diff options
Diffstat (limited to 'meta/recipes-devtools/go/go-1.14/CVE-2022-30631.patch')
-rw-r--r-- | meta/recipes-devtools/go/go-1.14/CVE-2022-30631.patch | 116 |
1 files changed, 116 insertions, 0 deletions
diff --git a/meta/recipes-devtools/go/go-1.14/CVE-2022-30631.patch b/meta/recipes-devtools/go/go-1.14/CVE-2022-30631.patch new file mode 100644 index 0000000000..5dcfd27f16 --- /dev/null +++ b/meta/recipes-devtools/go/go-1.14/CVE-2022-30631.patch | |||
@@ -0,0 +1,116 @@ | |||
1 | From d10fc3a84e3344f2421c1dd3046faa50709ab4d5 Mon Sep 17 00:00:00 2001 | ||
2 | From: Hitendra Prajapati <hprajapati@mvista.com> | ||
3 | Date: Thu, 25 Aug 2022 11:01:21 +0530 | ||
4 | Subject: [PATCH] CVE-2022-30631 | ||
5 | |||
6 | Upstream-Status: Backport [https://github.com/golang/go/commit/0117dee7dccbbd7803d88f65a2ce8bd686219ad3] | ||
7 | CVE: CVE-2022-30631 | ||
8 | Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> | ||
9 | --- | ||
10 | src/compress/gzip/gunzip.go | 60 +++++++++++++++----------------- | ||
11 | src/compress/gzip/gunzip_test.go | 16 +++++++++ | ||
12 | 2 files changed, 45 insertions(+), 31 deletions(-) | ||
13 | |||
14 | diff --git a/src/compress/gzip/gunzip.go b/src/compress/gzip/gunzip.go | ||
15 | index 924bce1..237b2b9 100644 | ||
16 | --- a/src/compress/gzip/gunzip.go | ||
17 | +++ b/src/compress/gzip/gunzip.go | ||
18 | @@ -248,42 +248,40 @@ func (z *Reader) Read(p []byte) (n int, err error) { | ||
19 | return 0, z.err | ||
20 | } | ||
21 | |||
22 | - n, z.err = z.decompressor.Read(p) | ||
23 | - z.digest = crc32.Update(z.digest, crc32.IEEETable, p[:n]) | ||
24 | - z.size += uint32(n) | ||
25 | - if z.err != io.EOF { | ||
26 | - // In the normal case we return here. | ||
27 | - return n, z.err | ||
28 | - } | ||
29 | + for n == 0 { | ||
30 | + n, z.err = z.decompressor.Read(p) | ||
31 | + z.digest = crc32.Update(z.digest, crc32.IEEETable, p[:n]) | ||
32 | + z.size += uint32(n) | ||
33 | + if z.err != io.EOF { | ||
34 | + // In the normal case we return here. | ||
35 | + return n, z.err | ||
36 | + } | ||
37 | |||
38 | - // Finished file; check checksum and size. | ||
39 | - if _, err := io.ReadFull(z.r, z.buf[:8]); err != nil { | ||
40 | - z.err = noEOF(err) | ||
41 | - return n, z.err | ||
42 | - } | ||
43 | - digest := le.Uint32(z.buf[:4]) | ||
44 | - size := le.Uint32(z.buf[4:8]) | ||
45 | - if digest != z.digest || size != z.size { | ||
46 | - z.err = ErrChecksum | ||
47 | - return n, z.err | ||
48 | - } | ||
49 | - z.digest, z.size = 0, 0 | ||
50 | + // Finished file; check checksum and size. | ||
51 | + if _, err := io.ReadFull(z.r, z.buf[:8]); err != nil { | ||
52 | + z.err = noEOF(err) | ||
53 | + return n, z.err | ||
54 | + } | ||
55 | + digest := le.Uint32(z.buf[:4]) | ||
56 | + size := le.Uint32(z.buf[4:8]) | ||
57 | + if digest != z.digest || size != z.size { | ||
58 | + z.err = ErrChecksum | ||
59 | + return n, z.err | ||
60 | + } | ||
61 | + z.digest, z.size = 0, 0 | ||
62 | |||
63 | - // File is ok; check if there is another. | ||
64 | - if !z.multistream { | ||
65 | - return n, io.EOF | ||
66 | - } | ||
67 | - z.err = nil // Remove io.EOF | ||
68 | + // File is ok; check if there is another. | ||
69 | + if !z.multistream { | ||
70 | + return n, io.EOF | ||
71 | + } | ||
72 | + z.err = nil // Remove io.EOF | ||
73 | |||
74 | - if _, z.err = z.readHeader(); z.err != nil { | ||
75 | - return n, z.err | ||
76 | + if _, z.err = z.readHeader(); z.err != nil { | ||
77 | + return n, z.err | ||
78 | + } | ||
79 | } | ||
80 | |||
81 | - // Read from next file, if necessary. | ||
82 | - if n > 0 { | ||
83 | - return n, nil | ||
84 | - } | ||
85 | - return z.Read(p) | ||
86 | + return n, nil | ||
87 | } | ||
88 | |||
89 | // Close closes the Reader. It does not close the underlying io.Reader. | ||
90 | diff --git a/src/compress/gzip/gunzip_test.go b/src/compress/gzip/gunzip_test.go | ||
91 | index 1b01404..95220ae 100644 | ||
92 | --- a/src/compress/gzip/gunzip_test.go | ||
93 | +++ b/src/compress/gzip/gunzip_test.go | ||
94 | @@ -516,3 +516,19 @@ func TestTruncatedStreams(t *testing.T) { | ||
95 | } | ||
96 | } | ||
97 | } | ||
98 | + | ||
99 | +func TestCVE202230631(t *testing.T) { | ||
100 | + var empty = []byte{0x1f, 0x8b, 0x08, 0x00, 0xa7, 0x8f, 0x43, 0x62, 0x00, | ||
101 | + 0x03, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00} | ||
102 | + r := bytes.NewReader(bytes.Repeat(empty, 4e6)) | ||
103 | + z, err := NewReader(r) | ||
104 | + if err != nil { | ||
105 | + t.Fatalf("NewReader: got %v, want nil", err) | ||
106 | + } | ||
107 | + // Prior to CVE-2022-30631 fix, this would cause an unrecoverable panic due | ||
108 | + // to stack exhaustion. | ||
109 | + _, err = z.Read(make([]byte, 10)) | ||
110 | + if err != io.EOF { | ||
111 | + t.Errorf("Reader.Read: got %v, want %v", err, io.EOF) | ||
112 | + } | ||
113 | +} | ||
114 | -- | ||
115 | 2.25.1 | ||
116 | |||