diff options
Diffstat (limited to 'meta/recipes-devtools/go/go-1.14/CVE-2022-23772.patch')
-rw-r--r-- | meta/recipes-devtools/go/go-1.14/CVE-2022-23772.patch | 50 |
1 files changed, 50 insertions, 0 deletions
diff --git a/meta/recipes-devtools/go/go-1.14/CVE-2022-23772.patch b/meta/recipes-devtools/go/go-1.14/CVE-2022-23772.patch new file mode 100644 index 0000000000..f0daee3624 --- /dev/null +++ b/meta/recipes-devtools/go/go-1.14/CVE-2022-23772.patch @@ -0,0 +1,50 @@ +From 70882eedccac803ddcf1c3215e0ae8fd59847e39 Mon Sep 17 00:00:00 2001 +From: Katie Hockman <katie@golang.org> +Date: Sat, 26 Feb 2022 20:03:38 +0000 +Subject: [PATCH] [release-branch.go1.16] math/big: prevent overflow in + (*Rat).SetString + +Credit to rsc@ for the original patch. + +Thanks to the OSS-Fuzz project for discovering this +issue and to Emmanuel Odeke (@odeke_et) for reporting it. + +Updates #50699 +Fixes #50700 +Fixes CVE-2022-23772 +--- + src/math/big/ratconv.go | 5 +++++ + src/math/big/ratconv_test.go | 1 + + 2 files changed, 6 insertions(+) + +diff --git a/src/math/big/ratconv.go b/src/math/big/ratconv.go +index 941139e..e8cbdbe 100644 +--- a/src/math/big/ratconv.go ++++ b/src/math/big/ratconv.go +@@ -168,6 +168,11 @@ func (z *Rat) SetString(s string) (*Rat, bool) { + n := exp5 + if n < 0 { + n = -n ++ if n < 0 { ++ // This can occur if -n overflows. -(-1 << 63) would become ++ // -1 << 63, which is still negative. ++ return nil, false ++ } + } + pow5 := z.b.abs.expNN(natFive, nat(nil).setWord(Word(n)), nil) // use underlying array of z.b.abs + if exp5 > 0 { +diff --git a/src/math/big/ratconv_test.go b/src/math/big/ratconv_test.go +index ba0d1ba..b820df4 100644 +--- a/src/math/big/ratconv_test.go ++++ b/src/math/big/ratconv_test.go +@@ -104,6 +104,7 @@ var setStringTests = []StringTest{ + {in: "4/3/"}, + {in: "4/3."}, + {in: "4/"}, ++ {in: "13e-9223372036854775808"}, // CVE-2022-23772 + + // valid + {"0", "0", true}, +-- +2.17.1 + |