diff options
Diffstat (limited to 'meta/recipes-devtools/go/go-1.14/CVE-2021-27918.patch')
-rw-r--r-- | meta/recipes-devtools/go/go-1.14/CVE-2021-27918.patch | 191 |
1 files changed, 191 insertions, 0 deletions
diff --git a/meta/recipes-devtools/go/go-1.14/CVE-2021-27918.patch b/meta/recipes-devtools/go/go-1.14/CVE-2021-27918.patch new file mode 100644 index 0000000000..faa3f7f641 --- /dev/null +++ b/meta/recipes-devtools/go/go-1.14/CVE-2021-27918.patch | |||
@@ -0,0 +1,191 @@ | |||
1 | From d0b79e3513a29628f3599dc8860666b6eed75372 Mon Sep 17 00:00:00 2001 | ||
2 | From: Katie Hockman <katie@golang.org> | ||
3 | Date: Mon, 1 Mar 2021 09:54:00 -0500 | ||
4 | Subject: [PATCH] encoding/xml: prevent infinite loop while decoding | ||
5 | |||
6 | This change properly handles a TokenReader which | ||
7 | returns an EOF in the middle of an open XML | ||
8 | element. | ||
9 | |||
10 | Thanks to Sam Whited for reporting this. | ||
11 | |||
12 | Fixes CVE-2021-27918 | ||
13 | Fixes #44913 | ||
14 | |||
15 | Change-Id: Id02a3f3def4a1b415fa2d9a8e3b373eb6cb0f433 | ||
16 | Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1004594 | ||
17 | Reviewed-by: Russ Cox <rsc@google.com> | ||
18 | Reviewed-by: Roland Shoemaker <bracewell@google.com> | ||
19 | Reviewed-by: Filippo Valsorda <valsorda@google.com> | ||
20 | Reviewed-on: https://go-review.googlesource.com/c/go/+/300391 | ||
21 | Trust: Katie Hockman <katie@golang.org> | ||
22 | Run-TryBot: Katie Hockman <katie@golang.org> | ||
23 | TryBot-Result: Go Bot <gobot@golang.org> | ||
24 | Reviewed-by: Alexander Rakoczy <alex@golang.org> | ||
25 | Reviewed-by: Filippo Valsorda <filippo@golang.org> | ||
26 | |||
27 | https://github.com/golang/go/commit/d0b79e3513a29628f3599dc8860666b6eed75372 | ||
28 | CVE: CVE-2021-27918 | ||
29 | Upstream-Status: Backport | ||
30 | Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com> | ||
31 | --- | ||
32 | src/encoding/xml/xml.go | 19 ++++--- | ||
33 | src/encoding/xml/xml_test.go | 104 +++++++++++++++++++++++++++-------- | ||
34 | 2 files changed, 92 insertions(+), 31 deletions(-) | ||
35 | |||
36 | diff --git a/src/encoding/xml/xml.go b/src/encoding/xml/xml.go | ||
37 | index adaf4daf198b9..6f9594d7ba7a3 100644 | ||
38 | --- a/src/encoding/xml/xml.go | ||
39 | +++ b/src/encoding/xml/xml.go | ||
40 | @@ -271,7 +271,7 @@ func NewTokenDecoder(t TokenReader) *Decoder { | ||
41 | // it will return an error. | ||
42 | // | ||
43 | // Token implements XML name spaces as described by | ||
44 | -// https://www.w3.org/TR/REC-xml-names/. Each of the | ||
45 | +// https://www.w3.org/TR/REC-xml-names/. Each of the | ||
46 | // Name structures contained in the Token has the Space | ||
47 | // set to the URL identifying its name space when known. | ||
48 | // If Token encounters an unrecognized name space prefix, | ||
49 | @@ -285,16 +285,17 @@ func (d *Decoder) Token() (Token, error) { | ||
50 | if d.nextToken != nil { | ||
51 | t = d.nextToken | ||
52 | d.nextToken = nil | ||
53 | - } else if t, err = d.rawToken(); err != nil { | ||
54 | - switch { | ||
55 | - case err == io.EOF && d.t != nil: | ||
56 | - err = nil | ||
57 | - case err == io.EOF && d.stk != nil && d.stk.kind != stkEOF: | ||
58 | - err = d.syntaxError("unexpected EOF") | ||
59 | + } else { | ||
60 | + if t, err = d.rawToken(); t == nil && err != nil { | ||
61 | + if err == io.EOF && d.stk != nil && d.stk.kind != stkEOF { | ||
62 | + err = d.syntaxError("unexpected EOF") | ||
63 | + } | ||
64 | + return nil, err | ||
65 | } | ||
66 | - return t, err | ||
67 | + // We still have a token to process, so clear any | ||
68 | + // errors (e.g. EOF) and proceed. | ||
69 | + err = nil | ||
70 | } | ||
71 | - | ||
72 | if !d.Strict { | ||
73 | if t1, ok := d.autoClose(t); ok { | ||
74 | d.nextToken = t | ||
75 | diff --git a/src/encoding/xml/xml_test.go b/src/encoding/xml/xml_test.go | ||
76 | index efddca43e9102..5672ebb375f0d 100644 | ||
77 | --- a/src/encoding/xml/xml_test.go | ||
78 | +++ b/src/encoding/xml/xml_test.go | ||
79 | @@ -33,30 +33,90 @@ func (t *toks) Token() (Token, error) { | ||
80 | |||
81 | func TestDecodeEOF(t *testing.T) { | ||
82 | start := StartElement{Name: Name{Local: "test"}} | ||
83 | - t.Run("EarlyEOF", func(t *testing.T) { | ||
84 | - d := NewTokenDecoder(&toks{earlyEOF: true, t: []Token{ | ||
85 | - start, | ||
86 | - start.End(), | ||
87 | - }}) | ||
88 | - err := d.Decode(&struct { | ||
89 | - XMLName Name `xml:"test"` | ||
90 | - }{}) | ||
91 | - if err != nil { | ||
92 | - t.Error(err) | ||
93 | + tests := []struct { | ||
94 | + name string | ||
95 | + tokens []Token | ||
96 | + ok bool | ||
97 | + }{ | ||
98 | + { | ||
99 | + name: "OK", | ||
100 | + tokens: []Token{ | ||
101 | + start, | ||
102 | + start.End(), | ||
103 | + }, | ||
104 | + ok: true, | ||
105 | + }, | ||
106 | + { | ||
107 | + name: "Malformed", | ||
108 | + tokens: []Token{ | ||
109 | + start, | ||
110 | + StartElement{Name: Name{Local: "bad"}}, | ||
111 | + start.End(), | ||
112 | + }, | ||
113 | + ok: false, | ||
114 | + }, | ||
115 | + } | ||
116 | + for _, tc := range tests { | ||
117 | + for _, eof := range []bool{true, false} { | ||
118 | + name := fmt.Sprintf("%s/earlyEOF=%v", tc.name, eof) | ||
119 | + t.Run(name, func(t *testing.T) { | ||
120 | + d := NewTokenDecoder(&toks{ | ||
121 | + earlyEOF: eof, | ||
122 | + t: tc.tokens, | ||
123 | + }) | ||
124 | + err := d.Decode(&struct { | ||
125 | + XMLName Name `xml:"test"` | ||
126 | + }{}) | ||
127 | + if tc.ok && err != nil { | ||
128 | + t.Fatalf("d.Decode: expected nil error, got %v", err) | ||
129 | + } | ||
130 | + if _, ok := err.(*SyntaxError); !tc.ok && !ok { | ||
131 | + t.Errorf("d.Decode: expected syntax error, got %v", err) | ||
132 | + } | ||
133 | + }) | ||
134 | } | ||
135 | - }) | ||
136 | - t.Run("LateEOF", func(t *testing.T) { | ||
137 | - d := NewTokenDecoder(&toks{t: []Token{ | ||
138 | - start, | ||
139 | - start.End(), | ||
140 | - }}) | ||
141 | - err := d.Decode(&struct { | ||
142 | - XMLName Name `xml:"test"` | ||
143 | - }{}) | ||
144 | - if err != nil { | ||
145 | - t.Error(err) | ||
146 | + } | ||
147 | +} | ||
148 | + | ||
149 | +type toksNil struct { | ||
150 | + returnEOF bool | ||
151 | + t []Token | ||
152 | +} | ||
153 | + | ||
154 | +func (t *toksNil) Token() (Token, error) { | ||
155 | + if len(t.t) == 0 { | ||
156 | + if !t.returnEOF { | ||
157 | + // Return nil, nil before returning an EOF. It's legal, but | ||
158 | + // discouraged. | ||
159 | + t.returnEOF = true | ||
160 | + return nil, nil | ||
161 | } | ||
162 | - }) | ||
163 | + return nil, io.EOF | ||
164 | + } | ||
165 | + var tok Token | ||
166 | + tok, t.t = t.t[0], t.t[1:] | ||
167 | + return tok, nil | ||
168 | +} | ||
169 | + | ||
170 | +func TestDecodeNilToken(t *testing.T) { | ||
171 | + for _, strict := range []bool{true, false} { | ||
172 | + name := fmt.Sprintf("Strict=%v", strict) | ||
173 | + t.Run(name, func(t *testing.T) { | ||
174 | + start := StartElement{Name: Name{Local: "test"}} | ||
175 | + bad := StartElement{Name: Name{Local: "bad"}} | ||
176 | + d := NewTokenDecoder(&toksNil{ | ||
177 | + // Malformed | ||
178 | + t: []Token{start, bad, start.End()}, | ||
179 | + }) | ||
180 | + d.Strict = strict | ||
181 | + err := d.Decode(&struct { | ||
182 | + XMLName Name `xml:"test"` | ||
183 | + }{}) | ||
184 | + if _, ok := err.(*SyntaxError); !ok { | ||
185 | + t.Errorf("d.Decode: expected syntax error, got %v", err) | ||
186 | + } | ||
187 | + }) | ||
188 | + } | ||
189 | } | ||
190 | |||
191 | const testInput = ` | ||