diff options
author | Ross Burton <ross.burton@arm.com> | 2023-04-20 13:54:05 +0100 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2023-04-22 11:03:51 +0100 |
commit | 9d059c11a60d1aca8ffefe42c7b49fa3e4180eb3 (patch) | |
tree | 1b36920e4d7985a3b0ac858befab073c74d7d563 | |
parent | 26242b20d407d5e498083d7e6fa082153be75092 (diff) | |
download | openembedded-core-contrib-9d059c11a60d1aca8ffefe42c7b49fa3e4180eb3.tar.gz |
go: backport fix for CVE-2023-24537
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
-rw-r--r-- | meta/recipes-devtools/go/go-1.20.1.inc | 1 | ||||
-rw-r--r-- | meta/recipes-devtools/go/go/CVE-2023-24537.patch | 89 |
2 files changed, 90 insertions, 0 deletions
diff --git a/meta/recipes-devtools/go/go-1.20.1.inc b/meta/recipes-devtools/go/go-1.20.1.inc index b1f569212d..179f0e29eb 100644 --- a/meta/recipes-devtools/go/go-1.20.1.inc +++ b/meta/recipes-devtools/go/go-1.20.1.inc @@ -16,5 +16,6 @@ SRC_URI += "\ file://0009-go-Filter-build-paths-on-staticly-linked-arches.patch \ file://0010-cmd-compile-re-compile-instantiated-generic-methods-.patch \ file://CVE-2023-24532.patch \ + file://CVE-2023-24537.patch \ " SRC_URI[main.sha256sum] = "b5c1a3af52c385a6d1c76aed5361cf26459023980d0320de7658bae3915831a2" diff --git a/meta/recipes-devtools/go/go/CVE-2023-24537.patch b/meta/recipes-devtools/go/go/CVE-2023-24537.patch new file mode 100644 index 0000000000..6b5dc2c8d9 --- /dev/null +++ b/meta/recipes-devtools/go/go/CVE-2023-24537.patch @@ -0,0 +1,89 @@ +From 110e4fb1c2e3a21631704bbfaf672230b9ba2492 Mon Sep 17 00:00:00 2001 +From: Damien Neil <dneil@google.com> +Date: Wed, 22 Mar 2023 09:33:22 -0700 +Subject: [PATCH] go/scanner: reject large line and column numbers in //line + directives + +Setting a large line or column number using a //line directive can cause +integer overflow even in small source files. + +Limit line and column numbers in //line directives to 2^30-1, which +is small enough to avoid int32 overflow on all reasonbly-sized files. + +For #59180 +Fixes CVE-2023-24537 + +Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1802456 +Reviewed-by: Julie Qiu <julieqiu@google.com> +Reviewed-by: Roland Shoemaker <bracewell@google.com> +Run-TryBot: Damien Neil <dneil@google.com> +Change-Id: I149bf34deca532af7994203fa1e6aca3c890ea14 +Reviewed-on: https://go-review.googlesource.com/c/go/+/482078 +Reviewed-by: Matthew Dempsky <mdempsky@google.com> +TryBot-Bypass: Michael Knyszek <mknyszek@google.com> +Run-TryBot: Michael Knyszek <mknyszek@google.com> +Auto-Submit: Michael Knyszek <mknyszek@google.com> + +CVE: CVE-2023-24537 +Upstream-Status: Backport +Signed-off-by: Ross Burton <ross.burton@arm.com> +--- + src/go/parser/parser_test.go | 16 ++++++++++++++++ + src/go/scanner/scanner.go | 7 +++++-- + 2 files changed, 21 insertions(+), 2 deletions(-) + +diff --git a/src/go/parser/parser_test.go b/src/go/parser/parser_test.go +index 153562df75068..22b11a0cc4535 100644 +--- a/src/go/parser/parser_test.go ++++ b/src/go/parser/parser_test.go +@@ -764,3 +764,19 @@ func TestRangePos(t *testing.T) { + }) + } + } ++ ++// TestIssue59180 tests that line number overflow doesn't cause an infinite loop. ++func TestIssue59180(t *testing.T) { ++ testcases := []string{ ++ "package p\n//line :9223372036854775806\n\n//", ++ "package p\n//line :1:9223372036854775806\n\n//", ++ "package p\n//line file:9223372036854775806\n\n//", ++ } ++ ++ for _, src := range testcases { ++ _, err := ParseFile(token.NewFileSet(), "", src, ParseComments) ++ if err == nil { ++ t.Errorf("ParseFile(%s) succeeded unexpectedly", src) ++ } ++ } ++} +diff --git a/src/go/scanner/scanner.go b/src/go/scanner/scanner.go +index 16958d22ce299..0cd9f5901d0bb 100644 +--- a/src/go/scanner/scanner.go ++++ b/src/go/scanner/scanner.go +@@ -253,13 +253,16 @@ func (s *Scanner) updateLineInfo(next, offs int, text []byte) { + return + } + ++ // Put a cap on the maximum size of line and column numbers. ++ // 30 bits allows for some additional space before wrapping an int32. ++ const maxLineCol = 1<<30 - 1 + var line, col int + i2, n2, ok2 := trailingDigits(text[:i-1]) + if ok2 { + //line filename:line:col + i, i2 = i2, i + line, col = n2, n +- if col == 0 { ++ if col == 0 || col > maxLineCol { + s.error(offs+i2, "invalid column number: "+string(text[i2:])) + return + } +@@ -269,7 +272,7 @@ func (s *Scanner) updateLineInfo(next, offs int, text []byte) { + line = n + } + +- if line == 0 { ++ if line == 0 || line > maxLineCol { + s.error(offs+i, "invalid line number: "+string(text[i:])) + return + } |