golang: fix CVE-2022-29804,CVE-2022-29526

Score: CVE-2022-29804: 7.5, CVE-2022-29526: 5.3 Reference: https://go-review.googlesource.com/c/go/+/401595/, https://go-review.googlesource.com/c/go/+/401078/ Conflict: NA Reason: fix CVE-2022-29804,CVE-2022-29526
2022-08-18 20:02:38 +08:00 · 2022-08-18 20:02:38 +08:00 · eeeca13a95
commit eeeca13a95
parent 4fe4d4bc51
3 changed files with 163 additions and 1 deletions
--- a/0075-path-filepath-do-not-remove-prefix-.-when-following-.patch
+++ b/0075-path-filepath-do-not-remove-prefix-.-when-following-.patch
@ -0,0 +1,104 @@
+From 0de49f05ec2b03819ae698c97e9445a6ab928d4c Mon Sep 17 00:00:00 2001
+From: Yasuhiro Matsumoto <mattn.jp@gmail.com>
+Date: Fri, 22 Apr 2022 10:07:51 +0900
+Subject: [PATCH 1/2] path/filepath: do not remove prefix "." when following
+ path contains ":".
+
+Fixes #52476
+
+Change-Id: I9eb72ac7dbccd6322d060291f31831dc389eb9bb
+Reviewed-on: https://go-review.googlesource.com/c/go/+/401595
+Auto-Submit: Ian Lance Taylor <iant@google.com>
+Reviewed-by: Alex Brainman <alex.brainman@gmail.com>
+Run-TryBot: Ian Lance Taylor <iant@google.com>
+Reviewed-by: Ian Lance Taylor <iant@google.com>
+Reviewed-by: Damien Neil <dneil@google.com>
+TryBot-Result: Gopher Robot <gobot@golang.org>
+
+Conflict: NA
+Reference: https://go-review.googlesource.com/c/go/+/401595/
+
+---
+ src/path/filepath/path.go              | 14 +++++++++++++-
+ src/path/filepath/path_test.go         |  3 +++
+ src/path/filepath/path_windows_test.go | 26 ++++++++++++++++++++++++++
+ 3 files changed, 42 insertions(+), 1 deletion(-)
+
+diff --git a/src/path/filepath/path.go b/src/path/filepath/path.go
+index 26f1833189..92dc090eea 100644
+--- a/src/path/filepath/path.go
+++ b/src/path/filepath/path.go
+@@ -116,9 +116,21 @@ func Clean(path string) string {
+ 		case os.IsPathSeparator(path[r]):
+ 			// empty path element
+ 			r++
+-		case path[r] == '.' && (r+1 == n || os.IsPathSeparator(path[r+1])):
+		case path[r] == '.' && r+1 == n:
+ 			// . element
+ 			r++
+		case path[r] == '.' && os.IsPathSeparator(path[r+1]):
+			// ./ element
+			r++
+
+			for r < len(path) && os.IsPathSeparator(path[r]) {
+				r++
+			}
+			if out.w == 0 && volumeNameLen(path[r:]) > 0 {
+				// When joining prefix "." and an absolute path on Windows,
+				// the prefix should not be removed.
+				out.append('.')
+			}
+ 		case path[r] == '.' && path[r+1] == '.' && (r+2 == n || os.IsPathSeparator(path[r+2])):
+ 			// .. element: remove to last separator
+ 			r += 2
+diff --git a/src/path/filepath/path_test.go b/src/path/filepath/path_test.go
+index d6f680556c..531a66333b 100644
+--- a/src/path/filepath/path_test.go
+++ b/src/path/filepath/path_test.go
+@@ -93,6 +93,9 @@ var wincleantests = []PathTest{
+ 	{`//host/share/foo/../baz`, `\\host\share\baz`},
+ 	{`\\a\b\..\c`, `\\a\b\c`},
+ 	{`\\a\b`, `\\a\b`},
+	{`.\c:`, `.\c:`},
+	{`.\c:\foo`, `.\c:\foo`},
+	{`.\c:foo`, `.\c:foo`},
+ }
+ 
+ func TestClean(t *testing.T) {
+diff --git a/src/path/filepath/path_windows_test.go b/src/path/filepath/path_windows_test.go
+index f7c454bf65..e3979fe1e7 100644
+--- a/src/path/filepath/path_windows_test.go
+++ b/src/path/filepath/path_windows_test.go
+@@ -581,3 +581,29 @@ func TestNTNamespaceSymlink(t *testing.T) {
+ 		t.Errorf(`EvalSymlinks(%q): got %q, want %q`, filelink, got, want)
+ 	}
+ }
+
+func TestIssue52476(t *testing.T) {
+	tests := []struct {
+		lhs, rhs string
+		want     string
+	}{
+		{`..\.`, `C:`, `..\C:`},
+		{`..`, `C:`, `..\C:`},
+		{`.`, `:`, `:`},
+		{`.`, `C:`, `.\C:`},
+		{`.`, `C:/a/b/../c`, `.\C:\a\c`},
+		{`.`, `\C:`, `.\C:`},
+		{`C:\`, `.`, `C:\`},
+		{`C:\`, `C:\`, `C:\C:`},
+		{`C`, `:`, `C\:`},
+		{`\.`, `C:`, `\C:`},
+		{`\`, `C:`, `\C:`},
+	}
+
+	for _, test := range tests {
+		got := filepath.Join(test.lhs, test.rhs)
+		if got != test.want {
+			t.Errorf(`Join(%q, %q): got %q, want %q`, test.lhs, test.rhs, got, test.want)
+		}
+	}
+}
+-- 
+2.30.2
+
--- a/0076-release-branch.go1.17-syscall-check-correct-group-in.patch
+++ b/0076-release-branch.go1.17-syscall-check-correct-group-in.patch
@ -0,0 +1,53 @@
+From 77f1f0c3293857f1010dd1899d5a6dafbc21a378 Mon Sep 17 00:00:00 2001
+From: Damien Neil <dneil@google.com>
+Date: Tue, 12 Apr 2022 13:38:17 -0700
+Subject: [PATCH 2/2] [release-branch.go1.17] syscall: check correct group in
+ Faccessat
+
+The Faccessat call checks the user, group, or other permission bits of a
+file to see if the calling process can access it. The test to see if the
+group permissions should be used was made with the wrong group id, using
+the process's group id rather than the file's group id. Fix this to use
+the correct group id.
+
+No test since we cannot easily change file permissions when not running
+as root and the test is meaningless if running as root.
+
+For #52313
+Fixes #52439
+
+Change-Id: I4e2c84754b0af7830b40fd15dedcbc58374d75ee
+Reviewed-on: https://go-review.googlesource.com/c/go/+/399539
+Reviewed-by: Ian Lance Taylor <iant@google.com>
+Run-TryBot: Ian Lance Taylor <iant@google.com>
+TryBot-Result: Gopher Robot <gobot@golang.org>
+(cherry picked from commit f66925e854e71e0c54b581885380a490d7afa30c)
+Reviewed-on: https://go-review.googlesource.com/c/go/+/401078
+Auto-Submit: Tatiana Bradley <tatiana@golang.org>
+Run-TryBot: Tatiana Bradley <tatiana@golang.org>
+Run-TryBot: Damien Neil <dneil@google.com>
+Auto-Submit: Damien Neil <dneil@google.com>
+Reviewed-by: Tatiana Bradley <tatiana@golang.org>
+
+Conflict: NA
+Reference: https://go-review.googlesource.com/c/go/+/401078/
+---
+ src/syscall/syscall_linux.go | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/syscall/syscall_linux.go b/src/syscall/syscall_linux.go
+index 07fe6a6c2b..dbf16d9af2 100644
+--- a/src/syscall/syscall_linux.go
+++ b/src/syscall/syscall_linux.go
+@@ -106,7 +106,7 @@ func Faccessat(dirfd int, path string, mode uint32, flags int) (err error) {
+ 			gid = Getgid()
+ 		}
+ 
+-		if uint32(gid) == st.Gid || isGroupMember(gid) {
+		if uint32(gid) == st.Gid || isGroupMember(int(st.Gid)) {
+ 			fmode = (st.Mode >> 3) & 7
+ 		} else {
+ 			fmode = st.Mode & 7
+-- 
+2.30.2
+
--- a/golang.spec
+++ b/golang.spec
@ -62,7 +62,7 @@

 Name:           golang
 Version:        1.15.7
-Release:        15
+Release:        16
 Summary:        The Go Programming Language
 License:        BSD and Public Domain
 URL:            https://golang.org/
@ -220,6 +220,8 @@ Patch6071:	0071-release-branch.go1.17-compress-gzip-fix-stack-exhaus.patch
 Patch6072:	0072-release-branch.go1.17-crypto-tls-randomly-generate-t.patch
 Patch6073:	0073-release-branch.go1.17-crypto-rand-properly-handle-la.patch
 Patch6074:	0074-release-branch.go1.17-math-big-check-buffer-lengths-.patch
+Patch6075:	0075-path-filepath-do-not-remove-prefix-.-when-following-.patch
+Patch6076:	0076-release-branch.go1.17-syscall-check-correct-group-in.patch


 Patch9001:	0001-drop-hard-code-cert.patch
@ -455,6 +457,9 @@ fi

 %changelog

+* Tue Aug 18 2022 hanchao<hanchao47@huawei.com> - 1.15.7-16
+- fix CVE-2022-29804,CVE-2022-29526
+
 * Mon Aug 8 2022 hanchao<hanchao47@huawei.com> - 1.15.7-15
 - fix CVE-2022-32189