packages/golang
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!107 golang: fix CVE-2022-32189

Browse Source 
From: @hcnbxx 
Reviewed-by: @zhangsong234, @jing-rui 
Signed-off-by: @jing-rui
This commit is contained in:
openeuler-ci-bot 2022-08-09 09:35:38 +00:00 committed by Gitee
commit 4fe4d4bc51
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 204 additions and 71 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

129
0074-release-branch.go1.17-math-big-check-buffer-lengths-.patch Normal file
View File

@ -0,0 +1,129 @@
From 490df635ab990bcc5796cf5765c74675503d9964 Mon Sep 17 00:00:00 2001
From: Roland Shoemaker <roland@golang.org>
Date: Fri, 15 Jul 2022 10:43:44 -0700
Subject: [PATCH] [release-branch.go1.17] math/big: check buffer lengths in
GobDecode
In Float.GobDecode and Rat.GobDecode, check buffer sizes before
indexing slices.
Updates #53871
Fixes #54094
Change-Id: I1b652c32c2bc7a0e8aa7620f7be9b2740c568b0a
Reviewed-on: https://go-review.googlesource.com/c/go/+/417774
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Tatiana Bradley <tatiana@golang.org>
Run-TryBot: Roland Shoemaker <roland@golang.org>
(cherry picked from commit 055113ef364337607e3e72ed7d48df67fde6fc66)
Reviewed-on: https://go-review.googlesource.com/c/go/+/419814
Reviewed-by: Julie Qiu <julieqiu@google.com>
Conflict:NA
Reference:https://go-review.googlesource.com/c/go/+/419814
---
src/math/big/floatmarsh.go | 7 +++++++
src/math/big/floatmarsh_test.go | 12 ++++++++++++
src/math/big/ratmarsh.go | 6 ++++++
src/math/big/ratmarsh_test.go | 12 ++++++++++++
4 files changed, 37 insertions(+)
diff --git a/src/math/big/floatmarsh.go b/src/math/big/floatmarsh.go
index d1c1dab069..990e085abe 100644
--- a/src/math/big/floatmarsh.go
+++ b/src/math/big/floatmarsh.go
@@ -8,6 +8,7 @@ package big
import (
"encoding/binary"
+ "errors"
"fmt"
)
@@ -67,6 +68,9 @@ func (z *Float) GobDecode(buf []byte) error {
*z = Float{}
return nil
}
+ if len(buf) < 6 {
+ return errors.New("Float.GobDecode: buffer too small")
+ }
if buf[0] != floatGobVersion {
return fmt.Errorf("Float.GobDecode: encoding version %d not supported", buf[0])
@@ -83,6 +87,9 @@ func (z *Float) GobDecode(buf []byte) error {
z.prec = binary.BigEndian.Uint32(buf[2:])
if z.form == finite {
+ if len(buf) < 10 {
+ return errors.New("Float.GobDecode: buffer too small for finite form float")
+ }
z.exp = int32(binary.BigEndian.Uint32(buf[6:]))
z.mant = z.mant.setBytes(buf[10:])
}
diff --git a/src/math/big/floatmarsh_test.go b/src/math/big/floatmarsh_test.go
index c056d78b80..401f45a51f 100644
--- a/src/math/big/floatmarsh_test.go
+++ b/src/math/big/floatmarsh_test.go
@@ -137,3 +137,15 @@ func TestFloatJSONEncoding(t *testing.T) {
}
}
}
+
+func TestFloatGobDecodeShortBuffer(t *testing.T) {
+ for _, tc := range [][]byte{
+ []byte{0x1, 0x0, 0x0, 0x0},
+ []byte{0x1, 0xfa, 0x0, 0x0, 0x0, 0x0},
+ } {
+ err := NewFloat(0).GobDecode(tc)
+ if err == nil {
+ t.Error("expected GobDecode to return error for malformed input")
+ }
+ }
+}
diff --git a/src/math/big/ratmarsh.go b/src/math/big/ratmarsh.go
index fbc7b6002d..56102e845b 100644
--- a/src/math/big/ratmarsh.go
+++ b/src/math/big/ratmarsh.go
@@ -45,12 +45,18 @@ func (z *Rat) GobDecode(buf []byte) error {
*z = Rat{}
return nil
}
+ if len(buf) < 5 {
+ return errors.New("Rat.GobDecode: buffer too small")
+ }
b := buf[0]
if b>>1 != ratGobVersion {
return fmt.Errorf("Rat.GobDecode: encoding version %d not supported", b>>1)
}
const j = 1 + 4
i := j + binary.BigEndian.Uint32(buf[j-4:j])
+ if len(buf) < int(i) {
+ return errors.New("Rat.GobDecode: buffer too small")
+ }
z.a.neg = b&1 != 0
z.a.abs = z.a.abs.setBytes(buf[j:i])
z.b.abs = z.b.abs.setBytes(buf[i:])
diff --git a/src/math/big/ratmarsh_test.go b/src/math/big/ratmarsh_test.go
index 351d109f8d..55a9878bb8 100644
--- a/src/math/big/ratmarsh_test.go
+++ b/src/math/big/ratmarsh_test.go
@@ -123,3 +123,15 @@ func TestRatXMLEncoding(t *testing.T) {
}
}
}
+
+func TestRatGobDecodeShortBuffer(t *testing.T) {
+ for _, tc := range [][]byte{
+ []byte{0x2},
+ []byte{0x2, 0x0, 0x0, 0x0, 0xff},
+ } {
+ err := NewRat(1, 2).GobDecode(tc)
+ if err == nil {
+ t.Error("expected GobDecode to return error for malformed input")
+ }
+ }
+}
--
2.30.2

6
golang.spec
View File

@ -62,7 +62,7 @@
Name: golang Name: golang
Version: 1.15.7 Version: 1.15.7
Release: 14 Release: 15
Summary: The Go Programming Language Summary: The Go Programming Language
License: BSD and Public Domain License: BSD and Public Domain
URL: https://golang.org/ URL: https://golang.org/
@ -219,6 +219,7 @@ Patch6070: 0070-release-branch.go1.17-encoding-xml-use-iterative-Ski.patch
Patch6071: 0071-release-branch.go1.17-compress-gzip-fix-stack-exhaus.patch Patch6071: 0071-release-branch.go1.17-compress-gzip-fix-stack-exhaus.patch
Patch6072: 0072-release-branch.go1.17-crypto-tls-randomly-generate-t.patch Patch6072: 0072-release-branch.go1.17-crypto-tls-randomly-generate-t.patch
Patch6073: 0073-release-branch.go1.17-crypto-rand-properly-handle-la.patch Patch6073: 0073-release-branch.go1.17-crypto-rand-properly-handle-la.patch
Patch6074: 0074-release-branch.go1.17-math-big-check-buffer-lengths-.patch
Patch9001: 0001-drop-hard-code-cert.patch Patch9001: 0001-drop-hard-code-cert.patch
@ -454,6 +455,9 @@ fi
%changelog %changelog
* Mon Aug 8 2022 hanchao<hanchao47@huawei.com> - 1.15.7-15
- fix CVE-2022-32189
* Thu Jul 26 2022 hanchao<hanchao47@huawei.com> - 1.15.7-14 * Thu Jul 26 2022 hanchao<hanchao47@huawei.com> - 1.15.7-14
- fix CVE-2022-32148,CVE-2022-1962,CVE-2022-1705,CVE-2022-30633, - fix CVE-2022-32148,CVE-2022-1962,CVE-2022-1705,CVE-2022-30633,
CVE-2022-30635,CVE-2022-30632,CVE-2022-28131, CVE-2022-30635,CVE-2022-30632,CVE-2022-28131,