diff options
Diffstat (limited to 'meta/recipes-devtools/go/go-1.14/CVE-2022-41723.patch')
-rw-r--r-- | meta/recipes-devtools/go/go-1.14/CVE-2022-41723.patch | 156 |
1 files changed, 156 insertions, 0 deletions
diff --git a/meta/recipes-devtools/go/go-1.14/CVE-2022-41723.patch b/meta/recipes-devtools/go/go-1.14/CVE-2022-41723.patch new file mode 100644 index 0000000000..a93fa31dcd --- /dev/null +++ b/meta/recipes-devtools/go/go-1.14/CVE-2022-41723.patch | |||
@@ -0,0 +1,156 @@ | |||
1 | From 451766789f646617157c725e20c955d4a9a70d4e Mon Sep 17 00:00:00 2001 | ||
2 | From: Roland Shoemaker <bracewell@google.com> | ||
3 | Date: Mon, 6 Feb 2023 10:03:44 -0800 | ||
4 | Subject: [PATCH] net/http: update bundled golang.org/x/net/http2 | ||
5 | |||
6 | Disable cmd/internal/moddeps test, since this update includes PRIVATE | ||
7 | track fixes. | ||
8 | |||
9 | Fixes CVE-2022-41723 | ||
10 | Fixes #58355 | ||
11 | Updates #57855 | ||
12 | |||
13 | Change-Id: Ie870562a6f6e44e4e8f57db6a0dde1a41a2b090c | ||
14 | Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1728939 | ||
15 | Reviewed-by: Damien Neil <dneil@google.com> | ||
16 | Reviewed-by: Julie Qiu <julieqiu@google.com> | ||
17 | Reviewed-by: Tatiana Bradley <tatianabradley@google.com> | ||
18 | Run-TryBot: Roland Shoemaker <bracewell@google.com> | ||
19 | Reviewed-on: https://go-review.googlesource.com/c/go/+/468118 | ||
20 | TryBot-Result: Gopher Robot <gobot@golang.org> | ||
21 | Run-TryBot: Michael Pratt <mpratt@google.com> | ||
22 | Auto-Submit: Michael Pratt <mpratt@google.com> | ||
23 | Reviewed-by: Than McIntosh <thanm@google.com> | ||
24 | |||
25 | Upstream-Status: Backport [https://github.com/golang/go/commit/5c3e11bd0b5c0a86e5beffcd4339b86a902b21c3] | ||
26 | CVE: CVE-2022-41723 | ||
27 | Signed-off-by: Shubham Kulkarni <skulkarni@mvista.com> | ||
28 | --- | ||
29 | src/vendor/golang.org/x/net/http2/hpack/hpack.go | 79 +++++++++++++++--------- | ||
30 | 1 file changed, 49 insertions(+), 30 deletions(-) | ||
31 | |||
32 | diff --git a/src/vendor/golang.org/x/net/http2/hpack/hpack.go b/src/vendor/golang.org/x/net/http2/hpack/hpack.go | ||
33 | index 85f18a2..02e80e3 100644 | ||
34 | --- a/src/vendor/golang.org/x/net/http2/hpack/hpack.go | ||
35 | +++ b/src/vendor/golang.org/x/net/http2/hpack/hpack.go | ||
36 | @@ -359,6 +359,7 @@ func (d *Decoder) parseFieldLiteral(n uint8, it indexType) error { | ||
37 | |||
38 | var hf HeaderField | ||
39 | wantStr := d.emitEnabled || it.indexed() | ||
40 | + var undecodedName undecodedString | ||
41 | if nameIdx > 0 { | ||
42 | ihf, ok := d.at(nameIdx) | ||
43 | if !ok { | ||
44 | @@ -366,15 +367,27 @@ func (d *Decoder) parseFieldLiteral(n uint8, it indexType) error { | ||
45 | } | ||
46 | hf.Name = ihf.Name | ||
47 | } else { | ||
48 | - hf.Name, buf, err = d.readString(buf, wantStr) | ||
49 | + undecodedName, buf, err = d.readString(buf) | ||
50 | if err != nil { | ||
51 | return err | ||
52 | } | ||
53 | } | ||
54 | - hf.Value, buf, err = d.readString(buf, wantStr) | ||
55 | + undecodedValue, buf, err := d.readString(buf) | ||
56 | if err != nil { | ||
57 | return err | ||
58 | } | ||
59 | + if wantStr { | ||
60 | + if nameIdx <= 0 { | ||
61 | + hf.Name, err = d.decodeString(undecodedName) | ||
62 | + if err != nil { | ||
63 | + return err | ||
64 | + } | ||
65 | + } | ||
66 | + hf.Value, err = d.decodeString(undecodedValue) | ||
67 | + if err != nil { | ||
68 | + return err | ||
69 | + } | ||
70 | + } | ||
71 | d.buf = buf | ||
72 | if it.indexed() { | ||
73 | d.dynTab.add(hf) | ||
74 | @@ -459,46 +472,52 @@ func readVarInt(n byte, p []byte) (i uint64, remain []byte, err error) { | ||
75 | return 0, origP, errNeedMore | ||
76 | } | ||
77 | |||
78 | -// readString decodes an hpack string from p. | ||
79 | +// readString reads an hpack string from p. | ||
80 | // | ||
81 | -// wantStr is whether s will be used. If false, decompression and | ||
82 | -// []byte->string garbage are skipped if s will be ignored | ||
83 | -// anyway. This does mean that huffman decoding errors for non-indexed | ||
84 | -// strings past the MAX_HEADER_LIST_SIZE are ignored, but the server | ||
85 | -// is returning an error anyway, and because they're not indexed, the error | ||
86 | -// won't affect the decoding state. | ||
87 | -func (d *Decoder) readString(p []byte, wantStr bool) (s string, remain []byte, err error) { | ||
88 | +// It returns a reference to the encoded string data to permit deferring decode costs | ||
89 | +// until after the caller verifies all data is present. | ||
90 | +func (d *Decoder) readString(p []byte) (u undecodedString, remain []byte, err error) { | ||
91 | if len(p) == 0 { | ||
92 | - return "", p, errNeedMore | ||
93 | + return u, p, errNeedMore | ||
94 | } | ||
95 | isHuff := p[0]&128 != 0 | ||
96 | strLen, p, err := readVarInt(7, p) | ||
97 | if err != nil { | ||
98 | - return "", p, err | ||
99 | + return u, p, err | ||
100 | } | ||
101 | if d.maxStrLen != 0 && strLen > uint64(d.maxStrLen) { | ||
102 | - return "", nil, ErrStringLength | ||
103 | + // Returning an error here means Huffman decoding errors | ||
104 | + // for non-indexed strings past the maximum string length | ||
105 | + // are ignored, but the server is returning an error anyway | ||
106 | + // and because the string is not indexed the error will not | ||
107 | + // affect the decoding state. | ||
108 | + return u, nil, ErrStringLength | ||
109 | } | ||
110 | if uint64(len(p)) < strLen { | ||
111 | - return "", p, errNeedMore | ||
112 | - } | ||
113 | - if !isHuff { | ||
114 | - if wantStr { | ||
115 | - s = string(p[:strLen]) | ||
116 | - } | ||
117 | - return s, p[strLen:], nil | ||
118 | + return u, p, errNeedMore | ||
119 | } | ||
120 | + u.isHuff = isHuff | ||
121 | + u.b = p[:strLen] | ||
122 | + return u, p[strLen:], nil | ||
123 | +} | ||
124 | |||
125 | - if wantStr { | ||
126 | - buf := bufPool.Get().(*bytes.Buffer) | ||
127 | - buf.Reset() // don't trust others | ||
128 | - defer bufPool.Put(buf) | ||
129 | - if err := huffmanDecode(buf, d.maxStrLen, p[:strLen]); err != nil { | ||
130 | - buf.Reset() | ||
131 | - return "", nil, err | ||
132 | - } | ||
133 | +type undecodedString struct { | ||
134 | + isHuff bool | ||
135 | + b []byte | ||
136 | +} | ||
137 | + | ||
138 | +func (d *Decoder) decodeString(u undecodedString) (string, error) { | ||
139 | + if !u.isHuff { | ||
140 | + return string(u.b), nil | ||
141 | + } | ||
142 | + buf := bufPool.Get().(*bytes.Buffer) | ||
143 | + buf.Reset() // don't trust others | ||
144 | + var s string | ||
145 | + err := huffmanDecode(buf, d.maxStrLen, u.b) | ||
146 | + if err == nil { | ||
147 | s = buf.String() | ||
148 | - buf.Reset() // be nice to GC | ||
149 | } | ||
150 | - return s, p[strLen:], nil | ||
151 | + buf.Reset() // be nice to GC | ||
152 | + bufPool.Put(buf) | ||
153 | + return s, err | ||
154 | } | ||
155 | -- | ||
156 | 2.7.4 | ||