go-runtime: Security fix for CVE-2022-41723

Disable cmd/internal/moddeps test, since this update includes PRIVATE track fixes. Backport from https://github.com/golang/go/commit/5c3e11bd0b5c0a86e5beffcd4339b86a902b21c3 (From OE-Core rev: 7440ebac50813e5df73da2d660a50fa97de650de) Signed-off-by: Shubham Kulkarni <skulkarni@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Shubham Kulkarni <skulkarni@mvista.com> 2023-03-28 18:13:57 +0530
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2023-04-11 11:31:52 +0100
commit: 665df010429934b7d8b12dbbd41f838a2a3b5059 (patch)
tree: cfbe951edf9f77257cef67d6c801f1339f3e87e7
parent: e628a4494da515096cddbd0b65298e3af8cd42ed (diff)
download: poky-665df010429934b7d8b12dbbd41f838a2a3b5059.tar.gz
2 files changed, 157 insertions, 0 deletions
diff --git a/meta/recipes-devtools/go/go-1.17.13.inc b/meta/recipes-devtools/go/go-1.17.13.inc
index 856c14de40..14d58932dc 100644
--- a/meta/recipes-devtools/go/go-1.17.13.inc
+++ b/meta/recipes-devtools/go/go-1.17.13.inc
@@ -22,6 +22,7 @@ SRC_URI += "\
    file://CVE-2022-41717.patch \
    file://CVE-2022-2879.patch \
    file://CVE-2022-41720.patch \
+    file://CVE-2022-41723.patch \
 "
 SRC_URI[main.sha256sum] = "a1a48b23afb206f95e7bbaa9b898d965f90826f6f1d1fc0c1d784ada0cd300fd"
diff --git a/meta/recipes-devtools/go/go-1.18/CVE-2022-41723.patch b/meta/recipes-devtools/go/go-1.18/CVE-2022-41723.patch
new file mode 100644
index 0000000000..a93fa31dcd
--- /dev/null
+++ b/meta/recipes-devtools/go/go-1.18/CVE-2022-41723.patch
@@ -0,0 +1,156 @@
+From 451766789f646617157c725e20c955d4a9a70d4e Mon Sep 17 00:00:00 2001
+From: Roland Shoemaker <bracewell@google.com>
+Date: Mon, 6 Feb 2023 10:03:44 -0800
+Subject: [PATCH] net/http: update bundled golang.org/x/net/http2
+Disable cmd/internal/moddeps test, since this update includes PRIVATE
+track fixes.
+Fixes CVE-2022-41723
+Fixes #58355
+Updates #57855
+Change-Id: Ie870562a6f6e44e4e8f57db6a0dde1a41a2b090c
+Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1728939
+Reviewed-by: Damien Neil <dneil@google.com>
+Reviewed-by: Julie Qiu <julieqiu@google.com>
+Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
+Run-TryBot: Roland Shoemaker <bracewell@google.com>
+Reviewed-on: https://go-review.googlesource.com/c/go/+/468118
+TryBot-Result: Gopher Robot <gobot@golang.org>
+Run-TryBot: Michael Pratt <mpratt@google.com>
+Auto-Submit: Michael Pratt <mpratt@google.com>
+Reviewed-by: Than McIntosh <thanm@google.com>
+Upstream-Status: Backport [https://github.com/golang/go/commit/5c3e11bd0b5c0a86e5beffcd4339b86a902b21c3]
+CVE: CVE-2022-41723
+Signed-off-by: Shubham Kulkarni <skulkarni@mvista.com>
+---
+ src/vendor/golang.org/x/net/http2/hpack/hpack.go | 79 +++++++++++++++---------
+ 1 file changed, 49 insertions(+), 30 deletions(-)
+diff --git a/src/vendor/golang.org/x/net/http2/hpack/hpack.go b/src/vendor/golang.org/x/net/http2/hpack/hpack.go
+index 85f18a2..02e80e3 100644
+--- a/src/vendor/golang.org/x/net/http2/hpack/hpack.go
+++ b/src/vendor/golang.org/x/net/http2/hpack/hpack.go
+@@ -359,6 +359,7 @@ func (d *Decoder) parseFieldLiteral(n uint8, it indexType) error {
+        var hf HeaderField
+        wantStr := d.emitEnabled || it.indexed()
+       var undecodedName undecodedString
+        if nameIdx > 0 {
+                ihf, ok := d.at(nameIdx)
+                if !ok {
+@@ -366,15 +367,27 @@ func (d *Decoder) parseFieldLiteral(n uint8, it indexType) error {
+                }
+                hf.Name = ihf.Name
+        } else {
+-               hf.Name, buf, err = d.readString(buf, wantStr)
+               undecodedName, buf, err = d.readString(buf)
+                if err != nil {
+                        return err
+                }
+        }
+-       hf.Value, buf, err = d.readString(buf, wantStr)
+       undecodedValue, buf, err := d.readString(buf)
+        if err != nil {
+                return err
+        }
+       if wantStr {
+               if nameIdx <= 0 {
+                       hf.Name, err = d.decodeString(undecodedName)
+                       if err != nil {
+                               return err
+                       }
+               }
+               hf.Value, err = d.decodeString(undecodedValue)
+               if err != nil {
+                       return err
+               }
+       }
+        d.buf = buf
+        if it.indexed() {
+                d.dynTab.add(hf)
+@@ -459,46 +472,52 @@ func readVarInt(n byte, p []byte) (i uint64, remain []byte, err error) {
+        return 0, origP, errNeedMore
+ }
+-// readString decodes an hpack string from p.
+// readString reads an hpack string from p.
+ //
+-// wantStr is whether s will be used. If false, decompression and
+-// []byte->string garbage are skipped if s will be ignored
+-// anyway. This does mean that huffman decoding errors for non-indexed
+-// strings past the MAX_HEADER_LIST_SIZE are ignored, but the server
+-// is returning an error anyway, and because they're not indexed, the error
+-// won't affect the decoding state.
+-func (d *Decoder) readString(p []byte, wantStr bool) (s string, remain []byte, err error) {
+// It returns a reference to the encoded string data to permit deferring decode costs
+// until after the caller verifies all data is present.
+func (d *Decoder) readString(p []byte) (u undecodedString, remain []byte, err error) {
+        if len(p) == 0 {
+-               return "", p, errNeedMore
+               return u, p, errNeedMore
+        }
+        isHuff := p[0]&128 != 0
+        strLen, p, err := readVarInt(7, p)
+        if err != nil {
+-               return "", p, err
+               return u, p, err
+        }
+        if d.maxStrLen != 0 && strLen > uint64(d.maxStrLen) {
+-               return "", nil, ErrStringLength
+               // Returning an error here means Huffman decoding errors
+               // for non-indexed strings past the maximum string length
+               // are ignored, but the server is returning an error anyway
+               // and because the string is not indexed the error will not
+               // affect the decoding state.
+               return u, nil, ErrStringLength
+        }
+        if uint64(len(p)) < strLen {
+-               return "", p, errNeedMore
+-       }
+-       if !isHuff {
+-               if wantStr {
+-                       s = string(p[:strLen])
+-               }
+-               return s, p[strLen:], nil
+               return u, p, errNeedMore
+        }
+       u.isHuff = isHuff
+       u.b = p[:strLen]
+       return u, p[strLen:], nil
+}
+-       if wantStr {
+-               buf := bufPool.Get().(*bytes.Buffer)
+-               buf.Reset() // don't trust others
+-               defer bufPool.Put(buf)
+-               if err := huffmanDecode(buf, d.maxStrLen, p[:strLen]); err != nil {
+-                       buf.Reset()
+-                       return "", nil, err
+-               }
+type undecodedString struct {
+       isHuff bool
+       b      []byte
+}
+
+func (d *Decoder) decodeString(u undecodedString) (string, error) {
+       if !u.isHuff {
+               return string(u.b), nil
+       }
+       buf := bufPool.Get().(*bytes.Buffer)
+       buf.Reset() // don't trust others
+       var s string
+       err := huffmanDecode(buf, d.maxStrLen, u.b)
+       if err == nil {
+                s = buf.String()
+-               buf.Reset() // be nice to GC
+        }
+-       return s, p[strLen:], nil
+       buf.Reset() // be nice to GC
+       bufPool.Put(buf)
+       return s, err
+ }
+--
+2.7.4
author	Shubham Kulkarni <skulkarni@mvista.com>	2023-03-28 18:13:57 +0530
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2023-04-11 11:31:52 +0100
commit	665df010429934b7d8b12dbbd41f838a2a3b5059 (patch)
tree	cfbe951edf9f77257cef67d6c801f1339f3e87e7
parent	e628a4494da515096cddbd0b65298e3af8cd42ed (diff)
download	poky-665df010429934b7d8b12dbbd41f838a2a3b5059.tar.gz

diff --git a/meta/recipes-devtools/go/go-1.17.13.inc b/meta/recipes-devtools/go/go-1.17.13.inc index 856c14de40..14d58932dc 100644 --- a/meta/recipes-devtools/go/go-1.17.13.inc +++ b/meta/recipes-devtools/go/go-1.17.13.inc
@@ -22,6 +22,7 @@ SRC_URI += "\
22	file://CVE-2022-41717.patch \	22	file://CVE-2022-41717.patch \
23	file://CVE-2022-2879.patch \	23	file://CVE-2022-2879.patch \
24	file://CVE-2022-41720.patch \	24	file://CVE-2022-41720.patch \
		25	file://CVE-2022-41723.patch \
25	"	26	"
26	SRC_URI[main.sha256sum] = "a1a48b23afb206f95e7bbaa9b898d965f90826f6f1d1fc0c1d784ada0cd300fd"	27	SRC_URI[main.sha256sum] = "a1a48b23afb206f95e7bbaa9b898d965f90826f6f1d1fc0c1d784ada0cd300fd"
27		28


diff --git a/meta/recipes-devtools/go/go-1.18/CVE-2022-41723.patch b/meta/recipes-devtools/go/go-1.18/CVE-2022-41723.patch new file mode 100644 index 0000000000..a93fa31dcd --- /dev/null +++ b/meta/recipes-devtools/go/go-1.18/CVE-2022-41723.patch
@@ -0,0 +1,156 @@
		1	From 451766789f646617157c725e20c955d4a9a70d4e Mon Sep 17 00:00:00 2001
		2	From: Roland Shoemaker <bracewell@google.com>
		3	Date: Mon, 6 Feb 2023 10:03:44 -0800
		4	Subject: [PATCH] net/http: update bundled golang.org/x/net/http2
		5
		6	Disable cmd/internal/moddeps test, since this update includes PRIVATE
		7	track fixes.
		8
		9	Fixes CVE-2022-41723
		10	Fixes #58355
		11	Updates #57855
		12
		13	Change-Id: Ie870562a6f6e44e4e8f57db6a0dde1a41a2b090c
		14	Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1728939
		15	Reviewed-by: Damien Neil <dneil@google.com>
		16	Reviewed-by: Julie Qiu <julieqiu@google.com>
		17	Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
		18	Run-TryBot: Roland Shoemaker <bracewell@google.com>
		19	Reviewed-on: https://go-review.googlesource.com/c/go/+/468118
		20	TryBot-Result: Gopher Robot <gobot@golang.org>
		21	Run-TryBot: Michael Pratt <mpratt@google.com>
		22	Auto-Submit: Michael Pratt <mpratt@google.com>
		23	Reviewed-by: Than McIntosh <thanm@google.com>
		24
		25	Upstream-Status: Backport [https://github.com/golang/go/commit/5c3e11bd0b5c0a86e5beffcd4339b86a902b21c3]
		26	CVE: CVE-2022-41723
		27	Signed-off-by: Shubham Kulkarni <skulkarni@mvista.com>
		28	---
		29	src/vendor/golang.org/x/net/http2/hpack/hpack.go \| 79 +++++++++++++++---------
		30	1 file changed, 49 insertions(+), 30 deletions(-)
		31
		32	diff --git a/src/vendor/golang.org/x/net/http2/hpack/hpack.go b/src/vendor/golang.org/x/net/http2/hpack/hpack.go
		33	index 85f18a2..02e80e3 100644
		34	--- a/src/vendor/golang.org/x/net/http2/hpack/hpack.go
		35	+++ b/src/vendor/golang.org/x/net/http2/hpack/hpack.go
		36	@@ -359,6 +359,7 @@ func (d *Decoder) parseFieldLiteral(n uint8, it indexType) error {
		37
		38	var hf HeaderField
		39	wantStr := d.emitEnabled \|\| it.indexed()
		40	+ var undecodedName undecodedString
		41	if nameIdx > 0 {
		42	ihf, ok := d.at(nameIdx)
		43	if !ok {
		44	@@ -366,15 +367,27 @@ func (d *Decoder) parseFieldLiteral(n uint8, it indexType) error {
		45	}
		46	hf.Name = ihf.Name
		47	} else {
		48	- hf.Name, buf, err = d.readString(buf, wantStr)
		49	+ undecodedName, buf, err = d.readString(buf)
		50	if err != nil {
		51	return err
		52	}
		53	}
		54	- hf.Value, buf, err = d.readString(buf, wantStr)
		55	+ undecodedValue, buf, err := d.readString(buf)
		56	if err != nil {
		57	return err
		58	}
		59	+ if wantStr {
		60	+ if nameIdx <= 0 {
		61	+ hf.Name, err = d.decodeString(undecodedName)
		62	+ if err != nil {
		63	+ return err
		64	+ }
		65	+ }
		66	+ hf.Value, err = d.decodeString(undecodedValue)
		67	+ if err != nil {
		68	+ return err
		69	+ }
		70	+ }
		71	d.buf = buf
		72	if it.indexed() {
		73	d.dynTab.add(hf)
		74	@@ -459,46 +472,52 @@ func readVarInt(n byte, p []byte) (i uint64, remain []byte, err error) {
		75	return 0, origP, errNeedMore
		76	}
		77
		78	-// readString decodes an hpack string from p.
		79	+// readString reads an hpack string from p.
		80	//
		81	-// wantStr is whether s will be used. If false, decompression and
		82	-// []byte->string garbage are skipped if s will be ignored
		83	-// anyway. This does mean that huffman decoding errors for non-indexed
		84	-// strings past the MAX_HEADER_LIST_SIZE are ignored, but the server
		85	-// is returning an error anyway, and because they're not indexed, the error
		86	-// won't affect the decoding state.
		87	-func (d *Decoder) readString(p []byte, wantStr bool) (s string, remain []byte, err error) {
		88	+// It returns a reference to the encoded string data to permit deferring decode costs
		89	+// until after the caller verifies all data is present.
		90	+func (d *Decoder) readString(p []byte) (u undecodedString, remain []byte, err error) {
		91	if len(p) == 0 {
		92	- return "", p, errNeedMore
		93	+ return u, p, errNeedMore
		94	}
		95	isHuff := p[0]&128 != 0
		96	strLen, p, err := readVarInt(7, p)
		97	if err != nil {
		98	- return "", p, err
		99	+ return u, p, err
		100	}
		101	if d.maxStrLen != 0 && strLen > uint64(d.maxStrLen) {
		102	- return "", nil, ErrStringLength
		103	+ // Returning an error here means Huffman decoding errors
		104	+ // for non-indexed strings past the maximum string length
		105	+ // are ignored, but the server is returning an error anyway
		106	+ // and because the string is not indexed the error will not
		107	+ // affect the decoding state.
		108	+ return u, nil, ErrStringLength
		109	}
		110	if uint64(len(p)) < strLen {
		111	- return "", p, errNeedMore
		112	- }
		113	- if !isHuff {
		114	- if wantStr {
		115	- s = string(p[:strLen])
		116	- }
		117	- return s, p[strLen:], nil
		118	+ return u, p, errNeedMore
		119	}
		120	+ u.isHuff = isHuff
		121	+ u.b = p[:strLen]
		122	+ return u, p[strLen:], nil
		123	+}
		124
		125	- if wantStr {
		126	- buf := bufPool.Get().(*bytes.Buffer)
		127	- buf.Reset() // don't trust others
		128	- defer bufPool.Put(buf)
		129	- if err := huffmanDecode(buf, d.maxStrLen, p[:strLen]); err != nil {
		130	- buf.Reset()
		131	- return "", nil, err
		132	- }
		133	+type undecodedString struct {
		134	+ isHuff bool
		135	+ b []byte
		136	+}
		137	+
		138	+func (d *Decoder) decodeString(u undecodedString) (string, error) {
		139	+ if !u.isHuff {
		140	+ return string(u.b), nil
		141	+ }
		142	+ buf := bufPool.Get().(*bytes.Buffer)
		143	+ buf.Reset() // don't trust others
		144	+ var s string
		145	+ err := huffmanDecode(buf, d.maxStrLen, u.b)
		146	+ if err == nil {
		147	s = buf.String()
		148	- buf.Reset() // be nice to GC
		149	}
		150	- return s, p[strLen:], nil
		151	+ buf.Reset() // be nice to GC
		152	+ bufPool.Put(buf)
		153	+ return s, err
		154	}
		155	--
		156	2.7.4