diff options
Diffstat (limited to 'meta/recipes-devtools/go/go-1.14/CVE-2022-41717.patch')
-rw-r--r-- | meta/recipes-devtools/go/go-1.14/CVE-2022-41717.patch | 75 |
1 files changed, 75 insertions, 0 deletions
diff --git a/meta/recipes-devtools/go/go-1.14/CVE-2022-41717.patch b/meta/recipes-devtools/go/go-1.14/CVE-2022-41717.patch new file mode 100644 index 0000000000..8bf22ee4d4 --- /dev/null +++ b/meta/recipes-devtools/go/go-1.14/CVE-2022-41717.patch @@ -0,0 +1,75 @@ +From 618120c165669c00a1606505defea6ca755cdc27 Mon Sep 17 00:00:00 2001 +From: Damien Neil <dneil@google.com> +Date: Wed, 30 Nov 2022 16:46:33 -0500 +Subject: [PATCH] [release-branch.go1.19] net/http: update bundled + golang.org/x/net/http2 + +Disable cmd/internal/moddeps test, since this update includes PRIVATE +track fixes. + +For #56350. +For #57009. +Fixes CVE-2022-41717. + +Change-Id: I5c6ce546add81f361dcf0d5123fa4eaaf8f0a03b +Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1663835 +Reviewed-by: Tatiana Bradley <tatianabradley@google.com> +Reviewed-by: Julie Qiu <julieqiu@google.com> +Reviewed-on: https://go-review.googlesource.com/c/go/+/455363 +TryBot-Result: Gopher Robot <gobot@golang.org> +Run-TryBot: Jenny Rakoczy <jenny@golang.org> +Reviewed-by: Michael Pratt <mpratt@google.com> + +Upstream-Status: Backport [https://github.com/golang/go/commit/618120c165669c00a1606505defea6ca755cdc27] +CVE-2022-41717 +Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com> +--- + src/net/http/h2_bundle.go | 18 +++++++++++------- + 1 file changed, 11 insertions(+), 7 deletions(-) + +diff --git a/src/net/http/h2_bundle.go b/src/net/http/h2_bundle.go +index 83f2a72..cc03a62 100644 +--- a/src/net/http/h2_bundle.go ++++ b/src/net/http/h2_bundle.go +@@ -4096,6 +4096,7 @@ type http2serverConn struct { + headerTableSize uint32 + peerMaxHeaderListSize uint32 // zero means unknown (default) + canonHeader map[string]string // http2-lower-case -> Go-Canonical-Case ++ canonHeaderKeysSize int // canonHeader keys size in bytes + writingFrame bool // started writing a frame (on serve goroutine or separate) + writingFrameAsync bool // started a frame on its own goroutine but haven't heard back on wroteFrameCh + needsFrameFlush bool // last frame write wasn't a flush +@@ -4278,6 +4279,13 @@ func (sc *http2serverConn) condlogf(err error, format string, args ...interface{ + } + } + ++// maxCachedCanonicalHeadersKeysSize is an arbitrarily-chosen limit on the size ++// of the entries in the canonHeader cache. ++// This should be larger than the size of unique, uncommon header keys likely to ++// be sent by the peer, while not so high as to permit unreasonable memory usage ++// if the peer sends an unbounded number of unique header keys. ++const http2maxCachedCanonicalHeadersKeysSize = 2048 ++ + func (sc *http2serverConn) canonicalHeader(v string) string { + sc.serveG.check() + http2buildCommonHeaderMapsOnce() +@@ -4293,14 +4301,10 @@ func (sc *http2serverConn) canonicalHeader(v string) string { + sc.canonHeader = make(map[string]string) + } + cv = CanonicalHeaderKey(v) +- // maxCachedCanonicalHeaders is an arbitrarily-chosen limit on the number of +- // entries in the canonHeader cache. This should be larger than the number +- // of unique, uncommon header keys likely to be sent by the peer, while not +- // so high as to permit unreaasonable memory usage if the peer sends an unbounded +- // number of unique header keys. +- const maxCachedCanonicalHeaders = 32 +- if len(sc.canonHeader) < maxCachedCanonicalHeaders { ++ size := 100 + len(v)*2 // 100 bytes of map overhead + key + value ++ if sc.canonHeaderKeysSize+size <= http2maxCachedCanonicalHeadersKeysSize { + sc.canonHeader[v] = cv ++ sc.canonHeaderKeysSize += size + } + return cv + } +-- +2.30.2 |