diff options
Diffstat (limited to 'meta/recipes-devtools/go/go-1.14/CVE-2022-30632.patch')
-rw-r--r-- | meta/recipes-devtools/go/go-1.14/CVE-2022-30632.patch | 71 |
1 files changed, 71 insertions, 0 deletions
diff --git a/meta/recipes-devtools/go/go-1.14/CVE-2022-30632.patch b/meta/recipes-devtools/go/go-1.14/CVE-2022-30632.patch new file mode 100644 index 0000000000..c54ef56a0e --- /dev/null +++ b/meta/recipes-devtools/go/go-1.14/CVE-2022-30632.patch | |||
@@ -0,0 +1,71 @@ | |||
1 | From 35d1dfe9746029aea9027b405c75555d41ffd2f8 Mon Sep 17 00:00:00 2001 | ||
2 | From: Hitendra Prajapati <hprajapati@mvista.com> | ||
3 | Date: Thu, 25 Aug 2022 13:12:40 +0530 | ||
4 | Subject: [PATCH] CVE-2022-30632 | ||
5 | |||
6 | Upstream-Status: Backport [https://github.com/golang/go/commit/76f8b7304d1f7c25834e2a0cc9e88c55276c47df] | ||
7 | CVE: CVE-2022-30632 | ||
8 | Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> | ||
9 | --- | ||
10 | src/path/filepath/match.go | 16 +++++++++++++++- | ||
11 | src/path/filepath/match_test.go | 10 ++++++++++ | ||
12 | 2 files changed, 25 insertions(+), 1 deletion(-) | ||
13 | |||
14 | diff --git a/src/path/filepath/match.go b/src/path/filepath/match.go | ||
15 | index 46badb5..ba68daa 100644 | ||
16 | --- a/src/path/filepath/match.go | ||
17 | +++ b/src/path/filepath/match.go | ||
18 | @@ -232,6 +232,20 @@ func getEsc(chunk string) (r rune, nchunk string, err error) { | ||
19 | // The only possible returned error is ErrBadPattern, when pattern | ||
20 | // is malformed. | ||
21 | func Glob(pattern string) (matches []string, err error) { | ||
22 | + return globWithLimit(pattern, 0) | ||
23 | +} | ||
24 | + | ||
25 | +func globWithLimit(pattern string, depth int) (matches []string, err error) { | ||
26 | + // This limit is used prevent stack exhaustion issues. See CVE-2022-30632. | ||
27 | + const pathSeparatorsLimit = 10000 | ||
28 | + if depth == pathSeparatorsLimit { | ||
29 | + return nil, ErrBadPattern | ||
30 | + } | ||
31 | + | ||
32 | + // Check pattern is well-formed. | ||
33 | + if _, err := Match(pattern, ""); err != nil { | ||
34 | + return nil, err | ||
35 | + } | ||
36 | if !hasMeta(pattern) { | ||
37 | if _, err = os.Lstat(pattern); err != nil { | ||
38 | return nil, nil | ||
39 | @@ -257,7 +271,7 @@ func Glob(pattern string) (matches []string, err error) { | ||
40 | } | ||
41 | |||
42 | var m []string | ||
43 | - m, err = Glob(dir) | ||
44 | + m, err = globWithLimit(dir, depth+1) | ||
45 | if err != nil { | ||
46 | return | ||
47 | } | ||
48 | diff --git a/src/path/filepath/match_test.go b/src/path/filepath/match_test.go | ||
49 | index b865762..c37c812 100644 | ||
50 | --- a/src/path/filepath/match_test.go | ||
51 | +++ b/src/path/filepath/match_test.go | ||
52 | @@ -154,6 +154,16 @@ func TestGlob(t *testing.T) { | ||
53 | } | ||
54 | } | ||
55 | |||
56 | +func TestCVE202230632(t *testing.T) { | ||
57 | + // Prior to CVE-2022-30632, this would cause a stack exhaustion given a | ||
58 | + // large number of separators (more than 4,000,000). There is now a limit | ||
59 | + // of 10,000. | ||
60 | + _, err := Glob("/*" + strings.Repeat("/", 10001)) | ||
61 | + if err != ErrBadPattern { | ||
62 | + t.Fatalf("Glob returned err=%v, want ErrBadPattern", err) | ||
63 | + } | ||
64 | +} | ||
65 | + | ||
66 | func TestGlobError(t *testing.T) { | ||
67 | _, err := Glob("[]") | ||
68 | if err == nil { | ||
69 | -- | ||
70 | 2.25.1 | ||
71 | |||