diff options
author | Ralph Siemsen <ralph.siemsen@linaro.org> | 2022-11-17 11:54:50 -0500 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2022-11-23 00:26:19 +0000 |
commit | 09a820fe21d7884c6733d569f6560ef1ded5435d (patch) | |
tree | 5a003cc8802323cde58941c73c8dbf63a2e33164 /meta | |
parent | a2d3d80a7df5b8f57105ef2b680e9e01a9da6486 (diff) | |
download | openembedded-core-contrib-09a820fe21d7884c6733d569f6560ef1ded5435d.tar.gz |
golang: fix CVE-2022-28131
Upstream-Status: Backport [https://github.com/golang/go/commit/58facfbe7db2fbb9afed794b281a70bdb12a60ae]
CVE: CVE-2022-28131
Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Diffstat (limited to 'meta')
-rw-r--r-- | meta/recipes-devtools/go/go-1.14.inc | 1 | ||||
-rw-r--r-- | meta/recipes-devtools/go/go-1.14/CVE-2022-28131.patch | 104 |
2 files changed, 105 insertions, 0 deletions
diff --git a/meta/recipes-devtools/go/go-1.14.inc b/meta/recipes-devtools/go/go-1.14.inc index 08eefdcb5c..525a3e77c5 100644 --- a/meta/recipes-devtools/go/go-1.14.inc +++ b/meta/recipes-devtools/go/go-1.14.inc @@ -47,6 +47,7 @@ SRC_URI += "\ file://CVE-2021-33198.patch \ file://CVE-2021-44716.patch \ file://CVE-2022-24921.patch \ + file://CVE-2022-28131.patch \ " SRC_URI_append_libc-musl = " file://0009-ld-replace-glibc-dynamic-linker-with-musl.patch" diff --git a/meta/recipes-devtools/go/go-1.14/CVE-2022-28131.patch b/meta/recipes-devtools/go/go-1.14/CVE-2022-28131.patch new file mode 100644 index 0000000000..8afa292144 --- /dev/null +++ b/meta/recipes-devtools/go/go-1.14/CVE-2022-28131.patch @@ -0,0 +1,104 @@ +From 8136eb2e5c316a51d0da710fbd0504cbbefee526 Mon Sep 17 00:00:00 2001 +From: Roland Shoemaker <roland@golang.org> +Date: Mon, 28 Mar 2022 18:41:26 -0700 +Subject: [PATCH] encoding/xml: use iterative Skip, rather than recursive + +Upstream-Status: Backport [https://github.com/golang/go/commit/58facfbe7db2fbb9afed794b281a70bdb12a60ae] +CVE: CVE-2022-28131 +Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org> + + +Prevents exhausting the stack limit in _incredibly_ deeply nested +structures. + +Fixes #53711 +Updates #53614 +Fixes CVE-2022-28131 + +Change-Id: I47db4595ce10cecc29fbd06afce7b299868599e6 +Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1419912 +Reviewed-by: Julie Qiu <julieqiu@google.com> +Reviewed-by: Damien Neil <dneil@google.com> +(cherry picked from commit 9278cb78443d2b4deb24cbb5b61c9ba5ac688d49) +Reviewed-on: https://go-review.googlesource.com/c/go/+/417068 +TryBot-Result: Gopher Robot <gobot@golang.org> +Reviewed-by: Heschi Kreinick <heschi@google.com> +Run-TryBot: Michael Knyszek <mknyszek@google.com> +--- + src/encoding/xml/read.go | 15 ++++++++------- + src/encoding/xml/read_test.go | 18 ++++++++++++++++++ + 2 files changed, 26 insertions(+), 7 deletions(-) + +diff --git a/src/encoding/xml/read.go b/src/encoding/xml/read.go +index 4ffed80..3fac859 100644 +--- a/src/encoding/xml/read.go ++++ b/src/encoding/xml/read.go +@@ -743,12 +743,12 @@ Loop: + } + + // Skip reads tokens until it has consumed the end element +-// matching the most recent start element already consumed. +-// It recurs if it encounters a start element, so it can be used to +-// skip nested structures. ++// matching the most recent start element already consumed, ++// skipping nested structures. + // It returns nil if it finds an end element matching the start + // element; otherwise it returns an error describing the problem. + func (d *Decoder) Skip() error { ++ var depth int64 + for { + tok, err := d.Token() + if err != nil { +@@ -756,11 +756,12 @@ func (d *Decoder) Skip() error { + } + switch tok.(type) { + case StartElement: +- if err := d.Skip(); err != nil { +- return err +- } ++ depth++ + case EndElement: +- return nil ++ if depth == 0 { ++ return nil ++ } ++ depth-- + } + } + } +diff --git a/src/encoding/xml/read_test.go b/src/encoding/xml/read_test.go +index 6a20b1a..7a621a5 100644 +--- a/src/encoding/xml/read_test.go ++++ b/src/encoding/xml/read_test.go +@@ -5,9 +5,11 @@ + package xml + + import ( ++ "bytes" + "errors" + "io" + "reflect" ++ "runtime" + "strings" + "testing" + "time" +@@ -1093,3 +1095,19 @@ func TestCVE202228131(t *testing.T) { + t.Fatalf("Unmarshal unexpected error: got %q, want %q", err, errExeceededMaxUnmarshalDepth) + } + } ++ ++func TestCVE202230633(t *testing.T) { ++ if runtime.GOARCH == "wasm" { ++ t.Skip("causes memory exhaustion on js/wasm") ++ } ++ defer func() { ++ p := recover() ++ if p != nil { ++ t.Fatal("Unmarshal panicked") ++ } ++ }() ++ var example struct { ++ Things []string ++ } ++ Unmarshal(bytes.Repeat([]byte("<a>"), 17_000_000), &example) ++} |