fix CVE-2022-23772 CVE-2022-23806

Reference:https://go-review.googlesource.com/c/go/+/382835;https://go-review.googlesource.com/c/go/+/381336;https://go-review.googlesource.com/c/go/+/382854 Conflict:NA Score:CVE-2022-23772:7.5 CVE-2022-23806:9.1 Reason:fix CVE-2022-23772 CVE-2022-23806
2022-03-04 17:03:21 +08:00 · 2022-03-04 17:03:21 +08:00 · 2b2e619ed0
commit 2b2e619ed0
parent 76377cc07b
3 changed files with 219 additions and 1 deletions
--- a/0057-release-branch.go1.16-math-big-prevent-overflow-in-R.patch
+++ b/0057-release-branch.go1.16-math-big-prevent-overflow-in-R.patch
@ -0,0 +1,64 @@
+From 3ebb1762fb1942b4ffe932000f873e16c194a2d7 Mon Sep 17 00:00:00 2001
+From: Katie Hockman <katie@golang.org>
+Date: Wed, 2 Mar 2022 10:52:56 +0800
+Subject: [Backport 1/3] [release-branch.go1.16] math/big: prevent overflow in
+ (*Rat).SetString
+
+Credit to rsc@ for the original patch.
+
+Thanks to the OSS-Fuzz project for discovering this
+issue and to Emmanuel Odeke (@odeke_et) for reporting it.
+
+Updates #50699
+Fixes #50700
+Fixes CVE-2022-23772
+
+Change-Id: I590395a3d55689625390cf1e58f5f40623b26ee5
+Reviewed-on: https://go-review.googlesource.com/c/go/+/379537
+Trust: Katie Hockman <katie@golang.org>
+Run-TryBot: Katie Hockman <katie@golang.org>
+TryBot-Result: Gopher Robot <gobot@golang.org>
+Reviewed-by: Emmanuel Odeke <emmanuel@orijtech.com>
+Reviewed-by: Roland Shoemaker <roland@golang.org>
+Reviewed-by: Julie Qiu <julie@golang.org>
+(cherry picked from commit ad345c265916bbf6c646865e4642eafce6d39e78)
+Reviewed-on: https://go-review.googlesource.com/c/go/+/381337
+
+Reference:https://go-review.googlesource.com/c/go/+/381337
+Conflict:NA
+---
+ src/math/big/ratconv.go      | 5 +++++
+ src/math/big/ratconv_test.go | 1 +
+ 2 files changed, 6 insertions(+)
+
+diff --git a/src/math/big/ratconv.go b/src/math/big/ratconv.go
+index ac3c8bd..90053a9 100644
+--- a/src/math/big/ratconv.go
+++ b/src/math/big/ratconv.go
+@@ -169,6 +169,11 @@ func (z *Rat) SetString(s string) (*Rat, bool) {
+ 		n := exp5
+ 		if n < 0 {
+ 			n = -n
+			if n < 0 {
+				// This can occur if -n overflows. -(-1 << 63) would become
+				// -1 << 63, which is still negative.
+				return nil, false
+			}
+ 		}
+ 		if n > 1e6 {
+ 			return nil, false // avoid excessively large exponents
+diff --git a/src/math/big/ratconv_test.go b/src/math/big/ratconv_test.go
+index 15d206c..e55e655 100644
+--- a/src/math/big/ratconv_test.go
+++ b/src/math/big/ratconv_test.go
+@@ -104,6 +104,7 @@ var setStringTests = []StringTest{
+ 	{in: "4/3/"},
+ 	{in: "4/3."},
+ 	{in: "4/"},
+	{in: "13e-9223372036854775808"}, // CVE-2022-23772
+ 
+ 	// valid
+ 	{"0", "0", true},
+-- 
+2.30.0
+
--- a/0058-release-branch.go1.16-crypto-elliptic-make-IsOnCurve.patch
+++ b/0058-release-branch.go1.16-crypto-elliptic-make-IsOnCurve.patch
@ -0,0 +1,149 @@
+From 126bdb9ae49d443850459b55cf7c0686eef2f476 Mon Sep 17 00:00:00 2001
+From: Filippo Valsorda <filippo@golang.org>
+Date: Wed, 2 Mar 2022 10:56:28 +0800
+Subject: [Backport 3/3] [release-branch.go1.16] crypto/elliptic: make
+ IsOnCurve return false for invalid field elements
+
+Updates #50974
+Fixes #50977
+Fixes CVE-2022-23806
+
+Change-Id: I0201c2c88f13dd82910985a495973f1683af9259
+Reviewed-on: https://go-review.googlesource.com/c/go/+/382855
+Trust: Filippo Valsorda <filippo@golang.org>
+Run-TryBot: Filippo Valsorda <filippo@golang.org>
+Reviewed-by: Katie Hockman <katie@golang.org>
+Trust: Katie Hockman <katie@golang.org>
+TryBot-Result: Gopher Robot <gobot@golang.org>
+
+Conflict:NA
+Reference:https://go-review.googlesource.com/c/go/+/382855
+---
+ src/crypto/elliptic/elliptic.go      |  4 ++
+ src/crypto/elliptic/elliptic_test.go | 81 ++++++++++++++++++++++++++++
+ src/crypto/elliptic/p224.go          |  5 ++
+ 3 files changed, 90 insertions(+)
+
+diff --git a/src/crypto/elliptic/elliptic.go b/src/crypto/elliptic/elliptic.go
+index f93dc16..321f926 100644
+--- a/src/crypto/elliptic/elliptic.go
+++ b/src/crypto/elliptic/elliptic.go
+@@ -71,6 +71,10 @@ func (curve *CurveParams) polynomial(x *big.Int) *big.Int {
+ }
+ 
+ func (curve *CurveParams) IsOnCurve(x, y *big.Int) bool {
+	if x.Sign() < 0 || x.Cmp(curve.P) >= 0 ||
+		y.Sign() < 0 || y.Cmp(curve.P) >= 0 {
+		return false
+	}
+ 	// y² = x³ - 3x + b
+ 	y2 := new(big.Int).Mul(y, y)
+ 	y2.Mod(y2, curve.P)
+diff --git a/src/crypto/elliptic/elliptic_test.go b/src/crypto/elliptic/elliptic_test.go
+index e80e773..bb16b0d 100644
+--- a/src/crypto/elliptic/elliptic_test.go
+++ b/src/crypto/elliptic/elliptic_test.go
+@@ -721,3 +721,84 @@ func testMarshalCompressed(t *testing.T, curve Curve, x, y *big.Int, want []byte
+ 		t.Errorf("point did not round-trip correctly: got (%v, %v), want (%v, %v)", X, Y, x, y)
+ 	}
+ }
+
+func testAllCurves(t *testing.T, f func(*testing.T, Curve)) {
+	tests := []struct {
+		name  string
+		curve Curve
+	}{
+		{"P256", P256()},
+		{"P256/Params", P256().Params()},
+		{"P224", P224()},
+		{"P224/Params", P224().Params()},
+		{"P384", P384()},
+		{"P384/Params", P384().Params()},
+		{"P521", P521()},
+		{"P521/Params", P521().Params()},
+	}
+	if testing.Short() {
+		tests = tests[:1]
+	}
+	for _, test := range tests {
+		curve := test.curve
+		t.Run(test.name, func(t *testing.T) {
+			t.Parallel()
+			f(t, curve)
+		})
+	}
+}
+
+// TestInvalidCoordinates tests big.Int values that are not valid field elements
+// (negative or bigger than P). They are expected to return false from
+// IsOnCurve, all other behavior is undefined.
+func TestInvalidCoordinates(t *testing.T) {
+	testAllCurves(t, testInvalidCoordinates)
+}
+
+func testInvalidCoordinates(t *testing.T, curve Curve) {
+	checkIsOnCurveFalse := func(name string, x, y *big.Int) {
+		if curve.IsOnCurve(x, y) {
+			t.Errorf("IsOnCurve(%s) unexpectedly returned true", name)
+		}
+	}
+
+	p := curve.Params().P
+	_, x, y, _ := GenerateKey(curve, rand.Reader)
+	xx, yy := new(big.Int), new(big.Int)
+
+	// Check if the sign is getting dropped.
+	xx.Neg(x)
+	checkIsOnCurveFalse("-x, y", xx, y)
+	yy.Neg(y)
+	checkIsOnCurveFalse("x, -y", x, yy)
+
+	// Check if negative values are reduced modulo P.
+	xx.Sub(x, p)
+	checkIsOnCurveFalse("x-P, y", xx, y)
+	yy.Sub(y, p)
+	checkIsOnCurveFalse("x, y-P", x, yy)
+
+	// Check if positive values are reduced modulo P.
+	xx.Add(x, p)
+	checkIsOnCurveFalse("x+P, y", xx, y)
+	yy.Add(y, p)
+	checkIsOnCurveFalse("x, y+P", x, yy)
+
+	// Check if the overflow is dropped.
+	xx.Add(x, new(big.Int).Lsh(big.NewInt(1), 535))
+	checkIsOnCurveFalse("x+2⁵³⁵, y", xx, y)
+	yy.Add(y, new(big.Int).Lsh(big.NewInt(1), 535))
+	checkIsOnCurveFalse("x, y+2⁵³⁵", x, yy)
+
+	// Check if P is treated like zero (if possible).
+	// y^2 = x^3 - 3x + B
+	// y = mod_sqrt(x^3 - 3x + B)
+	// y = mod_sqrt(B) if x = 0
+	// If there is no modsqrt, there is no point with x = 0, can't test x = P.
+	if yy := new(big.Int).ModSqrt(curve.Params().B, p); yy != nil {
+		if !curve.IsOnCurve(big.NewInt(0), yy) {
+			t.Fatal("(0, mod_sqrt(B)) is not on the curve?")
+		}
+		checkIsOnCurveFalse("P, y", p, yy)
+	}
+}
+diff --git a/src/crypto/elliptic/p224.go b/src/crypto/elliptic/p224.go
+index 8c76021..ff5c834 100644
+--- a/src/crypto/elliptic/p224.go
+++ b/src/crypto/elliptic/p224.go
+@@ -48,6 +48,11 @@ func (curve p224Curve) Params() *CurveParams {
+ }
+ 
+ func (curve p224Curve) IsOnCurve(bigX, bigY *big.Int) bool {
+	if bigX.Sign() < 0 || bigX.Cmp(curve.P) >= 0 ||
+		bigY.Sign() < 0 || bigY.Cmp(curve.P) >= 0 {
+		return false
+	}
+
+ 	var x, y p224FieldElement
+ 	p224FromBig(&x, bigX)
+ 	p224FromBig(&y, bigY)
+-- 
+2.30.0
+
--- a/golang.spec
+++ b/golang.spec
@ -62,7 +62,7 @@

 Name:           golang
 Version:        1.15.7
-Release:        8
+Release:        9
 Summary:        The Go Programming Language
 License:        BSD and Public Domain
 URL:            https://golang.org/
@ -202,6 +202,8 @@ Patch6053:       0053-net-http-httputil-close-incoming-ReverseProxy-reques.patch
 Patch6054:       0054-release-branch.go1.16-net-http-update-bundled-golang.patch
 Patch6055:       0055-release-branch.go1.16-archive-zip-prevent-preallocat.patch
 Patch6056:       0056-release-branch.go1.16-debug-macho-fail-on-invalid-dy.patch
+Patch6057:       0057-release-branch.go1.16-math-big-prevent-overflow-in-R.patch
+Patch6058:       0058-release-branch.go1.16-crypto-elliptic-make-IsOnCurve.patch

 Patch9001:       0001-drop-hard-code-cert.patch

@ -435,6 +437,9 @@ fi
 %files devel -f go-tests.list -f go-misc.list -f go-src.list

 %changelog
+* Fri Mar 4 2022 hanchao<hanchao47@huawei.com> - 1.15.7-9
+- fix CVE-2022-23772  CVE-2022-23806
+
 * Wed Mar 2 2022 hanchao<hanchao47@huawei.com> - 1.15.7-8
 - fix CVE-2021-41771