diff options
Diffstat (limited to 'meta/recipes-devtools/go/go-1.14/CVE-2022-30629.patch')
-rw-r--r-- | meta/recipes-devtools/go/go-1.14/CVE-2022-30629.patch | 47 |
1 files changed, 47 insertions, 0 deletions
diff --git a/meta/recipes-devtools/go/go-1.14/CVE-2022-30629.patch b/meta/recipes-devtools/go/go-1.14/CVE-2022-30629.patch new file mode 100644 index 0000000000..47313a547f --- /dev/null +++ b/meta/recipes-devtools/go/go-1.14/CVE-2022-30629.patch | |||
@@ -0,0 +1,47 @@ | |||
1 | From 8d0bbb5a6280c2cf951241ec7f6579c90d38df57 Mon Sep 17 00:00:00 2001 | ||
2 | From: Hitendra Prajapati <hprajapati@mvista.com> | ||
3 | Date: Thu, 25 Aug 2022 10:55:08 +0530 | ||
4 | Subject: [PATCH] CVE-2022-30629 | ||
5 | |||
6 | Upstream-Status: Backport [https://github.com/golang/go/commit/c15a8e2dbb5ac376a6ed890735341b812d6b965c] | ||
7 | CVE: CVE-2022-30629 | ||
8 | Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> | ||
9 | --- | ||
10 | src/crypto/tls/handshake_server_tls13.go | 14 ++++++++++++++ | ||
11 | 1 file changed, 14 insertions(+) | ||
12 | |||
13 | diff --git a/src/crypto/tls/handshake_server_tls13.go b/src/crypto/tls/handshake_server_tls13.go | ||
14 | index 5432145..d91797e 100644 | ||
15 | --- a/src/crypto/tls/handshake_server_tls13.go | ||
16 | +++ b/src/crypto/tls/handshake_server_tls13.go | ||
17 | @@ -9,6 +9,7 @@ import ( | ||
18 | "crypto" | ||
19 | "crypto/hmac" | ||
20 | "crypto/rsa" | ||
21 | + "encoding/binary" | ||
22 | "errors" | ||
23 | "hash" | ||
24 | "io" | ||
25 | @@ -742,6 +743,19 @@ func (hs *serverHandshakeStateTLS13) sendSessionTickets() error { | ||
26 | } | ||
27 | m.lifetime = uint32(maxSessionTicketLifetime / time.Second) | ||
28 | |||
29 | + // ticket_age_add is a random 32-bit value. See RFC 8446, section 4.6.1 | ||
30 | + // The value is not stored anywhere; we never need to check the ticket age | ||
31 | + // because 0-RTT is not supported. | ||
32 | + ageAdd := make([]byte, 4) | ||
33 | + _, err = hs.c.config.rand().Read(ageAdd) | ||
34 | + if err != nil { | ||
35 | + return err | ||
36 | + } | ||
37 | + m.ageAdd = binary.LittleEndian.Uint32(ageAdd) | ||
38 | + | ||
39 | + // ticket_nonce, which must be unique per connection, is always left at | ||
40 | + // zero because we only ever send one ticket per connection. | ||
41 | + | ||
42 | if _, err := c.writeRecord(recordTypeHandshake, m.marshal()); err != nil { | ||
43 | return err | ||
44 | } | ||
45 | -- | ||
46 | 2.25.1 | ||
47 | |||