summaryrefslogtreecommitdiffstats
path: root/meta/recipes-devtools/go
diff options
context:
space:
mode:
authorHitendra Prajapati <hprajapati@mvista.com>2022-08-25 12:54:30 +0530
committerRichard Purdie <richard.purdie@linuxfoundation.org>2022-09-03 13:10:37 +0100
commit8bc3443c0813f884955def3bb8d7594acd397796 (patch)
tree64a586ceb8506f819b83182eefc0a6754b823308 /meta/recipes-devtools/go
parentdea6f2c847296639359546198709bf333a881d29 (diff)
downloadpoky-8bc3443c0813f884955def3bb8d7594acd397796.tar.gz
golang: fix CVE-2022-30629 and CVE-2022-30631
Source: https://github.com/golang/go MR: 120613, 120613 Type: Security Fix Disposition: Backport from https://github.com/golang/go/commit/c15a8e2dbb5ac376a6ed890735341b812d6b965c && https://github.com/golang/go/commit/0117dee7dccbbd7803d88f65a2ce8bd686219ad3 ChangeID: 366db775dec045d7b312b8da0436af36ab322046 Description: Fixed CVE: 1. CVE-2022-30629 2. CVE-2022-30631 (From OE-Core rev: 6813a265c7c21e24636d07a6a8df16ef0cf7da50) Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-devtools/go')
-rw-r--r--meta/recipes-devtools/go/go-1.14.inc2
-rw-r--r--meta/recipes-devtools/go/go-1.14/CVE-2022-30629.patch47
-rw-r--r--meta/recipes-devtools/go/go-1.14/CVE-2022-30631.patch116
3 files changed, 165 insertions, 0 deletions
diff --git a/meta/recipes-devtools/go/go-1.14.inc b/meta/recipes-devtools/go/go-1.14.inc
index b160222f76..6089fd501d 100644
--- a/meta/recipes-devtools/go/go-1.14.inc
+++ b/meta/recipes-devtools/go/go-1.14.inc
@@ -25,6 +25,8 @@ SRC_URI += "\
25 file://CVE-2021-44717.patch \ 25 file://CVE-2021-44717.patch \
26 file://CVE-2022-24675.patch \ 26 file://CVE-2022-24675.patch \
27 file://CVE-2021-31525.patch \ 27 file://CVE-2021-31525.patch \
28 file://CVE-2022-30629.patch \
29 file://CVE-2022-30631.patch \
28" 30"
29 31
30SRC_URI_append_libc-musl = " file://0009-ld-replace-glibc-dynamic-linker-with-musl.patch" 32SRC_URI_append_libc-musl = " file://0009-ld-replace-glibc-dynamic-linker-with-musl.patch"
diff --git a/meta/recipes-devtools/go/go-1.14/CVE-2022-30629.patch b/meta/recipes-devtools/go/go-1.14/CVE-2022-30629.patch
new file mode 100644
index 0000000000..47313a547f
--- /dev/null
+++ b/meta/recipes-devtools/go/go-1.14/CVE-2022-30629.patch
@@ -0,0 +1,47 @@
1From 8d0bbb5a6280c2cf951241ec7f6579c90d38df57 Mon Sep 17 00:00:00 2001
2From: Hitendra Prajapati <hprajapati@mvista.com>
3Date: Thu, 25 Aug 2022 10:55:08 +0530
4Subject: [PATCH] CVE-2022-30629
5
6Upstream-Status: Backport [https://github.com/golang/go/commit/c15a8e2dbb5ac376a6ed890735341b812d6b965c]
7CVE: CVE-2022-30629
8Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
9---
10 src/crypto/tls/handshake_server_tls13.go | 14 ++++++++++++++
11 1 file changed, 14 insertions(+)
12
13diff --git a/src/crypto/tls/handshake_server_tls13.go b/src/crypto/tls/handshake_server_tls13.go
14index 5432145..d91797e 100644
15--- a/src/crypto/tls/handshake_server_tls13.go
16+++ b/src/crypto/tls/handshake_server_tls13.go
17@@ -9,6 +9,7 @@ import (
18 "crypto"
19 "crypto/hmac"
20 "crypto/rsa"
21+ "encoding/binary"
22 "errors"
23 "hash"
24 "io"
25@@ -742,6 +743,19 @@ func (hs *serverHandshakeStateTLS13) sendSessionTickets() error {
26 }
27 m.lifetime = uint32(maxSessionTicketLifetime / time.Second)
28
29+ // ticket_age_add is a random 32-bit value. See RFC 8446, section 4.6.1
30+ // The value is not stored anywhere; we never need to check the ticket age
31+ // because 0-RTT is not supported.
32+ ageAdd := make([]byte, 4)
33+ _, err = hs.c.config.rand().Read(ageAdd)
34+ if err != nil {
35+ return err
36+ }
37+ m.ageAdd = binary.LittleEndian.Uint32(ageAdd)
38+
39+ // ticket_nonce, which must be unique per connection, is always left at
40+ // zero because we only ever send one ticket per connection.
41+
42 if _, err := c.writeRecord(recordTypeHandshake, m.marshal()); err != nil {
43 return err
44 }
45--
462.25.1
47
diff --git a/meta/recipes-devtools/go/go-1.14/CVE-2022-30631.patch b/meta/recipes-devtools/go/go-1.14/CVE-2022-30631.patch
new file mode 100644
index 0000000000..5dcfd27f16
--- /dev/null
+++ b/meta/recipes-devtools/go/go-1.14/CVE-2022-30631.patch
@@ -0,0 +1,116 @@
1From d10fc3a84e3344f2421c1dd3046faa50709ab4d5 Mon Sep 17 00:00:00 2001
2From: Hitendra Prajapati <hprajapati@mvista.com>
3Date: Thu, 25 Aug 2022 11:01:21 +0530
4Subject: [PATCH] CVE-2022-30631
5
6Upstream-Status: Backport [https://github.com/golang/go/commit/0117dee7dccbbd7803d88f65a2ce8bd686219ad3]
7CVE: CVE-2022-30631
8Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
9---
10 src/compress/gzip/gunzip.go | 60 +++++++++++++++-----------------
11 src/compress/gzip/gunzip_test.go | 16 +++++++++
12 2 files changed, 45 insertions(+), 31 deletions(-)
13
14diff --git a/src/compress/gzip/gunzip.go b/src/compress/gzip/gunzip.go
15index 924bce1..237b2b9 100644
16--- a/src/compress/gzip/gunzip.go
17+++ b/src/compress/gzip/gunzip.go
18@@ -248,42 +248,40 @@ func (z *Reader) Read(p []byte) (n int, err error) {
19 return 0, z.err
20 }
21
22- n, z.err = z.decompressor.Read(p)
23- z.digest = crc32.Update(z.digest, crc32.IEEETable, p[:n])
24- z.size += uint32(n)
25- if z.err != io.EOF {
26- // In the normal case we return here.
27- return n, z.err
28- }
29+ for n == 0 {
30+ n, z.err = z.decompressor.Read(p)
31+ z.digest = crc32.Update(z.digest, crc32.IEEETable, p[:n])
32+ z.size += uint32(n)
33+ if z.err != io.EOF {
34+ // In the normal case we return here.
35+ return n, z.err
36+ }
37
38- // Finished file; check checksum and size.
39- if _, err := io.ReadFull(z.r, z.buf[:8]); err != nil {
40- z.err = noEOF(err)
41- return n, z.err
42- }
43- digest := le.Uint32(z.buf[:4])
44- size := le.Uint32(z.buf[4:8])
45- if digest != z.digest || size != z.size {
46- z.err = ErrChecksum
47- return n, z.err
48- }
49- z.digest, z.size = 0, 0
50+ // Finished file; check checksum and size.
51+ if _, err := io.ReadFull(z.r, z.buf[:8]); err != nil {
52+ z.err = noEOF(err)
53+ return n, z.err
54+ }
55+ digest := le.Uint32(z.buf[:4])
56+ size := le.Uint32(z.buf[4:8])
57+ if digest != z.digest || size != z.size {
58+ z.err = ErrChecksum
59+ return n, z.err
60+ }
61+ z.digest, z.size = 0, 0
62
63- // File is ok; check if there is another.
64- if !z.multistream {
65- return n, io.EOF
66- }
67- z.err = nil // Remove io.EOF
68+ // File is ok; check if there is another.
69+ if !z.multistream {
70+ return n, io.EOF
71+ }
72+ z.err = nil // Remove io.EOF
73
74- if _, z.err = z.readHeader(); z.err != nil {
75- return n, z.err
76+ if _, z.err = z.readHeader(); z.err != nil {
77+ return n, z.err
78+ }
79 }
80
81- // Read from next file, if necessary.
82- if n > 0 {
83- return n, nil
84- }
85- return z.Read(p)
86+ return n, nil
87 }
88
89 // Close closes the Reader. It does not close the underlying io.Reader.
90diff --git a/src/compress/gzip/gunzip_test.go b/src/compress/gzip/gunzip_test.go
91index 1b01404..95220ae 100644
92--- a/src/compress/gzip/gunzip_test.go
93+++ b/src/compress/gzip/gunzip_test.go
94@@ -516,3 +516,19 @@ func TestTruncatedStreams(t *testing.T) {
95 }
96 }
97 }
98+
99+func TestCVE202230631(t *testing.T) {
100+ var empty = []byte{0x1f, 0x8b, 0x08, 0x00, 0xa7, 0x8f, 0x43, 0x62, 0x00,
101+ 0x03, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}
102+ r := bytes.NewReader(bytes.Repeat(empty, 4e6))
103+ z, err := NewReader(r)
104+ if err != nil {
105+ t.Fatalf("NewReader: got %v, want nil", err)
106+ }
107+ // Prior to CVE-2022-30631 fix, this would cause an unrecoverable panic due
108+ // to stack exhaustion.
109+ _, err = z.Read(make([]byte, 10))
110+ if err != io.EOF {
111+ t.Errorf("Reader.Read: got %v, want %v", err, io.EOF)
112+ }
113+}
114--
1152.25.1
116