1 files changed, 104 insertions, 0 deletions
diff --git a/meta/recipes-devtools/go/go-1.14/CVE-2022-28131.patch b/meta/recipes-devtools/go/go-1.14/CVE-2022-28131.patch
new file mode 100644
index 0000000000..8afa292144
--- /dev/null
+++ b/meta/recipes-devtools/go/go-1.14/CVE-2022-28131.patch
@@ -0,0 +1,104 @@
+From 8136eb2e5c316a51d0da710fbd0504cbbefee526 Mon Sep 17 00:00:00 2001
+From: Roland Shoemaker <roland@golang.org>
+Date: Mon, 28 Mar 2022 18:41:26 -0700
+Subject: [PATCH] encoding/xml: use iterative Skip, rather than recursive
+Upstream-Status: Backport [https://github.com/golang/go/commit/58facfbe7db2fbb9afed794b281a70bdb12a60ae]
+CVE: CVE-2022-28131
+Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org>
+Prevents exhausting the stack limit in _incredibly_ deeply nested
+structures.
+Fixes #53711
+Updates #53614
+Fixes CVE-2022-28131
+Change-Id: I47db4595ce10cecc29fbd06afce7b299868599e6
+Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1419912
+Reviewed-by: Julie Qiu <julieqiu@google.com>
+Reviewed-by: Damien Neil <dneil@google.com>
+(cherry picked from commit 9278cb78443d2b4deb24cbb5b61c9ba5ac688d49)
+Reviewed-on: https://go-review.googlesource.com/c/go/+/417068
+TryBot-Result: Gopher Robot <gobot@golang.org>
+Reviewed-by: Heschi Kreinick <heschi@google.com>
+Run-TryBot: Michael Knyszek <mknyszek@google.com>
+---
+ src/encoding/xml/read.go      | 15 ++++++++-------
+ src/encoding/xml/read_test.go | 18 ++++++++++++++++++
+ 2 files changed, 26 insertions(+), 7 deletions(-)
+diff --git a/src/encoding/xml/read.go b/src/encoding/xml/read.go
+index 4ffed80..3fac859 100644
+--- a/src/encoding/xml/read.go
+++ b/src/encoding/xml/read.go
+@@ -743,12 +743,12 @@ Loop:
+ }
+ 
+ // Skip reads tokens until it has consumed the end element
+-// matching the most recent start element already consumed.
+-// It recurs if it encounters a start element, so it can be used to
+-// skip nested structures.
+// matching the most recent start element already consumed,
+// skipping nested structures.
+ // It returns nil if it finds an end element matching the start
+ // element; otherwise it returns an error describing the problem.
+ func (d *Decoder) Skip() error {
+       var depth int64
+        for {
+                tok, err := d.Token()
+                if err != nil {
+@@ -756,11 +756,12 @@ func (d *Decoder) Skip() error {
+                }
+                switch tok.(type) {
+                case StartElement:
+-                       if err := d.Skip(); err != nil {
+-                               return err
+-                       }
+                       depth++
+                case EndElement:
+-                       return nil
+                       if depth == 0 {
+                               return nil
+                       }
+                       depth--
+                }
+        }
+ }
+diff --git a/src/encoding/xml/read_test.go b/src/encoding/xml/read_test.go
+index 6a20b1a..7a621a5 100644
+--- a/src/encoding/xml/read_test.go
+++ b/src/encoding/xml/read_test.go
+@@ -5,9 +5,11 @@
+ package xml
+ 
+ import (
+       "bytes"
+        "errors"
+        "io"
+        "reflect"
+       "runtime"
+        "strings"
+        "testing"
+        "time"
+@@ -1093,3 +1095,19 @@ func TestCVE202228131(t *testing.T) {
+                t.Fatalf("Unmarshal unexpected error: got %q, want %q", err, errExeceededMaxUnmarshalDepth)
+        }
+ }
+
+func TestCVE202230633(t *testing.T) {
+       if runtime.GOARCH == "wasm" {
+               t.Skip("causes memory exhaustion on js/wasm")
+       }
+       defer func() {
+               p := recover()
+               if p != nil {
+                       t.Fatal("Unmarshal panicked")
+               }
+       }()
+       var example struct {
+               Things []string
+       }
+       Unmarshal(bytes.Repeat([]byte("<a>"), 17_000_000), &example)
+}

diff --git a/meta/recipes-devtools/go/go-1.14/CVE-2022-28131.patch b/meta/recipes-devtools/go/go-1.14/CVE-2022-28131.patch new file mode 100644 index 0000000000..8afa292144 --- /dev/null +++ b/meta/recipes-devtools/go/go-1.14/CVE-2022-28131.patch
@@ -0,0 +1,104 @@
	1	From 8136eb2e5c316a51d0da710fbd0504cbbefee526 Mon Sep 17 00:00:00 2001
	2	From: Roland Shoemaker <roland@golang.org>
	3	Date: Mon, 28 Mar 2022 18:41:26 -0700
	4	Subject: [PATCH] encoding/xml: use iterative Skip, rather than recursive
	5
	6	Upstream-Status: Backport [https://github.com/golang/go/commit/58facfbe7db2fbb9afed794b281a70bdb12a60ae]
	7	CVE: CVE-2022-28131
	8	Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org>
	9
	10
	11	Prevents exhausting the stack limit in _incredibly_ deeply nested
	12	structures.
	13
	14	Fixes #53711
	15	Updates #53614
	16	Fixes CVE-2022-28131
	17
	18	Change-Id: I47db4595ce10cecc29fbd06afce7b299868599e6
	19	Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1419912
	20	Reviewed-by: Julie Qiu <julieqiu@google.com>
	21	Reviewed-by: Damien Neil <dneil@google.com>
	22	(cherry picked from commit 9278cb78443d2b4deb24cbb5b61c9ba5ac688d49)
	23	Reviewed-on: https://go-review.googlesource.com/c/go/+/417068
	24	TryBot-Result: Gopher Robot <gobot@golang.org>
	25	Reviewed-by: Heschi Kreinick <heschi@google.com>
	26	Run-TryBot: Michael Knyszek <mknyszek@google.com>
	27	---
	28	src/encoding/xml/read.go \| 15 ++++++++-------
	29	src/encoding/xml/read_test.go \| 18 ++++++++++++++++++
	30	2 files changed, 26 insertions(+), 7 deletions(-)
	31
	32	diff --git a/src/encoding/xml/read.go b/src/encoding/xml/read.go
	33	index 4ffed80..3fac859 100644
	34	--- a/src/encoding/xml/read.go
	35	+++ b/src/encoding/xml/read.go
	36	@@ -743,12 +743,12 @@ Loop:
	37	}
	38
	39	// Skip reads tokens until it has consumed the end element
	40	-// matching the most recent start element already consumed.
	41	-// It recurs if it encounters a start element, so it can be used to
	42	-// skip nested structures.
	43	+// matching the most recent start element already consumed,
	44	+// skipping nested structures.
	45	// It returns nil if it finds an end element matching the start
	46	// element; otherwise it returns an error describing the problem.
	47	func (d *Decoder) Skip() error {
	48	+ var depth int64
	49	for {
	50	tok, err := d.Token()
	51	if err != nil {
	52	@@ -756,11 +756,12 @@ func (d *Decoder) Skip() error {
	53	}
	54	switch tok.(type) {
	55	case StartElement:
	56	- if err := d.Skip(); err != nil {
	57	- return err
	58	- }
	59	+ depth++
	60	case EndElement:
	61	- return nil
	62	+ if depth == 0 {
	63	+ return nil
	64	+ }
	65	+ depth--
	66	}
	67	}
	68	}
	69	diff --git a/src/encoding/xml/read_test.go b/src/encoding/xml/read_test.go
	70	index 6a20b1a..7a621a5 100644
	71	--- a/src/encoding/xml/read_test.go
	72	+++ b/src/encoding/xml/read_test.go
	73	@@ -5,9 +5,11 @@
	74	package xml
	75
	76	import (
	77	+ "bytes"
	78	"errors"
	79	"io"
	80	"reflect"
	81	+ "runtime"
	82	"strings"
	83	"testing"
	84	"time"
	85	@@ -1093,3 +1095,19 @@ func TestCVE202228131(t *testing.T) {
	86	t.Fatalf("Unmarshal unexpected error: got %q, want %q", err, errExeceededMaxUnmarshalDepth)
	87	}
	88	}
	89	+
	90	+func TestCVE202230633(t *testing.T) {
	91	+ if runtime.GOARCH == "wasm" {
	92	+ t.Skip("causes memory exhaustion on js/wasm")
	93	+ }
	94	+ defer func() {
	95	+ p := recover()
	96	+ if p != nil {
	97	+ t.Fatal("Unmarshal panicked")
	98	+ }
	99	+ }()
	100	+ var example struct {
	101	+ Things []string
	102	+ }
	103	+ Unmarshal(bytes.Repeat([]byte("<a>"), 17_000_000), &example)
	104	+}