1 files changed, 131 insertions, 0 deletions
diff --git a/meta/recipes-devtools/go/go-1.14/CVE-2022-30633.patch b/meta/recipes-devtools/go/go-1.14/CVE-2022-30633.patch
new file mode 100644
index 0000000000..c16cb5f50c
--- /dev/null
+++ b/meta/recipes-devtools/go/go-1.14/CVE-2022-30633.patch
@@ -0,0 +1,131 @@
+From ab6e2ffdcab0501bcc2de4b196c1c18ae2301d4b Mon Sep 17 00:00:00 2001
+From: Hitendra Prajapati <hprajapati@mvista.com>
+Date: Thu, 25 Aug 2022 13:29:55 +0530
+Subject: [PATCH] CVE-2022-30633
+Upstream-Status: Backport [https://github.com/golang/go/commit/2678d0c957193dceef336c969a9da74dd716a827]
+CVE: CVE-2022-30633
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ src/encoding/xml/read.go      | 27 +++++++++++++++++++--------
+ src/encoding/xml/read_test.go | 14 ++++++++++++++
+ 2 files changed, 33 insertions(+), 8 deletions(-)
+diff --git a/src/encoding/xml/read.go b/src/encoding/xml/read.go
+index 10a60ee..4ffed80 100644
+--- a/src/encoding/xml/read.go
+++ b/src/encoding/xml/read.go
+@@ -148,7 +148,7 @@ func (d *Decoder) DecodeElement(v interface{}, start *StartElement) error {
+        if val.Kind() != reflect.Ptr {
+                return errors.New("non-pointer passed to Unmarshal")
+        }
+-       return d.unmarshal(val.Elem(), start)
+       return d.unmarshal(val.Elem(), start, 0)
+ }
+ 
+ // An UnmarshalError represents an error in the unmarshaling process.
+@@ -304,8 +304,15 @@ var (
+        textUnmarshalerType = reflect.TypeOf((*encoding.TextUnmarshaler)(nil)).Elem()
+ )
+ 
+const maxUnmarshalDepth = 10000
+
+var errExeceededMaxUnmarshalDepth = errors.New("exceeded max depth")
+
+ // Unmarshal a single XML element into val.
+-func (d *Decoder) unmarshal(val reflect.Value, start *StartElement) error {
+func (d *Decoder) unmarshal(val reflect.Value, start *StartElement, depth int) error {
+       if depth >= maxUnmarshalDepth {
+               return errExeceededMaxUnmarshalDepth
+       }
+        // Find start element if we need it.
+        if start == nil {
+                for {
+@@ -398,7 +405,7 @@ func (d *Decoder) unmarshal(val reflect.Value, start *StartElement) error {
+                v.Set(reflect.Append(val, reflect.Zero(v.Type().Elem())))
+ 
+                // Recur to read element into slice.
+-               if err := d.unmarshal(v.Index(n), start); err != nil {
+               if err := d.unmarshal(v.Index(n), start, depth+1); err != nil {
+                        v.SetLen(n)
+                        return err
+                }
+@@ -521,13 +528,15 @@ Loop:
+                case StartElement:
+                        consumed := false
+                        if sv.IsValid() {
+-                               consumed, err = d.unmarshalPath(tinfo, sv, nil, &t)
+                               // unmarshalPath can call unmarshal, so we need to pass the depth through so that
+                               // we can continue to enforce the maximum recusion limit.
+                               consumed, err = d.unmarshalPath(tinfo, sv, nil, &t, depth)
+                                if err != nil {
+                                        return err
+                                }
+                                if !consumed && saveAny.IsValid() {
+                                        consumed = true
+-                                       if err := d.unmarshal(saveAny, &t); err != nil {
+                                       if err := d.unmarshal(saveAny, &t, depth+1); err != nil {
+                                                return err
+                                        }
+                                }
+@@ -672,7 +681,7 @@ func copyValue(dst reflect.Value, src []byte) (err error) {
+ // The consumed result tells whether XML elements have been consumed
+ // from the Decoder until start's matching end element, or if it's
+ // still untouched because start is uninteresting for sv's fields.
+-func (d *Decoder) unmarshalPath(tinfo *typeInfo, sv reflect.Value, parents []string, start *StartElement) (consumed bool, err error) {
+func (d *Decoder) unmarshalPath(tinfo *typeInfo, sv reflect.Value, parents []string, start *StartElement, depth int) (consumed bool, err error) {
+        recurse := false
+ Loop:
+        for i := range tinfo.fields {
+@@ -687,7 +696,7 @@ Loop:
+                }
+                if len(finfo.parents) == len(parents) && finfo.name == start.Name.Local {
+                        // It's a perfect match, unmarshal the field.
+-                       return true, d.unmarshal(finfo.value(sv), start)
+                       return true, d.unmarshal(finfo.value(sv), start, depth+1)
+                }
+                if len(finfo.parents) > len(parents) && finfo.parents[len(parents)] == start.Name.Local {
+                        // It's a prefix for the field. Break and recurse
+@@ -716,7 +725,9 @@ Loop:
+                }
+                switch t := tok.(type) {
+                case StartElement:
+-                       consumed2, err := d.unmarshalPath(tinfo, sv, parents, &t)
+                       // the recursion depth of unmarshalPath is limited to the path length specified
+                       // by the struct field tag, so we don't increment the depth here.
+                       consumed2, err := d.unmarshalPath(tinfo, sv, parents, &t, depth)
+                        if err != nil {
+                                return true, err
+                        }
+diff --git a/src/encoding/xml/read_test.go b/src/encoding/xml/read_test.go
+index 8c2e70f..6a20b1a 100644
+--- a/src/encoding/xml/read_test.go
+++ b/src/encoding/xml/read_test.go
+@@ -5,6 +5,7 @@
+ package xml
+ 
+ import (
+       "errors"
+        "io"
+        "reflect"
+        "strings"
+@@ -1079,3 +1080,16 @@ func TestUnmarshalWhitespaceAttrs(t *testing.T) {
+                t.Fatalf("whitespace attrs: Unmarshal:\nhave: %#+v\nwant: %#+v", v, want)
+        }
+ }
+
+func TestCVE202228131(t *testing.T) {
+       type nested struct {
+               Parent *nested `xml:",any"`
+       }
+       var n nested
+       err := Unmarshal(bytes.Repeat([]byte("<a>"), maxUnmarshalDepth+1), &n)
+       if err == nil {
+               t.Fatal("Unmarshal did not fail")
+       } else if !errors.Is(err, errExeceededMaxUnmarshalDepth) {
+               t.Fatalf("Unmarshal unexpected error: got %q, want %q", err, errExeceededMaxUnmarshalDepth)
+       }
+}
+-- 
+2.25.1

diff --git a/meta/recipes-devtools/go/go-1.14/CVE-2022-30633.patch b/meta/recipes-devtools/go/go-1.14/CVE-2022-30633.patch new file mode 100644 index 0000000000..c16cb5f50c --- /dev/null +++ b/meta/recipes-devtools/go/go-1.14/CVE-2022-30633.patch
@@ -0,0 +1,131 @@
	1	From ab6e2ffdcab0501bcc2de4b196c1c18ae2301d4b Mon Sep 17 00:00:00 2001
	2	From: Hitendra Prajapati <hprajapati@mvista.com>
	3	Date: Thu, 25 Aug 2022 13:29:55 +0530
	4	Subject: [PATCH] CVE-2022-30633
	5
	6	Upstream-Status: Backport [https://github.com/golang/go/commit/2678d0c957193dceef336c969a9da74dd716a827]
	7	CVE: CVE-2022-30633
	8	Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
	9	---
	10	src/encoding/xml/read.go \| 27 +++++++++++++++++++--------
	11	src/encoding/xml/read_test.go \| 14 ++++++++++++++
	12	2 files changed, 33 insertions(+), 8 deletions(-)
	13
	14	diff --git a/src/encoding/xml/read.go b/src/encoding/xml/read.go
	15	index 10a60ee..4ffed80 100644
	16	--- a/src/encoding/xml/read.go
	17	+++ b/src/encoding/xml/read.go
	18	@@ -148,7 +148,7 @@ func (d Decoder) DecodeElement(v interface{}, start StartElement) error {
	19	if val.Kind() != reflect.Ptr {
	20	return errors.New("non-pointer passed to Unmarshal")
	21	}
	22	- return d.unmarshal(val.Elem(), start)
	23	+ return d.unmarshal(val.Elem(), start, 0)
	24	}
	25
	26	// An UnmarshalError represents an error in the unmarshaling process.
	27	@@ -304,8 +304,15 @@ var (
	28	textUnmarshalerType = reflect.TypeOf((*encoding.TextUnmarshaler)(nil)).Elem()
	29	)
	30
	31	+const maxUnmarshalDepth = 10000
	32	+
	33	+var errExeceededMaxUnmarshalDepth = errors.New("exceeded max depth")
	34	+
	35	// Unmarshal a single XML element into val.
	36	-func (d Decoder) unmarshal(val reflect.Value, start StartElement) error {
	37	+func (d Decoder) unmarshal(val reflect.Value, start StartElement, depth int) error {
	38	+ if depth >= maxUnmarshalDepth {
	39	+ return errExeceededMaxUnmarshalDepth
	40	+ }
	41	// Find start element if we need it.
	42	if start == nil {
	43	for {
	44	@@ -398,7 +405,7 @@ func (d Decoder) unmarshal(val reflect.Value, start StartElement) error {
	45	v.Set(reflect.Append(val, reflect.Zero(v.Type().Elem())))
	46
	47	// Recur to read element into slice.
	48	- if err := d.unmarshal(v.Index(n), start); err != nil {
	49	+ if err := d.unmarshal(v.Index(n), start, depth+1); err != nil {
	50	v.SetLen(n)
	51	return err
	52	}
	53	@@ -521,13 +528,15 @@ Loop:
	54	case StartElement:
	55	consumed := false
	56	if sv.IsValid() {
	57	- consumed, err = d.unmarshalPath(tinfo, sv, nil, &t)
	58	+ // unmarshalPath can call unmarshal, so we need to pass the depth through so that
	59	+ // we can continue to enforce the maximum recusion limit.
	60	+ consumed, err = d.unmarshalPath(tinfo, sv, nil, &t, depth)
	61	if err != nil {
	62	return err
	63	}
	64	if !consumed && saveAny.IsValid() {
	65	consumed = true
	66	- if err := d.unmarshal(saveAny, &t); err != nil {
	67	+ if err := d.unmarshal(saveAny, &t, depth+1); err != nil {
	68	return err
	69	}
	70	}
	71	@@ -672,7 +681,7 @@ func copyValue(dst reflect.Value, src []byte) (err error) {
	72	// The consumed result tells whether XML elements have been consumed
	73	// from the Decoder until start's matching end element, or if it's
	74	// still untouched because start is uninteresting for sv's fields.
	75	-func (d Decoder) unmarshalPath(tinfo typeInfo, sv reflect.Value, parents []string, start *StartElement) (consumed bool, err error) {
	76	+func (d Decoder) unmarshalPath(tinfo typeInfo, sv reflect.Value, parents []string, start *StartElement, depth int) (consumed bool, err error) {
	77	recurse := false
	78	Loop:
	79	for i := range tinfo.fields {
	80	@@ -687,7 +696,7 @@ Loop:
	81	}
	82	if len(finfo.parents) == len(parents) && finfo.name == start.Name.Local {
	83	// It's a perfect match, unmarshal the field.
	84	- return true, d.unmarshal(finfo.value(sv), start)
	85	+ return true, d.unmarshal(finfo.value(sv), start, depth+1)
	86	}
	87	if len(finfo.parents) > len(parents) && finfo.parents[len(parents)] == start.Name.Local {
	88	// It's a prefix for the field. Break and recurse
	89	@@ -716,7 +725,9 @@ Loop:
	90	}
	91	switch t := tok.(type) {
	92	case StartElement:
	93	- consumed2, err := d.unmarshalPath(tinfo, sv, parents, &t)
	94	+ // the recursion depth of unmarshalPath is limited to the path length specified
	95	+ // by the struct field tag, so we don't increment the depth here.
	96	+ consumed2, err := d.unmarshalPath(tinfo, sv, parents, &t, depth)
	97	if err != nil {
	98	return true, err
	99	}
	100	diff --git a/src/encoding/xml/read_test.go b/src/encoding/xml/read_test.go
	101	index 8c2e70f..6a20b1a 100644
	102	--- a/src/encoding/xml/read_test.go
	103	+++ b/src/encoding/xml/read_test.go
	104	@@ -5,6 +5,7 @@
	105	package xml
	106
	107	import (
	108	+ "errors"
	109	"io"
	110	"reflect"
	111	"strings"
	112	@@ -1079,3 +1080,16 @@ func TestUnmarshalWhitespaceAttrs(t *testing.T) {
	113	t.Fatalf("whitespace attrs: Unmarshal:\nhave: %#+v\nwant: %#+v", v, want)
	114	}
	115	}
	116	+
	117	+func TestCVE202228131(t *testing.T) {
	118	+ type nested struct {
	119	+ Parent *nested `xml:",any"`
	120	+ }
	121	+ var n nested
	122	+ err := Unmarshal(bytes.Repeat([]byte("<a>"), maxUnmarshalDepth+1), &n)
	123	+ if err == nil {
	124	+ t.Fatal("Unmarshal did not fail")
	125	+ } else if !errors.Is(err, errExeceededMaxUnmarshalDepth) {
	126	+ t.Fatalf("Unmarshal unexpected error: got %q, want %q", err, errExeceededMaxUnmarshalDepth)
	127	+ }
	128	+}
	129	--
	130	2.25.1
	131