diff options
Diffstat (limited to 'meta/recipes-devtools/go/go-1.14/CVE-2022-32189.patch')
| -rw-r--r-- | meta/recipes-devtools/go/go-1.14/CVE-2022-32189.patch | 113 |
1 files changed, 113 insertions, 0 deletions
diff --git a/meta/recipes-devtools/go/go-1.14/CVE-2022-32189.patch b/meta/recipes-devtools/go/go-1.14/CVE-2022-32189.patch new file mode 100644 index 0000000000..15fda7de1b --- /dev/null +++ b/meta/recipes-devtools/go/go-1.14/CVE-2022-32189.patch @@ -0,0 +1,113 @@ +From 027e7e1578d3d7614f7586eff3894b83d9709e14 Mon Sep 17 00:00:00 2001 +From: Hitendra Prajapati <hprajapati@mvista.com> +Date: Mon, 29 Aug 2022 10:08:34 +0530 +Subject: [PATCH] CVE-2022-32189 + +Upstream-Status: Backport [https://github.com/golang/go/commit/703c8ab7e5ba75c95553d4e249309297abad7102] +CVE: CVE-2022-32189 +Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> +--- + src/math/big/floatmarsh.go | 7 +++++++ + src/math/big/floatmarsh_test.go | 12 ++++++++++++ + src/math/big/ratmarsh.go | 6 ++++++ + src/math/big/ratmarsh_test.go | 12 ++++++++++++ + 4 files changed, 37 insertions(+) + +diff --git a/src/math/big/floatmarsh.go b/src/math/big/floatmarsh.go +index d1c1dab..990e085 100644 +--- a/src/math/big/floatmarsh.go ++++ b/src/math/big/floatmarsh.go +@@ -8,6 +8,7 @@ package big + + import ( + "encoding/binary" ++ "errors" + "fmt" + ) + +@@ -67,6 +68,9 @@ func (z *Float) GobDecode(buf []byte) error { + *z = Float{} + return nil + } ++ if len(buf) < 6 { ++ return errors.New("Float.GobDecode: buffer too small") ++ } + + if buf[0] != floatGobVersion { + return fmt.Errorf("Float.GobDecode: encoding version %d not supported", buf[0]) +@@ -83,6 +87,9 @@ func (z *Float) GobDecode(buf []byte) error { + z.prec = binary.BigEndian.Uint32(buf[2:]) + + if z.form == finite { ++ if len(buf) < 10 { ++ return errors.New("Float.GobDecode: buffer too small for finite form float") ++ } + z.exp = int32(binary.BigEndian.Uint32(buf[6:])) + z.mant = z.mant.setBytes(buf[10:]) + } +diff --git a/src/math/big/floatmarsh_test.go b/src/math/big/floatmarsh_test.go +index c056d78..401f45a 100644 +--- a/src/math/big/floatmarsh_test.go ++++ b/src/math/big/floatmarsh_test.go +@@ -137,3 +137,15 @@ func TestFloatJSONEncoding(t *testing.T) { + } + } + } ++ ++func TestFloatGobDecodeShortBuffer(t *testing.T) { ++ for _, tc := range [][]byte{ ++ []byte{0x1, 0x0, 0x0, 0x0}, ++ []byte{0x1, 0xfa, 0x0, 0x0, 0x0, 0x0}, ++ } { ++ err := NewFloat(0).GobDecode(tc) ++ if err == nil { ++ t.Error("expected GobDecode to return error for malformed input") ++ } ++ } ++} +diff --git a/src/math/big/ratmarsh.go b/src/math/big/ratmarsh.go +index fbc7b60..56102e8 100644 +--- a/src/math/big/ratmarsh.go ++++ b/src/math/big/ratmarsh.go +@@ -45,12 +45,18 @@ func (z *Rat) GobDecode(buf []byte) error { + *z = Rat{} + return nil + } ++ if len(buf) < 5 { ++ return errors.New("Rat.GobDecode: buffer too small") ++ } + b := buf[0] + if b>>1 != ratGobVersion { + return fmt.Errorf("Rat.GobDecode: encoding version %d not supported", b>>1) + } + const j = 1 + 4 + i := j + binary.BigEndian.Uint32(buf[j-4:j]) ++ if len(buf) < int(i) { ++ return errors.New("Rat.GobDecode: buffer too small") ++ } + z.a.neg = b&1 != 0 + z.a.abs = z.a.abs.setBytes(buf[j:i]) + z.b.abs = z.b.abs.setBytes(buf[i:]) +diff --git a/src/math/big/ratmarsh_test.go b/src/math/big/ratmarsh_test.go +index 351d109..55a9878 100644 +--- a/src/math/big/ratmarsh_test.go ++++ b/src/math/big/ratmarsh_test.go +@@ -123,3 +123,15 @@ func TestRatXMLEncoding(t *testing.T) { + } + } + } ++ ++func TestRatGobDecodeShortBuffer(t *testing.T) { ++ for _, tc := range [][]byte{ ++ []byte{0x2}, ++ []byte{0x2, 0x0, 0x0, 0x0, 0xff}, ++ } { ++ err := NewRat(1, 2).GobDecode(tc) ++ if err == nil { ++ t.Error("expected GobDecode to return error for malformed input") ++ } ++ } ++} +-- +2.25.1 + |