diff options
Diffstat (limited to 'meta/recipes-devtools/go/go-1.14/CVE-2022-41725-pre2.patch')
-rw-r--r-- | meta/recipes-devtools/go/go-1.14/CVE-2022-41725-pre2.patch | 97 |
1 files changed, 97 insertions, 0 deletions
diff --git a/meta/recipes-devtools/go/go-1.14/CVE-2022-41725-pre2.patch b/meta/recipes-devtools/go/go-1.14/CVE-2022-41725-pre2.patch new file mode 100644 index 0000000000..b951ee893e --- /dev/null +++ b/meta/recipes-devtools/go/go-1.14/CVE-2022-41725-pre2.patch | |||
@@ -0,0 +1,97 @@ | |||
1 | From 4e5a313524da62600eb59dbf98624cfe946456f8 Mon Sep 17 00:00:00 2001 | ||
2 | From: Emmanuel T Odeke <emmanuel@orijtech.com> | ||
3 | Date: Tue, 20 Oct 2020 04:11:12 -0700 | ||
4 | Subject: [PATCH] net/http: test that ParseMultipartForm catches overflows | ||
5 | |||
6 | Tests that if the combination of: | ||
7 | * HTTP multipart file payload size | ||
8 | * ParseMultipartForm's maxMemory parameter | ||
9 | * the internal leeway buffer size of 10MiB | ||
10 | |||
11 | overflows, then we'll report an overflow instead of silently | ||
12 | passing. | ||
13 | |||
14 | Reapplies and fixes CL 254977, which was reverted in CL 263658. | ||
15 | |||
16 | The prior test lacked a res.Body.Close(), so fixed that and | ||
17 | added a leaked Transport check to verify correctness. | ||
18 | |||
19 | Updates 40430. | ||
20 | |||
21 | Change-Id: I3c0f7ef43d621f6eb00f07755f04f9f36c51f98f | ||
22 | Reviewed-on: https://go-review.googlesource.com/c/go/+/263817 | ||
23 | Run-TryBot: Emmanuel Odeke <emm.odeke@gmail.com> | ||
24 | TryBot-Result: Go Bot <gobot@golang.org> | ||
25 | Reviewed-by: Bryan C. Mills <bcmills@google.com> | ||
26 | Trust: Damien Neil <dneil@google.com> | ||
27 | |||
28 | Upstream-Status: Backport [https://github.com/golang/go/commit/4e5a313524da62600eb59dbf98624cfe946456f8] | ||
29 | CVE: CVE-2022-41725 #Dependency Patch2 | ||
30 | Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> | ||
31 | --- | ||
32 | src/net/http/request_test.go | 45 ++++++++++++++++++++++++++++++++++++ | ||
33 | 1 file changed, 45 insertions(+) | ||
34 | |||
35 | diff --git a/src/net/http/request_test.go b/src/net/http/request_test.go | ||
36 | index b4ef472e71229..19526b9ad791a 100644 | ||
37 | --- a/src/net/http/request_test.go | ||
38 | +++ b/src/net/http/request_test.go | ||
39 | @@ -13,6 +13,7 @@ import ( | ||
40 | "fmt" | ||
41 | "io" | ||
42 | "io/ioutil" | ||
43 | + "math" | ||
44 | "mime/multipart" | ||
45 | . "net/http" | ||
46 | "net/http/httptest" | ||
47 | @@ -245,6 +246,50 @@ func TestParseMultipartForm(t *testing.T) { | ||
48 | } | ||
49 | } | ||
50 | |||
51 | +// Issue #40430: Test that if maxMemory for ParseMultipartForm when combined with | ||
52 | +// the payload size and the internal leeway buffer size of 10MiB overflows, that we | ||
53 | +// correctly return an error. | ||
54 | +func TestMaxInt64ForMultipartFormMaxMemoryOverflow(t *testing.T) { | ||
55 | + defer afterTest(t) | ||
56 | + | ||
57 | + payloadSize := 1 << 10 | ||
58 | + cst := httptest.NewServer(HandlerFunc(func(rw ResponseWriter, req *Request) { | ||
59 | + // The combination of: | ||
60 | + // MaxInt64 + payloadSize + (internal spare of 10MiB) | ||
61 | + // triggers the overflow. See issue https://golang.org/issue/40430/ | ||
62 | + if err := req.ParseMultipartForm(math.MaxInt64); err != nil { | ||
63 | + Error(rw, err.Error(), StatusBadRequest) | ||
64 | + return | ||
65 | + } | ||
66 | + })) | ||
67 | + defer cst.Close() | ||
68 | + fBuf := new(bytes.Buffer) | ||
69 | + mw := multipart.NewWriter(fBuf) | ||
70 | + mf, err := mw.CreateFormFile("file", "myfile.txt") | ||
71 | + if err != nil { | ||
72 | + t.Fatal(err) | ||
73 | + } | ||
74 | + if _, err := mf.Write(bytes.Repeat([]byte("abc"), payloadSize)); err != nil { | ||
75 | + t.Fatal(err) | ||
76 | + } | ||
77 | + if err := mw.Close(); err != nil { | ||
78 | + t.Fatal(err) | ||
79 | + } | ||
80 | + req, err := NewRequest("POST", cst.URL, fBuf) | ||
81 | + if err != nil { | ||
82 | + t.Fatal(err) | ||
83 | + } | ||
84 | + req.Header.Set("Content-Type", mw.FormDataContentType()) | ||
85 | + res, err := cst.Client().Do(req) | ||
86 | + if err != nil { | ||
87 | + t.Fatal(err) | ||
88 | + } | ||
89 | + res.Body.Close() | ||
90 | + if g, w := res.StatusCode, StatusBadRequest; g != w { | ||
91 | + t.Fatalf("Status code mismatch: got %d, want %d", g, w) | ||
92 | + } | ||
93 | +} | ||
94 | + | ||
95 | func TestRedirect_h1(t *testing.T) { testRedirect(t, h1Mode) } | ||
96 | func TestRedirect_h2(t *testing.T) { testRedirect(t, h2Mode) } | ||
97 | func testRedirect(t *testing.T, h2 bool) { | ||