diff options
Diffstat (limited to 'meta/recipes-devtools/go')
-rw-r--r-- | meta/recipes-devtools/go/go-1.14.inc | 1 | ||||
-rw-r--r-- | meta/recipes-devtools/go/go-1.14/CVE-2021-33198.patch | 113 |
2 files changed, 114 insertions, 0 deletions
diff --git a/meta/recipes-devtools/go/go-1.14.inc b/meta/recipes-devtools/go/go-1.14.inc index 3814bf0149..ae2c4746f4 100644 --- a/meta/recipes-devtools/go/go-1.14.inc +++ b/meta/recipes-devtools/go/go-1.14.inc | |||
@@ -44,6 +44,7 @@ SRC_URI += "\ | |||
44 | file://CVE-2022-2880.patch \ | 44 | file://CVE-2022-2880.patch \ |
45 | file://CVE-2022-2879.patch \ | 45 | file://CVE-2022-2879.patch \ |
46 | file://CVE-2021-33195.patch \ | 46 | file://CVE-2021-33195.patch \ |
47 | file://CVE-2021-33198.patch \ | ||
47 | " | 48 | " |
48 | 49 | ||
49 | SRC_URI_append_libc-musl = " file://0009-ld-replace-glibc-dynamic-linker-with-musl.patch" | 50 | SRC_URI_append_libc-musl = " file://0009-ld-replace-glibc-dynamic-linker-with-musl.patch" |
diff --git a/meta/recipes-devtools/go/go-1.14/CVE-2021-33198.patch b/meta/recipes-devtools/go/go-1.14/CVE-2021-33198.patch new file mode 100644 index 0000000000..241c08dad7 --- /dev/null +++ b/meta/recipes-devtools/go/go-1.14/CVE-2021-33198.patch | |||
@@ -0,0 +1,113 @@ | |||
1 | From c8866491ac424cdf39aedb325e6dec9e54418cfb Mon Sep 17 00:00:00 2001 | ||
2 | From: Robert Griesemer <gri@golang.org> | ||
3 | Date: Sun, 2 May 2021 11:27:03 -0700 | ||
4 | Subject: [PATCH] math/big: check for excessive exponents in Rat.SetString | ||
5 | |||
6 | CVE-2021-33198 | ||
7 | |||
8 | Upstream-Status: Backport [https://github.com/golang/go/commit/df9ce19db6df32d94eae8760927bdfbc595433c3] | ||
9 | CVE: CVE-2021-33198 | ||
10 | Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org> | ||
11 | |||
12 | |||
13 | Found by OSS-Fuzz https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33284 | ||
14 | |||
15 | Thanks to Emmanuel Odeke for reporting this issue. | ||
16 | |||
17 | Updates #45910 | ||
18 | Fixes #46305 | ||
19 | Fixes CVE-2021-33198 | ||
20 | |||
21 | Change-Id: I61e7b04dbd80343420b57eede439e361c0f7b79c | ||
22 | Reviewed-on: https://go-review.googlesource.com/c/go/+/316149 | ||
23 | Trust: Robert Griesemer <gri@golang.org> | ||
24 | Trust: Katie Hockman <katie@golang.org> | ||
25 | Run-TryBot: Robert Griesemer <gri@golang.org> | ||
26 | TryBot-Result: Go Bot <gobot@golang.org> | ||
27 | Reviewed-by: Katie Hockman <katie@golang.org> | ||
28 | Reviewed-by: Emmanuel Odeke <emmanuel@orijtech.com> | ||
29 | (cherry picked from commit 6c591f79b0b5327549bd4e94970f7a279efb4ab0) | ||
30 | Reviewed-on: https://go-review.googlesource.com/c/go/+/321831 | ||
31 | Run-TryBot: Katie Hockman <katie@golang.org> | ||
32 | Reviewed-by: Roland Shoemaker <roland@golang.org> | ||
33 | --- | ||
34 | src/math/big/ratconv.go | 15 ++++++++------- | ||
35 | src/math/big/ratconv_test.go | 25 +++++++++++++++++++++++++ | ||
36 | 2 files changed, 33 insertions(+), 7 deletions(-) | ||
37 | |||
38 | diff --git a/src/math/big/ratconv.go b/src/math/big/ratconv.go | ||
39 | index e8cbdbe..90053a9 100644 | ||
40 | --- a/src/math/big/ratconv.go | ||
41 | +++ b/src/math/big/ratconv.go | ||
42 | @@ -51,7 +51,8 @@ func (z *Rat) Scan(s fmt.ScanState, ch rune) error { | ||
43 | // An optional base-10 ``e'' or base-2 ``p'' (or their upper-case variants) | ||
44 | // exponent may be provided as well, except for hexadecimal floats which | ||
45 | // only accept an (optional) ``p'' exponent (because an ``e'' or ``E'' cannot | ||
46 | -// be distinguished from a mantissa digit). | ||
47 | +// be distinguished from a mantissa digit). If the exponent's absolute value | ||
48 | +// is too large, the operation may fail. | ||
49 | // The entire string, not just a prefix, must be valid for success. If the | ||
50 | // operation failed, the value of z is undefined but the returned value is nil. | ||
51 | func (z *Rat) SetString(s string) (*Rat, bool) { | ||
52 | @@ -174,6 +175,9 @@ func (z *Rat) SetString(s string) (*Rat, bool) { | ||
53 | return nil, false | ||
54 | } | ||
55 | } | ||
56 | + if n > 1e6 { | ||
57 | + return nil, false // avoid excessively large exponents | ||
58 | + } | ||
59 | pow5 := z.b.abs.expNN(natFive, nat(nil).setWord(Word(n)), nil) // use underlying array of z.b.abs | ||
60 | if exp5 > 0 { | ||
61 | z.a.abs = z.a.abs.mul(z.a.abs, pow5) | ||
62 | @@ -186,15 +190,12 @@ func (z *Rat) SetString(s string) (*Rat, bool) { | ||
63 | } | ||
64 | |||
65 | // apply exp2 contributions | ||
66 | + if exp2 < -1e7 || exp2 > 1e7 { | ||
67 | + return nil, false // avoid excessively large exponents | ||
68 | + } | ||
69 | if exp2 > 0 { | ||
70 | - if int64(uint(exp2)) != exp2 { | ||
71 | - panic("exponent too large") | ||
72 | - } | ||
73 | z.a.abs = z.a.abs.shl(z.a.abs, uint(exp2)) | ||
74 | } else if exp2 < 0 { | ||
75 | - if int64(uint(-exp2)) != -exp2 { | ||
76 | - panic("exponent too large") | ||
77 | - } | ||
78 | z.b.abs = z.b.abs.shl(z.b.abs, uint(-exp2)) | ||
79 | } | ||
80 | |||
81 | diff --git a/src/math/big/ratconv_test.go b/src/math/big/ratconv_test.go | ||
82 | index b820df4..e55e655 100644 | ||
83 | --- a/src/math/big/ratconv_test.go | ||
84 | +++ b/src/math/big/ratconv_test.go | ||
85 | @@ -590,3 +590,28 @@ func TestIssue31184(t *testing.T) { | ||
86 | } | ||
87 | } | ||
88 | } | ||
89 | + | ||
90 | +func TestIssue45910(t *testing.T) { | ||
91 | + var x Rat | ||
92 | + for _, test := range []struct { | ||
93 | + input string | ||
94 | + want bool | ||
95 | + }{ | ||
96 | + {"1e-1000001", false}, | ||
97 | + {"1e-1000000", true}, | ||
98 | + {"1e+1000000", true}, | ||
99 | + {"1e+1000001", false}, | ||
100 | + | ||
101 | + {"0p1000000000000", true}, | ||
102 | + {"1p-10000001", false}, | ||
103 | + {"1p-10000000", true}, | ||
104 | + {"1p+10000000", true}, | ||
105 | + {"1p+10000001", false}, | ||
106 | + {"1.770p02041010010011001001", false}, // test case from issue | ||
107 | + } { | ||
108 | + _, got := x.SetString(test.input) | ||
109 | + if got != test.want { | ||
110 | + t.Errorf("SetString(%s) got ok = %v; want %v", test.input, got, test.want) | ||
111 | + } | ||
112 | + } | ||
113 | +} | ||