diff options
Diffstat (limited to 'meta/recipes-devtools/go/go-1.14/CVE-2022-41725-pre1.patch')
-rw-r--r-- | meta/recipes-devtools/go/go-1.14/CVE-2022-41725-pre1.patch | 85 |
1 files changed, 85 insertions, 0 deletions
diff --git a/meta/recipes-devtools/go/go-1.14/CVE-2022-41725-pre1.patch b/meta/recipes-devtools/go/go-1.14/CVE-2022-41725-pre1.patch new file mode 100644 index 0000000000..37ebc41947 --- /dev/null +++ b/meta/recipes-devtools/go/go-1.14/CVE-2022-41725-pre1.patch @@ -0,0 +1,85 @@ +From 874b3132a84cf76da6a48978826c04c380a37a50 Mon Sep 17 00:00:00 2001 +From: avivklas <avivklas@gmail.com> +Date: Fri, 7 Aug 2020 21:50:12 +0300 +Subject: [PATCH] mime/multipart: return overflow errors in Reader.ReadForm + +Updates Reader.ReadForm to check for overflow errors that may +result from a leeway addition of 10MiB to the input argument +maxMemory. + +Fixes #40430 + +Change-Id: I510b8966c95c51d04695ba9d08fcfe005fd11a5d +Reviewed-on: https://go-review.googlesource.com/c/go/+/247477 +Run-TryBot: Emmanuel Odeke <emm.odeke@gmail.com> +Trust: Cuong Manh Le <cuong.manhle.vn@gmail.com> +Trust: Emmanuel Odeke <emm.odeke@gmail.com> +TryBot-Result: Go Bot <gobot@golang.org> +Reviewed-by: Emmanuel Odeke <emm.odeke@gmail.com> + +Upstream-Status: Backport [https://github.com/golang/go/commit/874b3132a84cf76da6a48978826c04c380a37a50] +CVE: CVE-2022-41725 #Dependency Patch1 +Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> +--- + src/mime/multipart/formdata.go | 4 ++++ + src/mime/multipart/formdata_test.go | 18 ++++++++++++++++++ + 2 files changed, 22 insertions(+) + +diff --git a/src/mime/multipart/formdata.go b/src/mime/multipart/formdata.go +index 832d0ad693666..4eb31012941ac 100644 +--- a/src/mime/multipart/formdata.go ++++ b/src/mime/multipart/formdata.go +@@ -7,6 +7,7 @@ package multipart + import ( + "bytes" + "errors" ++ "fmt" + "io" + "io/ioutil" + "net/textproto" +@@ -41,6 +42,9 @@ func (r *Reader) readForm(maxMemory int64) (_ *Form, err error) { + + // Reserve an additional 10 MB for non-file parts. + maxValueBytes := maxMemory + int64(10<<20) ++ if maxValueBytes <= 0 { ++ return nil, fmt.Errorf("multipart: integer overflow from maxMemory(%d) + 10MiB for non-file parts", maxMemory) ++ } + for { + p, err := r.NextPart() + if err == io.EOF { +diff --git a/src/mime/multipart/formdata_test.go b/src/mime/multipart/formdata_test.go +index 7d756c8c244a0..7112e0d3727fe 100644 +--- a/src/mime/multipart/formdata_test.go ++++ b/src/mime/multipart/formdata_test.go +@@ -7,6 +7,7 @@ package multipart + import ( + "bytes" + "io" ++ "math" + "os" + "strings" + "testing" +@@ -52,6 +53,23 @@ func TestReadFormWithNamelessFile(t *testing.T) { + } + } + ++// Issue 40430: Ensure that we report integer overflows in additions of maxMemory, ++// instead of silently and subtly failing without indication. ++func TestReadFormMaxMemoryOverflow(t *testing.T) { ++ b := strings.NewReader(strings.ReplaceAll(messageWithTextContentType, "\n", "\r\n")) ++ r := NewReader(b, boundary) ++ f, err := r.ReadForm(math.MaxInt64) ++ if err == nil { ++ t.Fatal("Unexpected a non-nil error") ++ } ++ if f != nil { ++ t.Fatalf("Unexpected returned a non-nil form: %v\n", f) ++ } ++ if g, w := err.Error(), "integer overflow from maxMemory"; !strings.Contains(g, w) { ++ t.Errorf(`Error mismatch\n%q\ndid not contain\n%q`, g, w) ++ } ++} ++ + func TestReadFormWithTextContentType(t *testing.T) { + // From https://github.com/golang/go/issues/24041 + b := strings.NewReader(strings.ReplaceAll(messageWithTextContentType, "\n", "\r\n")) |