/go-1.14.inc +++ b/meta/recipes-devtools/go/go-1.14.inc | |||
@@ -24,6 +24,7 @@ SRC_URI += "\ | |||
24 | file://CVE-2022-23772.patch \ | 24 | file://CVE-2022-23772.patch \ |
25 | file://CVE-2021-44717.patch \ | 25 | file://CVE-2021-44717.patch \ |
26 | file://CVE-2022-24675.patch \ | 26 | file://CVE-2022-24675.patch \ |
27 | file://CVE-2021-31525.patch \ | ||
27 | " | 28 | " |
28 | 29 | ||
29 | SRC_URI_append_libc-musl = " file://0009-ld-replace-glibc-dynamic-linker-with-musl.patch" | 30 | SRC_URI_append_libc-musl = " file://0009-ld-replace-glibc-dynamic-linker-with-musl.patch" |
diff --git a/meta/recipes-devtools/go/go-1.14/CVE-2021-31525.patch b/meta/recipes-devtools/go/go-1.14/CVE-2021-31525.patch new file mode 100644 index 0000000000..afe4b0d2b8 --- /dev/null +++ b/meta/recipes-devtools/go/go-1.14/CVE-2021-31525.patch | |||
@@ -0,0 +1,38 @@ | |||
1 | From efb465ada003d23353a91ef930be408eb575dba6 Mon Sep 17 00:00:00 2001 | ||
2 | From: Hitendra Prajapati <hprajapati@mvista.com> | ||
3 | Date: Thu, 16 Jun 2022 17:40:12 +0530 | ||
4 | Subject: [PATCH] CVE-2021-31525 | ||
5 | |||
6 | Upstream-Status: Backport [https://github.com/argoheyard/lang-net/commit/701957006ef151feb43f86aa99c8a1f474f69282] | ||
7 | CVE: CVE-2021-31525 | ||
8 | Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> | ||
9 | |||
10 | --- | ||
11 | src/vendor/golang.org/x/net/http/httpguts/httplex.go | 10 ++++++---- | ||
12 | 1 file changed, 6 insertions(+), 4 deletions(-) | ||
13 | |||
14 | diff --git a/src/vendor/golang.org/x/net/http/httpguts/httplex.go b/src/vendor/golang.org/x/net/http/httpguts/httplex.go | ||
15 | index e7de24e..c79aa73 100644 | ||
16 | --- a/src/vendor/golang.org/x/net/http/httpguts/httplex.go | ||
17 | +++ b/src/vendor/golang.org/x/net/http/httpguts/httplex.go | ||
18 | @@ -137,11 +137,13 @@ func trimOWS(x string) string { | ||
19 | // contains token amongst its comma-separated tokens, ASCII | ||
20 | // case-insensitively. | ||
21 | func headerValueContainsToken(v string, token string) bool { | ||
22 | - v = trimOWS(v) | ||
23 | - if comma := strings.IndexByte(v, ','); comma != -1 { | ||
24 | - return tokenEqual(trimOWS(v[:comma]), token) || headerValueContainsToken(v[comma+1:], token) | ||
25 | + for comma := strings.IndexByte(v, ','); comma != -1; comma = strings.IndexByte(v, ',') { | ||
26 | + if tokenEqual(trimOWS(v[:comma]), token) { | ||
27 | + return true | ||
28 | + } | ||
29 | + v = v[comma+1:] | ||
30 | } | ||
31 | - return tokenEqual(v, token) | ||
32 | + return tokenEqual(trimOWS(v), token) | ||
33 | } | ||
34 | |||
35 | // lowerASCII returns the ASCII lowercase version of b. | ||
36 | -- | ||
37 | 2.25.1 | ||
38 | |||