packages/golang
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
golang/0057-release-branch.go1.16-math-big-prevent-overflow-in-R.patch
hanchao 2b2e619ed0 fix CVE-2022-23772 CVE-2022-23806 
Reference:https://go-review.googlesource.com/c/go/+/382835;https://go-review.googlesource.com/c/go/+/381336;https://go-review.googlesource.com/c/go/+/382854
Conflict:NA
Score:CVE-2022-23772:7.5 CVE-2022-23806:9.1
Reason:fix CVE-2022-23772  CVE-2022-23806
2022-03-05 16:42:40 +08:00

65 lines
2.0 KiB
Diff
Raw Permalink Blame History

From 3ebb1762fb1942b4ffe932000f873e16c194a2d7 Mon Sep 17 00:00:00 2001
From: Katie Hockman <katie@golang.org>
Date: Wed, 2 Mar 2022 10:52:56 +0800
Subject: [Backport 1/3] [release-branch.go1.16] math/big: prevent overflow in
(*Rat).SetString
Credit to rsc@ for the original patch.
Thanks to the OSS-Fuzz project for discovering this
issue and to Emmanuel Odeke (@odeke_et) for reporting it.
Updates #50699
Fixes #50700
Fixes CVE-2022-23772
Change-Id: I590395a3d55689625390cf1e58f5f40623b26ee5
Reviewed-on: https://go-review.googlesource.com/c/go/+/379537
Trust: Katie Hockman <katie@golang.org>
Run-TryBot: Katie Hockman <katie@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Emmanuel Odeke <emmanuel@orijtech.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Julie Qiu <julie@golang.org>
(cherry picked from commit ad345c265916bbf6c646865e4642eafce6d39e78)
Reviewed-on: https://go-review.googlesource.com/c/go/+/381337
Reference:https://go-review.googlesource.com/c/go/+/381337
Conflict:NA
---
src/math/big/ratconv.go | 5 +++++
src/math/big/ratconv_test.go | 1 +
2 files changed, 6 insertions(+)
diff --git a/src/math/big/ratconv.go b/src/math/big/ratconv.go
index ac3c8bd..90053a9 100644
--- a/src/math/big/ratconv.go
+++ b/src/math/big/ratconv.go
@@ -169,6 +169,11 @@ func (z *Rat) SetString(s string) (*Rat, bool) {
n := exp5
if n < 0 {
n = -n
+ if n < 0 {
+ // This can occur if -n overflows. -(-1 << 63) would become
+ // -1 << 63, which is still negative.
+ return nil, false
+ }
}
if n > 1e6 {
return nil, false // avoid excessively large exponents
diff --git a/src/math/big/ratconv_test.go b/src/math/big/ratconv_test.go
index 15d206c..e55e655 100644
--- a/src/math/big/ratconv_test.go
+++ b/src/math/big/ratconv_test.go
@@ -104,6 +104,7 @@ var setStringTests = []StringTest{
{in: "4/3/"},
{in: "4/3."},
{in: "4/"},
+ {in: "13e-9223372036854775808"}, // CVE-2022-23772
// valid
{"0", "0", true},
--
2.30.0
Reference in New Issue View Git Blame Copy Permalink