diff options
Diffstat (limited to 'meta/recipes-devtools/go/go-1.14/0004-CVE-2022-32190.patch')
| -rw-r--r-- | meta/recipes-devtools/go/go-1.14/0004-CVE-2022-32190.patch | 82 |
1 files changed, 82 insertions, 0 deletions
diff --git a/meta/recipes-devtools/go/go-1.14/0004-CVE-2022-32190.patch b/meta/recipes-devtools/go/go-1.14/0004-CVE-2022-32190.patch new file mode 100644 index 0000000000..4bdff3aed4 --- /dev/null +++ b/meta/recipes-devtools/go/go-1.14/0004-CVE-2022-32190.patch @@ -0,0 +1,82 @@ +From f61e428699cbb52bab31fe2c124f49d085a209fe Mon Sep 17 00:00:00 2001 +From: Damien Neil <dneil@google.com> +Date: Fri, 12 Aug 2022 16:21:09 -0700 +Subject: [PATCH 4/4] net/url: consistently remove ../ elements in JoinPath + +JoinPath would fail to remove relative elements from the start of +the path when the first path element is "". + +In addition, JoinPath would return the original path unmodified +when provided with no elements to join, violating the documented +behavior of always cleaning the resulting path. + +Correct both these cases. + + JoinPath("http://go.dev", "../go") + // before: http://go.dev/../go + // after: http://go.dev/go + + JoinPath("http://go.dev/../go") + // before: http://go.dev/../go + // after: http://go.dev/go + +For #54385. +Fixes #54635. +Fixes CVE-2022-32190. + +Change-Id: I6d22cd160d097c50703dd96e4f453c6c118fd5d9 +Reviewed-on: https://go-review.googlesource.com/c/go/+/423514 +Reviewed-by: David Chase <drchase@google.com> +Reviewed-by: Alan Donovan <adonovan@google.com> +(cherry picked from commit 0765da5884adcc8b744979303a36a27092d8fc51) +Reviewed-on: https://go-review.googlesource.com/c/go/+/425357 +Run-TryBot: Damien Neil <dneil@google.com> +TryBot-Result: Gopher Robot <gobot@golang.org> + +Upstream-Status: Backport [https://github.com/golang/go/commit/28335508913a46e05ef0c04a18e8a1a6beb775ec] +CVE: CVE-2022-32190 +Signed-off-by: Shubham Kulkarni <skulkarni@mvista.com> +--- + src/net/url/url.go | 26 ++++++++++++++++---------- + 1 file changed, 16 insertions(+), 10 deletions(-) + +diff --git a/src/net/url/url.go b/src/net/url/url.go +index 73079a5..1e8baf9 100644 +--- a/src/net/url/url.go ++++ b/src/net/url/url.go +@@ -1109,17 +1109,23 @@ func (u *URL) UnmarshalBinary(text []byte) error { + // any existing path and the resulting path cleaned of any ./ or ../ elements. + // Any sequences of multiple / characters will be reduced to a single /. + func (u *URL) JoinPath(elem ...string) *URL { +- url := *u +- if len(elem) > 0 { +- elem = append([]string{u.EscapedPath()}, elem...) +- p := path.Join(elem...) +- // path.Join will remove any trailing slashes. +- // Preserve at least one. +- if strings.HasSuffix(elem[len(elem)-1], "/") && !strings.HasSuffix(p, "/") { +- p += "/" +- } +- url.setPath(p) ++ elem = append([]string{u.EscapedPath()}, elem...) ++ var p string ++ if !strings.HasPrefix(elem[0], "/") { ++ // Return a relative path if u is relative, ++ // but ensure that it contains no ../ elements. ++ elem[0] = "/" + elem[0] ++ p = path.Join(elem...)[1:] ++ } else { ++ p = path.Join(elem...) + } ++ // path.Join will remove any trailing slashes. ++ // Preserve at least one. ++ if strings.HasSuffix(elem[len(elem)-1], "/") && !strings.HasSuffix(p, "/") { ++ p += "/" ++ } ++ url := *u ++ url.setPath(p) + return &url + } + +-- +2.7.4 |