1 files changed, 97 insertions, 0 deletions
diff --git a/meta/recipes-devtools/go/go-1.14/CVE-2022-41725-pre2.patch b/meta/recipes-devtools/go/go-1.14/CVE-2022-41725-pre2.patch
new file mode 100644
index 0000000000..b951ee893e
--- /dev/null
+++ b/meta/recipes-devtools/go/go-1.14/CVE-2022-41725-pre2.patch
@@ -0,0 +1,97 @@
+From 4e5a313524da62600eb59dbf98624cfe946456f8 Mon Sep 17 00:00:00 2001
+From: Emmanuel T Odeke <emmanuel@orijtech.com>
+Date: Tue, 20 Oct 2020 04:11:12 -0700
+Subject: [PATCH] net/http: test that ParseMultipartForm catches overflows
+
+Tests that if the combination of:
+* HTTP multipart file payload size
+* ParseMultipartForm's maxMemory parameter
+* the internal leeway buffer size of 10MiB
+
+overflows, then we'll report an overflow instead of silently
+passing.
+
+Reapplies and fixes CL 254977, which was reverted in CL 263658.
+
+The prior test lacked a res.Body.Close(), so fixed that and
+added a leaked Transport check to verify correctness.
+
+Updates 40430.
+
+Change-Id: I3c0f7ef43d621f6eb00f07755f04f9f36c51f98f
+Reviewed-on: https://go-review.googlesource.com/c/go/+/263817
+Run-TryBot: Emmanuel Odeke <emm.odeke@gmail.com>
+TryBot-Result: Go Bot <gobot@golang.org>
+Reviewed-by: Bryan C. Mills <bcmills@google.com>
+Trust: Damien Neil <dneil@google.com>
+
+Upstream-Status: Backport [https://github.com/golang/go/commit/4e5a313524da62600eb59dbf98624cfe946456f8]
+CVE: CVE-2022-41725 #Dependency Patch2
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ src/net/http/request_test.go | 45 ++++++++++++++++++++++++++++++++++++
+ 1 file changed, 45 insertions(+)
+
+diff --git a/src/net/http/request_test.go b/src/net/http/request_test.go
+index b4ef472e71229..19526b9ad791a 100644
+--- a/src/net/http/request_test.go
++++ b/src/net/http/request_test.go
+@@ -13,6 +13,7 @@ import (
+ 	"fmt"
+ 	"io"
+ 	"io/ioutil"
++	"math"
+ 	"mime/multipart"
+ 	. "net/http"
+ 	"net/http/httptest"
+@@ -245,6 +246,50 @@ func TestParseMultipartForm(t *testing.T) {
+ 	}
+ }
+ 
++// Issue #40430: Test that if maxMemory for ParseMultipartForm when combined with
++// the payload size and the internal leeway buffer size of 10MiB overflows, that we
++// correctly return an error.
++func TestMaxInt64ForMultipartFormMaxMemoryOverflow(t *testing.T) {
++	defer afterTest(t)
++
++	payloadSize := 1 << 10
++	cst := httptest.NewServer(HandlerFunc(func(rw ResponseWriter, req *Request) {
++		// The combination of:
++		//      MaxInt64 + payloadSize + (internal spare of 10MiB)
++		// triggers the overflow. See issue https://golang.org/issue/40430/
++		if err := req.ParseMultipartForm(math.MaxInt64); err != nil {
++			Error(rw, err.Error(), StatusBadRequest)
++			return
++		}
++	}))
++	defer cst.Close()
++	fBuf := new(bytes.Buffer)
++	mw := multipart.NewWriter(fBuf)
++	mf, err := mw.CreateFormFile("file", "myfile.txt")
++	if err != nil {
++		t.Fatal(err)
++	}
++	if _, err := mf.Write(bytes.Repeat([]byte("abc"), payloadSize)); err != nil {
++		t.Fatal(err)
++	}
++	if err := mw.Close(); err != nil {
++		t.Fatal(err)
++	}
++	req, err := NewRequest("POST", cst.URL, fBuf)
++	if err != nil {
++		t.Fatal(err)
++	}
++	req.Header.Set("Content-Type", mw.FormDataContentType())
++	res, err := cst.Client().Do(req)
++	if err != nil {
++		t.Fatal(err)
++	}
++	res.Body.Close()
++	if g, w := res.StatusCode, StatusBadRequest; g != w {
++		t.Fatalf("Status code mismatch: got %d, want %d", g, w)
++	}
++}
++
+ func TestRedirect_h1(t *testing.T) { testRedirect(t, h1Mode) }
+ func TestRedirect_h2(t *testing.T) { testRedirect(t, h2Mode) }
+ func testRedirect(t *testing.T, h2 bool) {