summaryrefslogtreecommitdiffstats
path: root/meta/recipes-devtools/go/go-1.14/CVE-2021-27918.patch
diff options
context:
space:
mode:
Diffstat (limited to 'meta/recipes-devtools/go/go-1.14/CVE-2021-27918.patch')
-rw-r--r--meta/recipes-devtools/go/go-1.14/CVE-2021-27918.patch191
1 files changed, 191 insertions, 0 deletions
diff --git a/meta/recipes-devtools/go/go-1.14/CVE-2021-27918.patch b/meta/recipes-devtools/go/go-1.14/CVE-2021-27918.patch
new file mode 100644
index 0000000000..faa3f7f641
--- /dev/null
+++ b/meta/recipes-devtools/go/go-1.14/CVE-2021-27918.patch
@@ -0,0 +1,191 @@
1From d0b79e3513a29628f3599dc8860666b6eed75372 Mon Sep 17 00:00:00 2001
2From: Katie Hockman <katie@golang.org>
3Date: Mon, 1 Mar 2021 09:54:00 -0500
4Subject: [PATCH] encoding/xml: prevent infinite loop while decoding
5
6This change properly handles a TokenReader which
7returns an EOF in the middle of an open XML
8element.
9
10Thanks to Sam Whited for reporting this.
11
12Fixes CVE-2021-27918
13Fixes #44913
14
15Change-Id: Id02a3f3def4a1b415fa2d9a8e3b373eb6cb0f433
16Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1004594
17Reviewed-by: Russ Cox <rsc@google.com>
18Reviewed-by: Roland Shoemaker <bracewell@google.com>
19Reviewed-by: Filippo Valsorda <valsorda@google.com>
20Reviewed-on: https://go-review.googlesource.com/c/go/+/300391
21Trust: Katie Hockman <katie@golang.org>
22Run-TryBot: Katie Hockman <katie@golang.org>
23TryBot-Result: Go Bot <gobot@golang.org>
24Reviewed-by: Alexander Rakoczy <alex@golang.org>
25Reviewed-by: Filippo Valsorda <filippo@golang.org>
26
27https://github.com/golang/go/commit/d0b79e3513a29628f3599dc8860666b6eed75372
28CVE: CVE-2021-27918
29Upstream-Status: Backport
30Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
31---
32 src/encoding/xml/xml.go | 19 ++++---
33 src/encoding/xml/xml_test.go | 104 +++++++++++++++++++++++++++--------
34 2 files changed, 92 insertions(+), 31 deletions(-)
35
36diff --git a/src/encoding/xml/xml.go b/src/encoding/xml/xml.go
37index adaf4daf198b9..6f9594d7ba7a3 100644
38--- a/src/encoding/xml/xml.go
39+++ b/src/encoding/xml/xml.go
40@@ -271,7 +271,7 @@ func NewTokenDecoder(t TokenReader) *Decoder {
41 // it will return an error.
42 //
43 // Token implements XML name spaces as described by
44-// https://www.w3.org/TR/REC-xml-names/. Each of the
45+// https://www.w3.org/TR/REC-xml-names/. Each of the
46 // Name structures contained in the Token has the Space
47 // set to the URL identifying its name space when known.
48 // If Token encounters an unrecognized name space prefix,
49@@ -285,16 +285,17 @@ func (d *Decoder) Token() (Token, error) {
50 if d.nextToken != nil {
51 t = d.nextToken
52 d.nextToken = nil
53- } else if t, err = d.rawToken(); err != nil {
54- switch {
55- case err == io.EOF && d.t != nil:
56- err = nil
57- case err == io.EOF && d.stk != nil && d.stk.kind != stkEOF:
58- err = d.syntaxError("unexpected EOF")
59+ } else {
60+ if t, err = d.rawToken(); t == nil && err != nil {
61+ if err == io.EOF && d.stk != nil && d.stk.kind != stkEOF {
62+ err = d.syntaxError("unexpected EOF")
63+ }
64+ return nil, err
65 }
66- return t, err
67+ // We still have a token to process, so clear any
68+ // errors (e.g. EOF) and proceed.
69+ err = nil
70 }
71-
72 if !d.Strict {
73 if t1, ok := d.autoClose(t); ok {
74 d.nextToken = t
75diff --git a/src/encoding/xml/xml_test.go b/src/encoding/xml/xml_test.go
76index efddca43e9102..5672ebb375f0d 100644
77--- a/src/encoding/xml/xml_test.go
78+++ b/src/encoding/xml/xml_test.go
79@@ -33,30 +33,90 @@ func (t *toks) Token() (Token, error) {
80
81 func TestDecodeEOF(t *testing.T) {
82 start := StartElement{Name: Name{Local: "test"}}
83- t.Run("EarlyEOF", func(t *testing.T) {
84- d := NewTokenDecoder(&toks{earlyEOF: true, t: []Token{
85- start,
86- start.End(),
87- }})
88- err := d.Decode(&struct {
89- XMLName Name `xml:"test"`
90- }{})
91- if err != nil {
92- t.Error(err)
93+ tests := []struct {
94+ name string
95+ tokens []Token
96+ ok bool
97+ }{
98+ {
99+ name: "OK",
100+ tokens: []Token{
101+ start,
102+ start.End(),
103+ },
104+ ok: true,
105+ },
106+ {
107+ name: "Malformed",
108+ tokens: []Token{
109+ start,
110+ StartElement{Name: Name{Local: "bad"}},
111+ start.End(),
112+ },
113+ ok: false,
114+ },
115+ }
116+ for _, tc := range tests {
117+ for _, eof := range []bool{true, false} {
118+ name := fmt.Sprintf("%s/earlyEOF=%v", tc.name, eof)
119+ t.Run(name, func(t *testing.T) {
120+ d := NewTokenDecoder(&toks{
121+ earlyEOF: eof,
122+ t: tc.tokens,
123+ })
124+ err := d.Decode(&struct {
125+ XMLName Name `xml:"test"`
126+ }{})
127+ if tc.ok && err != nil {
128+ t.Fatalf("d.Decode: expected nil error, got %v", err)
129+ }
130+ if _, ok := err.(*SyntaxError); !tc.ok && !ok {
131+ t.Errorf("d.Decode: expected syntax error, got %v", err)
132+ }
133+ })
134 }
135- })
136- t.Run("LateEOF", func(t *testing.T) {
137- d := NewTokenDecoder(&toks{t: []Token{
138- start,
139- start.End(),
140- }})
141- err := d.Decode(&struct {
142- XMLName Name `xml:"test"`
143- }{})
144- if err != nil {
145- t.Error(err)
146+ }
147+}
148+
149+type toksNil struct {
150+ returnEOF bool
151+ t []Token
152+}
153+
154+func (t *toksNil) Token() (Token, error) {
155+ if len(t.t) == 0 {
156+ if !t.returnEOF {
157+ // Return nil, nil before returning an EOF. It's legal, but
158+ // discouraged.
159+ t.returnEOF = true
160+ return nil, nil
161 }
162- })
163+ return nil, io.EOF
164+ }
165+ var tok Token
166+ tok, t.t = t.t[0], t.t[1:]
167+ return tok, nil
168+}
169+
170+func TestDecodeNilToken(t *testing.T) {
171+ for _, strict := range []bool{true, false} {
172+ name := fmt.Sprintf("Strict=%v", strict)
173+ t.Run(name, func(t *testing.T) {
174+ start := StartElement{Name: Name{Local: "test"}}
175+ bad := StartElement{Name: Name{Local: "bad"}}
176+ d := NewTokenDecoder(&toksNil{
177+ // Malformed
178+ t: []Token{start, bad, start.End()},
179+ })
180+ d.Strict = strict
181+ err := d.Decode(&struct {
182+ XMLName Name `xml:"test"`
183+ }{})
184+ if _, ok := err.(*SyntaxError); !ok {
185+ t.Errorf("d.Decode: expected syntax error, got %v", err)
186+ }
187+ })
188+ }
189 }
190
191 const testInput = `