diff options
Diffstat (limited to 'meta/recipes-devtools/go/go-1.14/CVE-2022-30631.patch')
-rw-r--r-- | meta/recipes-devtools/go/go-1.14/CVE-2022-30631.patch | 116 |
1 files changed, 116 insertions, 0 deletions
diff --git a/meta/recipes-devtools/go/go-1.14/CVE-2022-30631.patch b/meta/recipes-devtools/go/go-1.14/CVE-2022-30631.patch new file mode 100644 index 0000000000..5dcfd27f16 --- /dev/null +++ b/meta/recipes-devtools/go/go-1.14/CVE-2022-30631.patch @@ -0,0 +1,116 @@ +From d10fc3a84e3344f2421c1dd3046faa50709ab4d5 Mon Sep 17 00:00:00 2001 +From: Hitendra Prajapati <hprajapati@mvista.com> +Date: Thu, 25 Aug 2022 11:01:21 +0530 +Subject: [PATCH] CVE-2022-30631 + +Upstream-Status: Backport [https://github.com/golang/go/commit/0117dee7dccbbd7803d88f65a2ce8bd686219ad3] +CVE: CVE-2022-30631 +Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> +--- + src/compress/gzip/gunzip.go | 60 +++++++++++++++----------------- + src/compress/gzip/gunzip_test.go | 16 +++++++++ + 2 files changed, 45 insertions(+), 31 deletions(-) + +diff --git a/src/compress/gzip/gunzip.go b/src/compress/gzip/gunzip.go +index 924bce1..237b2b9 100644 +--- a/src/compress/gzip/gunzip.go ++++ b/src/compress/gzip/gunzip.go +@@ -248,42 +248,40 @@ func (z *Reader) Read(p []byte) (n int, err error) { + return 0, z.err + } + +- n, z.err = z.decompressor.Read(p) +- z.digest = crc32.Update(z.digest, crc32.IEEETable, p[:n]) +- z.size += uint32(n) +- if z.err != io.EOF { +- // In the normal case we return here. +- return n, z.err +- } ++ for n == 0 { ++ n, z.err = z.decompressor.Read(p) ++ z.digest = crc32.Update(z.digest, crc32.IEEETable, p[:n]) ++ z.size += uint32(n) ++ if z.err != io.EOF { ++ // In the normal case we return here. ++ return n, z.err ++ } + +- // Finished file; check checksum and size. +- if _, err := io.ReadFull(z.r, z.buf[:8]); err != nil { +- z.err = noEOF(err) +- return n, z.err +- } +- digest := le.Uint32(z.buf[:4]) +- size := le.Uint32(z.buf[4:8]) +- if digest != z.digest || size != z.size { +- z.err = ErrChecksum +- return n, z.err +- } +- z.digest, z.size = 0, 0 ++ // Finished file; check checksum and size. ++ if _, err := io.ReadFull(z.r, z.buf[:8]); err != nil { ++ z.err = noEOF(err) ++ return n, z.err ++ } ++ digest := le.Uint32(z.buf[:4]) ++ size := le.Uint32(z.buf[4:8]) ++ if digest != z.digest || size != z.size { ++ z.err = ErrChecksum ++ return n, z.err ++ } ++ z.digest, z.size = 0, 0 + +- // File is ok; check if there is another. +- if !z.multistream { +- return n, io.EOF +- } +- z.err = nil // Remove io.EOF ++ // File is ok; check if there is another. ++ if !z.multistream { ++ return n, io.EOF ++ } ++ z.err = nil // Remove io.EOF + +- if _, z.err = z.readHeader(); z.err != nil { +- return n, z.err ++ if _, z.err = z.readHeader(); z.err != nil { ++ return n, z.err ++ } + } + +- // Read from next file, if necessary. +- if n > 0 { +- return n, nil +- } +- return z.Read(p) ++ return n, nil + } + + // Close closes the Reader. It does not close the underlying io.Reader. +diff --git a/src/compress/gzip/gunzip_test.go b/src/compress/gzip/gunzip_test.go +index 1b01404..95220ae 100644 +--- a/src/compress/gzip/gunzip_test.go ++++ b/src/compress/gzip/gunzip_test.go +@@ -516,3 +516,19 @@ func TestTruncatedStreams(t *testing.T) { + } + } + } ++ ++func TestCVE202230631(t *testing.T) { ++ var empty = []byte{0x1f, 0x8b, 0x08, 0x00, 0xa7, 0x8f, 0x43, 0x62, 0x00, ++ 0x03, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00} ++ r := bytes.NewReader(bytes.Repeat(empty, 4e6)) ++ z, err := NewReader(r) ++ if err != nil { ++ t.Fatalf("NewReader: got %v, want nil", err) ++ } ++ // Prior to CVE-2022-30631 fix, this would cause an unrecoverable panic due ++ // to stack exhaustion. ++ _, err = z.Read(make([]byte, 10)) ++ if err != io.EOF { ++ t.Errorf("Reader.Read: got %v, want %v", err, io.EOF) ++ } ++} +-- +2.25.1 + |