!107 golang: fix CVE-2022-32189

From: @hcnbxx Reviewed-by: @zhangsong234, @jing-rui Signed-off-by: @jing-rui
2022-08-09 09:35:38 +00:00 · 2022-08-09 09:35:38 +00:00 · 4fe4d4bc51
commit 4fe4d4bc51
parent 935d47607c d95195796d
2 changed files with 204 additions and 71 deletions
--- a/0074-release-branch.go1.17-math-big-check-buffer-lengths-.patch
+++ b/0074-release-branch.go1.17-math-big-check-buffer-lengths-.patch
@ -0,0 +1,129 @@
+From 490df635ab990bcc5796cf5765c74675503d9964 Mon Sep 17 00:00:00 2001
+From: Roland Shoemaker <roland@golang.org>
+Date: Fri, 15 Jul 2022 10:43:44 -0700
+Subject: [PATCH] [release-branch.go1.17] math/big: check buffer lengths in
+ GobDecode
+
+In Float.GobDecode and Rat.GobDecode, check buffer sizes before
+indexing slices.
+
+Updates #53871
+Fixes #54094
+
+Change-Id: I1b652c32c2bc7a0e8aa7620f7be9b2740c568b0a
+Reviewed-on: https://go-review.googlesource.com/c/go/+/417774
+TryBot-Result: Gopher Robot <gobot@golang.org>
+Reviewed-by: Tatiana Bradley <tatiana@golang.org>
+Run-TryBot: Roland Shoemaker <roland@golang.org>
+(cherry picked from commit 055113ef364337607e3e72ed7d48df67fde6fc66)
+Reviewed-on: https://go-review.googlesource.com/c/go/+/419814
+Reviewed-by: Julie Qiu <julieqiu@google.com>
+
+Conflict:NA
+Reference:https://go-review.googlesource.com/c/go/+/419814
+
+---
+ src/math/big/floatmarsh.go      |  7 +++++++
+ src/math/big/floatmarsh_test.go | 12 ++++++++++++
+ src/math/big/ratmarsh.go        |  6 ++++++
+ src/math/big/ratmarsh_test.go   | 12 ++++++++++++
+ 4 files changed, 37 insertions(+)
+
+diff --git a/src/math/big/floatmarsh.go b/src/math/big/floatmarsh.go
+index d1c1dab069..990e085abe 100644
+--- a/src/math/big/floatmarsh.go
+++ b/src/math/big/floatmarsh.go
+@@ -8,6 +8,7 @@ package big
+ 
+ import (
+ 	"encoding/binary"
+	"errors"
+ 	"fmt"
+ )
+ 
+@@ -67,6 +68,9 @@ func (z *Float) GobDecode(buf []byte) error {
+ 		*z = Float{}
+ 		return nil
+ 	}
+	if len(buf) < 6 {
+		return errors.New("Float.GobDecode: buffer too small")
+	}
+ 
+ 	if buf[0] != floatGobVersion {
+ 		return fmt.Errorf("Float.GobDecode: encoding version %d not supported", buf[0])
+@@ -83,6 +87,9 @@ func (z *Float) GobDecode(buf []byte) error {
+ 	z.prec = binary.BigEndian.Uint32(buf[2:])
+ 
+ 	if z.form == finite {
+		if len(buf) < 10 {
+			return errors.New("Float.GobDecode: buffer too small for finite form float")
+		}
+ 		z.exp = int32(binary.BigEndian.Uint32(buf[6:]))
+ 		z.mant = z.mant.setBytes(buf[10:])
+ 	}
+diff --git a/src/math/big/floatmarsh_test.go b/src/math/big/floatmarsh_test.go
+index c056d78b80..401f45a51f 100644
+--- a/src/math/big/floatmarsh_test.go
+++ b/src/math/big/floatmarsh_test.go
+@@ -137,3 +137,15 @@ func TestFloatJSONEncoding(t *testing.T) {
+ 		}
+ 	}
+ }
+
+func TestFloatGobDecodeShortBuffer(t *testing.T) {
+	for _, tc := range [][]byte{
+		[]byte{0x1, 0x0, 0x0, 0x0},
+		[]byte{0x1, 0xfa, 0x0, 0x0, 0x0, 0x0},
+	} {
+		err := NewFloat(0).GobDecode(tc)
+		if err == nil {
+			t.Error("expected GobDecode to return error for malformed input")
+		}
+	}
+}
+diff --git a/src/math/big/ratmarsh.go b/src/math/big/ratmarsh.go
+index fbc7b6002d..56102e845b 100644
+--- a/src/math/big/ratmarsh.go
+++ b/src/math/big/ratmarsh.go
+@@ -45,12 +45,18 @@ func (z *Rat) GobDecode(buf []byte) error {
+ 		*z = Rat{}
+ 		return nil
+ 	}
+	if len(buf) < 5 {
+		return errors.New("Rat.GobDecode: buffer too small")
+	}
+ 	b := buf[0]
+ 	if b>>1 != ratGobVersion {
+ 		return fmt.Errorf("Rat.GobDecode: encoding version %d not supported", b>>1)
+ 	}
+ 	const j = 1 + 4
+ 	i := j + binary.BigEndian.Uint32(buf[j-4:j])
+	if len(buf) < int(i) {
+		return errors.New("Rat.GobDecode: buffer too small")
+	}
+ 	z.a.neg = b&1 != 0
+ 	z.a.abs = z.a.abs.setBytes(buf[j:i])
+ 	z.b.abs = z.b.abs.setBytes(buf[i:])
+diff --git a/src/math/big/ratmarsh_test.go b/src/math/big/ratmarsh_test.go
+index 351d109f8d..55a9878bb8 100644
+--- a/src/math/big/ratmarsh_test.go
+++ b/src/math/big/ratmarsh_test.go
+@@ -123,3 +123,15 @@ func TestRatXMLEncoding(t *testing.T) {
+ 		}
+ 	}
+ }
+
+func TestRatGobDecodeShortBuffer(t *testing.T) {
+	for _, tc := range [][]byte{
+		[]byte{0x2},
+		[]byte{0x2, 0x0, 0x0, 0x0, 0xff},
+	} {
+		err := NewRat(1, 2).GobDecode(tc)
+		if err == nil {
+			t.Error("expected GobDecode to return error for malformed input")
+		}
+	}
+}
+-- 
+2.30.2
+
--- a/golang.spec
+++ b/golang.spec
@ -62,7 +62,7 @@

 Name:           golang
 Version:        1.15.7
-Release:        14
+Release:        15
 Summary:        The Go Programming Language
 License:        BSD and Public Domain
 URL:            https://golang.org/
@ -151,78 +151,79 @@ Requires:       openEuler-rpm-config

 ExclusiveArch:  %{golang_arches}

-Patch6001:       0001-release-branch.go1.15-doc-go1.15-mention-1.15.3-cgo-.patch
-Patch6002:       0002-release-branch.go1.15-cmd-go-fix-mod_get_fallback-te.patch
-Patch6003:       0003-release-branch.go1.15-internal-execabs-only-run-test.patch
-Patch6004:       0004-release-branch.go1.15-cmd-compile-don-t-short-circui.patch
-Patch6005:       0005-release-branch.go1.15-cmd-go-fix-get_update_unknown_.patch
-Patch6006:       0006-release-branch.go1.15-net-http-update-bundled-x-net-.patch
-Patch6007:       0007-release-branch.go1.15-cmd-go-don-t-lookup-the-path-f.patch
-Patch6008:       0008-release-branch.go1.15-cmd-link-internal-ld-pe-fix-se.patch
-Patch6009:       0009-release-branch.go1.15-cmd-internal-goobj2-fix-buglet.patch
-Patch6010:       0010-release-branch.go1.15-runtime-don-t-adjust-timer-pp-.patch
-Patch6011:       0011-release-branch.go1.15-runtime-cgo-fix-Android-build-.patch
-Patch6013:       0013-release-branch.go1.15-internal-poll-if-copy_file_ran.patch
-Patch6014:       0014-release-branch.go1.15-internal-poll-netpollcheckerr-.patch
-Patch6015:       0015-release-branch.go1.15-cmd-compile-do-not-assume-TST-.patch
-Patch6016:       0016-release-branch.go1.15-syscall-do-not-overflow-key-me.patch
-Patch6017:       0017-release-branch.go1.15-time-correct-unusual-extension.patch
-Patch6018:       0018-release-branch.go1.15-cmd-compile-fix-escape-analysi.patch
-Patch6019:       0019-release-branch.go1.15-net-http-ignore-connection-clo.patch
-Patch6020:       0020-release-branch.go1.15-net-http-add-connections-back-.patch
-Patch6021:       0021-release-branch.go1.15-security-encoding-xml-prevent-.patch
-Patch6023:       0023-release-branch.go1.15-cmd-go-don-t-report-missing-st.patch
-Patch6025:       0025-release-branch.go1.15-cmd-go-internal-modfetch-detec.patch
-Patch6026:       0026-release-branch.go1.15-cmd-link-generate-trampoline-f.patch
-Patch6027:       0027-release-branch.go1.15-net-http-update-bundled-x-net-.patch
-Patch6028:       0028-release-branch.go1.15-net-http-fix-detection-of-Roun.patch
-Patch6029:       0029-release-branch.go1.15-build-set-GOPATH-consistently-.patch
-Patch6030:       0030-release-branch.go1.15-database-sql-fix-tx-stmt-deadl.patch
-Patch6031:       0031-release-branch.go1.15-cmd-compile-disable-shortcircu.patch
-Patch6032:       0032-release-branch.go1.15-runtime-non-strict-InlTreeInde.patch
-Patch6033:       0033-release-branch.go1.15-cmd-cgo-avoid-exporting-all-sy.patch
-Patch6034:       0034-release-branch.go1.15-cmd-link-avoid-exporting-all-s.patch
-Patch6035:       0035-release-branch.go1.15-cmd-cgo-remove-unnecessary-spa.patch
-Patch6037:       0037-release-branch.go1.15-time-use-offset-and-isDST-when.patch
-Patch6038:       0038-release-branch.go1.15-std-update-golang.org-x-net-to.patch
-Patch6039:       0039-release-branch.go1.15-runtime-time-disable-preemptio.patch
-Patch6040:       0040-release-branch.go1.15-runtime-non-strict-InlTreeInde.patch
-Patch6041:       0041-release-branch.go1.15-runtime-pprof-skip-tests-for-A.patch
-Patch6043:       0043-release-branch.go1.15-math-big-fix-TestShiftOverlap-.patch
-Patch6044:       0044-release-branch.go1.15-math-big-remove-the-s390x-asse.patch
-Patch6045:       0045-net-http-fix-hijack-hang-at-abortPendingRead.patch
-Patch6046:       0046-release-branch.go1.15-net-verify-results-from-Lookup.patch
-Patch6047:       0047-release-branch.go1.15-archive-zip-only-preallocate-F.patch
-Patch6048:       0048-release-branch.go1.15-net-http-httputil-always-remov.patch
-Patch6049:       0049-release-branch.go1.15-math-big-check-for-excessive-e.patch
-Patch6050:       0050-release-branch.go1.15-crypto-tls-test-key-type-when-.patch
-Patch6051:       0051-net-reject-leading-zeros-in-IP-address-parsers.patch
-Patch6052:       0052-release-branch.go1.16-misc-wasm-cmd-link-do-not-let-.patch
-Patch6053:       0053-net-http-httputil-close-incoming-ReverseProxy-reques.patch
-Patch6054:       0054-release-branch.go1.16-net-http-update-bundled-golang.patch
-Patch6055:       0055-release-branch.go1.16-archive-zip-prevent-preallocat.patch
-Patch6056:       0056-release-branch.go1.16-debug-macho-fail-on-invalid-dy.patch
-Patch6057:       0057-release-branch.go1.16-math-big-prevent-overflow-in-R.patch
-Patch6058:       0058-release-branch.go1.16-crypto-elliptic-make-IsOnCurve.patch
-Patch6059:       0059-release-branch.go1.16-regexp-syntax-reject-very-deep.patch
-Patch6060:       0060-cmd-go-internal-modfetch-do-not-short-circuit-canoni.patch
-Patch6061:       0061-release-branch.go1.17-crypto-elliptic-tolerate-zero-.patch
-Patch6062:       0062-release-branch.go1.17-encoding-pem-fix-stack-overflo.patch
-Patch6063:       0063-release-branch.go1.16-syscall-fix-ForkLock-spurious-.patch
-Patch6064:	     0064-release-branch.go1.17-net-http-preserve-nil-values-i.patch
-Patch6065:	     0065-release-branch.go1.17-go-parser-limit-recursion-dept.patch
-Patch6066:	     0066-release-branch.go1.17-net-http-don-t-strip-whitespac.patch
-Patch6067:	     0067-release-branch.go1.17-encoding-xml-limit-depth-of-ne.patch
-Patch6068:	     0068-release-branch.go1.17-encoding-gob-add-a-depth-limit.patch
-Patch6069:	     0069-release-branch.go1.17-path-filepath-fix-stack-exhaus.patch
-Patch6070:	     0070-release-branch.go1.17-encoding-xml-use-iterative-Ski.patch
-Patch6071:	     0071-release-branch.go1.17-compress-gzip-fix-stack-exhaus.patch
-Patch6072:	     0072-release-branch.go1.17-crypto-tls-randomly-generate-t.patch
-Patch6073:	     0073-release-branch.go1.17-crypto-rand-properly-handle-la.patch
+Patch6001:	0001-release-branch.go1.15-doc-go1.15-mention-1.15.3-cgo-.patch
+Patch6002:	0002-release-branch.go1.15-cmd-go-fix-mod_get_fallback-te.patch
+Patch6003:	0003-release-branch.go1.15-internal-execabs-only-run-test.patch
+Patch6004:	0004-release-branch.go1.15-cmd-compile-don-t-short-circui.patch
+Patch6005:	0005-release-branch.go1.15-cmd-go-fix-get_update_unknown_.patch
+Patch6006:	0006-release-branch.go1.15-net-http-update-bundled-x-net-.patch
+Patch6007:	0007-release-branch.go1.15-cmd-go-don-t-lookup-the-path-f.patch
+Patch6008:	0008-release-branch.go1.15-cmd-link-internal-ld-pe-fix-se.patch
+Patch6009:	0009-release-branch.go1.15-cmd-internal-goobj2-fix-buglet.patch
+Patch6010:	0010-release-branch.go1.15-runtime-don-t-adjust-timer-pp-.patch
+Patch6011:	0011-release-branch.go1.15-runtime-cgo-fix-Android-build-.patch
+Patch6013:	0013-release-branch.go1.15-internal-poll-if-copy_file_ran.patch
+Patch6014:	0014-release-branch.go1.15-internal-poll-netpollcheckerr-.patch
+Patch6015:	0015-release-branch.go1.15-cmd-compile-do-not-assume-TST-.patch
+Patch6016:	0016-release-branch.go1.15-syscall-do-not-overflow-key-me.patch
+Patch6017:	0017-release-branch.go1.15-time-correct-unusual-extension.patch
+Patch6018:	0018-release-branch.go1.15-cmd-compile-fix-escape-analysi.patch
+Patch6019:	0019-release-branch.go1.15-net-http-ignore-connection-clo.patch
+Patch6020:	0020-release-branch.go1.15-net-http-add-connections-back-.patch
+Patch6021:	0021-release-branch.go1.15-security-encoding-xml-prevent-.patch
+Patch6023:	0023-release-branch.go1.15-cmd-go-don-t-report-missing-st.patch
+Patch6025:	0025-release-branch.go1.15-cmd-go-internal-modfetch-detec.patch
+Patch6026:	0026-release-branch.go1.15-cmd-link-generate-trampoline-f.patch
+Patch6027:	0027-release-branch.go1.15-net-http-update-bundled-x-net-.patch
+Patch6028:	0028-release-branch.go1.15-net-http-fix-detection-of-Roun.patch
+Patch6029:	0029-release-branch.go1.15-build-set-GOPATH-consistently-.patch
+Patch6030:	0030-release-branch.go1.15-database-sql-fix-tx-stmt-deadl.patch
+Patch6031:	0031-release-branch.go1.15-cmd-compile-disable-shortcircu.patch
+Patch6032:	0032-release-branch.go1.15-runtime-non-strict-InlTreeInde.patch
+Patch6033:	0033-release-branch.go1.15-cmd-cgo-avoid-exporting-all-sy.patch
+Patch6034:	0034-release-branch.go1.15-cmd-link-avoid-exporting-all-s.patch
+Patch6035:	0035-release-branch.go1.15-cmd-cgo-remove-unnecessary-spa.patch
+Patch6037:	0037-release-branch.go1.15-time-use-offset-and-isDST-when.patch
+Patch6038:	0038-release-branch.go1.15-std-update-golang.org-x-net-to.patch
+Patch6039:	0039-release-branch.go1.15-runtime-time-disable-preemptio.patch
+Patch6040:	0040-release-branch.go1.15-runtime-non-strict-InlTreeInde.patch
+Patch6041:	0041-release-branch.go1.15-runtime-pprof-skip-tests-for-A.patch
+Patch6043:	0043-release-branch.go1.15-math-big-fix-TestShiftOverlap-.patch
+Patch6044:	0044-release-branch.go1.15-math-big-remove-the-s390x-asse.patch
+Patch6045:	0045-net-http-fix-hijack-hang-at-abortPendingRead.patch
+Patch6046:	0046-release-branch.go1.15-net-verify-results-from-Lookup.patch
+Patch6047:	0047-release-branch.go1.15-archive-zip-only-preallocate-F.patch
+Patch6048:	0048-release-branch.go1.15-net-http-httputil-always-remov.patch
+Patch6049:	0049-release-branch.go1.15-math-big-check-for-excessive-e.patch
+Patch6050:	0050-release-branch.go1.15-crypto-tls-test-key-type-when-.patch
+Patch6051:	0051-net-reject-leading-zeros-in-IP-address-parsers.patch
+Patch6052:	0052-release-branch.go1.16-misc-wasm-cmd-link-do-not-let-.patch
+Patch6053:	0053-net-http-httputil-close-incoming-ReverseProxy-reques.patch
+Patch6054:	0054-release-branch.go1.16-net-http-update-bundled-golang.patch
+Patch6055:	0055-release-branch.go1.16-archive-zip-prevent-preallocat.patch
+Patch6056:	0056-release-branch.go1.16-debug-macho-fail-on-invalid-dy.patch
+Patch6057:	0057-release-branch.go1.16-math-big-prevent-overflow-in-R.patch
+Patch6058:	0058-release-branch.go1.16-crypto-elliptic-make-IsOnCurve.patch
+Patch6059:	0059-release-branch.go1.16-regexp-syntax-reject-very-deep.patch
+Patch6060:	0060-cmd-go-internal-modfetch-do-not-short-circuit-canoni.patch
+Patch6061:	0061-release-branch.go1.17-crypto-elliptic-tolerate-zero-.patch
+Patch6062:	0062-release-branch.go1.17-encoding-pem-fix-stack-overflo.patch
+Patch6063:	0063-release-branch.go1.16-syscall-fix-ForkLock-spurious-.patch
+Patch6064:	0064-release-branch.go1.17-net-http-preserve-nil-values-i.patch
+Patch6065:	0065-release-branch.go1.17-go-parser-limit-recursion-dept.patch
+Patch6066:	0066-release-branch.go1.17-net-http-don-t-strip-whitespac.patch
+Patch6067:	0067-release-branch.go1.17-encoding-xml-limit-depth-of-ne.patch
+Patch6068:	0068-release-branch.go1.17-encoding-gob-add-a-depth-limit.patch
+Patch6069:	0069-release-branch.go1.17-path-filepath-fix-stack-exhaus.patch
+Patch6070:	0070-release-branch.go1.17-encoding-xml-use-iterative-Ski.patch
+Patch6071:	0071-release-branch.go1.17-compress-gzip-fix-stack-exhaus.patch
+Patch6072:	0072-release-branch.go1.17-crypto-tls-randomly-generate-t.patch
+Patch6073:	0073-release-branch.go1.17-crypto-rand-properly-handle-la.patch
+Patch6074:	0074-release-branch.go1.17-math-big-check-buffer-lengths-.patch


-Patch9001:       0001-drop-hard-code-cert.patch
-Patch9002:       0002-fix-patch-cmd-go-internal-modfetch-do-not-sho.patch
+Patch9001:	0001-drop-hard-code-cert.patch
+Patch9002:	0002-fix-patch-cmd-go-internal-modfetch-do-not-sho.patch

 %description
 %{summary}.
@ -454,6 +455,9 @@ fi

 %changelog

+* Mon Aug 8 2022 hanchao<hanchao47@huawei.com> - 1.15.7-15
+- fix CVE-2022-32189
+
 * Thu Jul 26 2022 hanchao<hanchao47@huawei.com> - 1.15.7-14
 - fix CVE-2022-32148,CVE-2022-1962,CVE-2022-1705,CVE-2022-30633,
  CVE-2022-30635,CVE-2022-30632,CVE-2022-28131,