golang/0006-release-branch.go1.19-net-http-update-bundled-golang.patch

From 5c3e11bd0b5c0a86e5beffcd4339b86a902b21c3 Mon Sep 17 00:00:00 2001
From: Roland Shoemaker <bracewell@google.com>
Date: Mon, 6 Feb 2023 10:03:44 -0800
Subject: [PATCH] [release-branch.go1.19] net/http: update bundled
 golang.org/x/net/http2

Disable cmd/internal/moddeps test, since this update includes PRIVATE
track fixes.

Fixes CVE-2022-41723
Fixes #58355
Updates #57855

Change-Id: Ie870562a6f6e44e4e8f57db6a0dde1a41a2b090c
Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1728939
Reviewed-by: Damien Neil <dneil@google.com>
Reviewed-by: Julie Qiu <julieqiu@google.com>
Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
Run-TryBot: Roland Shoemaker <bracewell@google.com>
Reviewed-on: https://go-review.googlesource.com/c/go/+/468118
TryBot-Result: Gopher Robot <gobot@golang.org>
Run-TryBot: Michael Pratt <mpratt@google.com>
Auto-Submit: Michael Pratt <mpratt@google.com>
Reviewed-by: Than McIntosh <thanm@google.com>
---
 src/cmd/internal/moddeps/moddeps_test.go      |  2 +-
 .../golang.org/x/net/http2/hpack/hpack.go     | 79 ++++++++++++-------
 2 files changed, 50 insertions(+), 31 deletions(-)

diff --git a/src/cmd/internal/moddeps/moddeps_test.go b/src/cmd/internal/moddeps/moddeps_test.go
index e96edf1f30..1fc9f708bd 100644
--- a/src/cmd/internal/moddeps/moddeps_test.go
+++ b/src/cmd/internal/moddeps/moddeps_test.go
@@ -33,7 +33,7 @@ import (
 // See issues 36852, 41409, and 43687.
 // (Also see golang.org/issue/27348.)
 func TestAllDependencies(t *testing.T) {
-	t.Skip("TODO(#57009): 1.19.4 contains unreleased changes from vendored modules")
+	t.Skip("TODO(#58355): 1.19.4 contains unreleased changes from vendored modules")
 
 	goBin := testenv.GoToolPath(t)
 
diff --git a/src/vendor/golang.org/x/net/http2/hpack/hpack.go b/src/vendor/golang.org/x/net/http2/hpack/hpack.go
index 85f18a2b0a..02e80e30a4 100644
--- a/src/vendor/golang.org/x/net/http2/hpack/hpack.go
+++ b/src/vendor/golang.org/x/net/http2/hpack/hpack.go
@@ -359,6 +359,7 @@ func (d *Decoder) parseFieldLiteral(n uint8, it indexType) error {
 
 	var hf HeaderField
 	wantStr := d.emitEnabled || it.indexed()
+	var undecodedName undecodedString
 	if nameIdx > 0 {
 		ihf, ok := d.at(nameIdx)
 		if !ok {
@@ -366,15 +367,27 @@ func (d *Decoder) parseFieldLiteral(n uint8, it indexType) error {
 		}
 		hf.Name = ihf.Name
 	} else {
-		hf.Name, buf, err = d.readString(buf, wantStr)
+		undecodedName, buf, err = d.readString(buf)
 		if err != nil {
 			return err
 		}
 	}
-	hf.Value, buf, err = d.readString(buf, wantStr)
+	undecodedValue, buf, err := d.readString(buf)
 	if err != nil {
 		return err
 	}
+	if wantStr {
+		if nameIdx <= 0 {
+			hf.Name, err = d.decodeString(undecodedName)
+			if err != nil {
+				return err
+			}
+		}
+		hf.Value, err = d.decodeString(undecodedValue)
+		if err != nil {
+			return err
+		}
+	}
 	d.buf = buf
 	if it.indexed() {
 		d.dynTab.add(hf)
@@ -459,46 +472,52 @@ func readVarInt(n byte, p []byte) (i uint64, remain []byte, err error) {
 	return 0, origP, errNeedMore
 }
 
-// readString decodes an hpack string from p.
+// readString reads an hpack string from p.
 //
-// wantStr is whether s will be used. If false, decompression and
-// []byte->string garbage are skipped if s will be ignored
-// anyway. This does mean that huffman decoding errors for non-indexed
-// strings past the MAX_HEADER_LIST_SIZE are ignored, but the server
-// is returning an error anyway, and because they're not indexed, the error
-// won't affect the decoding state.
-func (d *Decoder) readString(p []byte, wantStr bool) (s string, remain []byte, err error) {
+// It returns a reference to the encoded string data to permit deferring decode costs
+// until after the caller verifies all data is present.
+func (d *Decoder) readString(p []byte) (u undecodedString, remain []byte, err error) {
 	if len(p) == 0 {
-		return "", p, errNeedMore
+		return u, p, errNeedMore
 	}
 	isHuff := p[0]&128 != 0
 	strLen, p, err := readVarInt(7, p)
 	if err != nil {
-		return "", p, err
+		return u, p, err
 	}
 	if d.maxStrLen != 0 && strLen > uint64(d.maxStrLen) {
-		return "", nil, ErrStringLength
+		// Returning an error here means Huffman decoding errors
+		// for non-indexed strings past the maximum string length
+		// are ignored, but the server is returning an error anyway
+		// and because the string is not indexed the error will not
+		// affect the decoding state.
+		return u, nil, ErrStringLength
 	}
 	if uint64(len(p)) < strLen {
-		return "", p, errNeedMore
-	}
-	if !isHuff {
-		if wantStr {
-			s = string(p[:strLen])
-		}
-		return s, p[strLen:], nil
+		return u, p, errNeedMore
 	}
+	u.isHuff = isHuff
+	u.b = p[:strLen]
+	return u, p[strLen:], nil
+}
 
-	if wantStr {
-		buf := bufPool.Get().(*bytes.Buffer)
-		buf.Reset() // don't trust others
-		defer bufPool.Put(buf)
-		if err := huffmanDecode(buf, d.maxStrLen, p[:strLen]); err != nil {
-			buf.Reset()
-			return "", nil, err
-		}
+type undecodedString struct {
+	isHuff bool
+	b      []byte
+}
+
+func (d *Decoder) decodeString(u undecodedString) (string, error) {
+	if !u.isHuff {
+		return string(u.b), nil
+	}
+	buf := bufPool.Get().(*bytes.Buffer)
+	buf.Reset() // don't trust others
+	var s string
+	err := huffmanDecode(buf, d.maxStrLen, u.b)
+	if err == nil {
 		s = buf.String()
-		buf.Reset() // be nice to GC
 	}
-	return s, p[strLen:], nil
+	buf.Reset() // be nice to GC
+	bufPool.Put(buf)
+	return s, err
 }
-- 
2.37.1
[Backport] fix some CVE CVE num upstream commit openEuler patch CVE-2023-29400 9db0e74f606b8afb28cc71d4b1c8b4ed24cabbf5 0016-release-branch.go1.19-html-template-emit-filterFails.patch CVE-2023-24540 ce7bd33345416e6d8cac901792060591cafc2797 0015-release-branch.go1.19-html-template-handle-all-JS-wh.patch CVE-2023-24539 e49282327b05192e46086bf25fd3ac691205fe80 0014-release-branch.go1.19-html-template-disallow-angle-b.patch CVE-2023-24538 b1e3ecfa06b67014429a197ec5e134ce4303ad9b 0013-release-branch.go1.19-html-template-disallow-actions.patch CVE-2023-24537 126a1d02da82f93ede7ce0bd8d3c51ef627f2104 0012-release-branch.go1.19-go-scanner-reject-large-line-a.patch CVE-2023-24536 7917b5f31204528ea72e0629f0b7d52b35b27538 0011-release-branch.go1.19-mime-multipart-limit-parsed-mi.patch CVE-2023-24536 7a359a651c7ebdb29e0a1c03102fce793e9f58f0 0010-release-branch.go1.19-net-textproto-mime-multipart-i.patch CVE-2023-24536 ef41a4e2face45e580c5836eaebd51629fc23f15 0009-release-branch.go1.19-mime-multipart-avoid-excessive.patch CVE-2023-24534 d6759e7a059f4208f07aa781402841d7ddaaef96 0008-release-branch.go1.19-net-textproto-avoid-overpredic.patch CVE-2023-24532 639b67ed114151c0d786aa26e7faeab942400703 0007-release-branch.go1.19-crypto-internal-nistec-reduce-.patch CVE-2022-41723 5c3e11bd0b5c0a86e5beffcd4339b86a902b21c3 0006-release-branch.go1.19-net-http-update-bundled-golang.patch CVE-2022-41724 00b256e9e3c0fa02a278ec9dfc3e191e02ceaf80 0005-release-branch.go1.19-crypto-tls-replace-all-usages-.patch CVE-2022-41725 5c55ac9bf1e5f779220294c843526536605f42ab 0004-release-branch.go1.19-mime-multipart-limit-memory-in.patch CVE-2022-41722 3345ddca41f00f9ed6fc3c1a36f6e2bede02d7ff 0003-release-branch.go1.19-path-filepath-do-not-Clean-a-..patch Signed-off-by: zhangzhihui <zhangzhihui@xfusion.com> 2023-05-10 15:59:54 +08:00			`From 5c3e11bd0b5c0a86e5beffcd4339b86a902b21c3 Mon Sep 17 00:00:00 2001`
			`From: Roland Shoemaker <bracewell@google.com>`
			`Date: Mon, 6 Feb 2023 10:03:44 -0800`
			`Subject: [PATCH] [release-branch.go1.19] net/http: update bundled`
			`golang.org/x/net/http2`

			`Disable cmd/internal/moddeps test, since this update includes PRIVATE`
			`track fixes.`

			`Fixes CVE-2022-41723`
			`Fixes #58355`
			`Updates #57855`

			`Change-Id: Ie870562a6f6e44e4e8f57db6a0dde1a41a2b090c`
			`Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1728939`
			`Reviewed-by: Damien Neil <dneil@google.com>`
			`Reviewed-by: Julie Qiu <julieqiu@google.com>`
			`Reviewed-by: Tatiana Bradley <tatianabradley@google.com>`
			`Run-TryBot: Roland Shoemaker <bracewell@google.com>`
			`Reviewed-on: https://go-review.googlesource.com/c/go/+/468118`
			`TryBot-Result: Gopher Robot <gobot@golang.org>`
			`Run-TryBot: Michael Pratt <mpratt@google.com>`
			`Auto-Submit: Michael Pratt <mpratt@google.com>`
			`Reviewed-by: Than McIntosh <thanm@google.com>`
			`---`
			`src/cmd/internal/moddeps/moddeps_test.go \| 2 +-`
			`.../golang.org/x/net/http2/hpack/hpack.go \| 79 ++++++++++++-------`
			`2 files changed, 50 insertions(+), 31 deletions(-)`

			`diff --git a/src/cmd/internal/moddeps/moddeps_test.go b/src/cmd/internal/moddeps/moddeps_test.go`
			`index e96edf1f30..1fc9f708bd 100644`
			`--- a/src/cmd/internal/moddeps/moddeps_test.go`
			`+++ b/src/cmd/internal/moddeps/moddeps_test.go`
			`@@ -33,7 +33,7 @@ import (`
			`// See issues 36852, 41409, and 43687.`
			`// (Also see golang.org/issue/27348.)`
			`func TestAllDependencies(t *testing.T) {`
			`- t.Skip("TODO(#57009): 1.19.4 contains unreleased changes from vendored modules")`
			`+ t.Skip("TODO(#58355): 1.19.4 contains unreleased changes from vendored modules")`

			`goBin := testenv.GoToolPath(t)`

			`diff --git a/src/vendor/golang.org/x/net/http2/hpack/hpack.go b/src/vendor/golang.org/x/net/http2/hpack/hpack.go`
			`index 85f18a2b0a..02e80e30a4 100644`
			`--- a/src/vendor/golang.org/x/net/http2/hpack/hpack.go`
			`+++ b/src/vendor/golang.org/x/net/http2/hpack/hpack.go`
			`@@ -359,6 +359,7 @@ func (d *Decoder) parseFieldLiteral(n uint8, it indexType) error {`

			`var hf HeaderField`
			`wantStr := d.emitEnabled \|\| it.indexed()`
			`+ var undecodedName undecodedString`
			`if nameIdx > 0 {`
			`ihf, ok := d.at(nameIdx)`
			`if !ok {`
			`@@ -366,15 +367,27 @@ func (d *Decoder) parseFieldLiteral(n uint8, it indexType) error {`
			`}`
			`hf.Name = ihf.Name`
			`} else {`
			`- hf.Name, buf, err = d.readString(buf, wantStr)`
			`+ undecodedName, buf, err = d.readString(buf)`
			`if err != nil {`
			`return err`
			`}`
			`}`
			`- hf.Value, buf, err = d.readString(buf, wantStr)`
			`+ undecodedValue, buf, err := d.readString(buf)`
			`if err != nil {`
			`return err`
			`}`
			`+ if wantStr {`
			`+ if nameIdx <= 0 {`
			`+ hf.Name, err = d.decodeString(undecodedName)`
			`+ if err != nil {`
			`+ return err`
			`+ }`
			`+ }`
			`+ hf.Value, err = d.decodeString(undecodedValue)`
			`+ if err != nil {`
			`+ return err`
			`+ }`
			`+ }`
			`d.buf = buf`
			`if it.indexed() {`
			`d.dynTab.add(hf)`
			`@@ -459,46 +472,52 @@ func readVarInt(n byte, p []byte) (i uint64, remain []byte, err error) {`
			`return 0, origP, errNeedMore`
			`}`

			`-// readString decodes an hpack string from p.`
			`+// readString reads an hpack string from p.`
			`//`
			`-// wantStr is whether s will be used. If false, decompression and`
			`-// []byte->string garbage are skipped if s will be ignored`
			`-// anyway. This does mean that huffman decoding errors for non-indexed`
			`-// strings past the MAX_HEADER_LIST_SIZE are ignored, but the server`
			`-// is returning an error anyway, and because they're not indexed, the error`
			`-// won't affect the decoding state.`
			`-func (d *Decoder) readString(p []byte, wantStr bool) (s string, remain []byte, err error) {`
			`+// It returns a reference to the encoded string data to permit deferring decode costs`
			`+// until after the caller verifies all data is present.`
			`+func (d *Decoder) readString(p []byte) (u undecodedString, remain []byte, err error) {`
			`if len(p) == 0 {`
			`- return "", p, errNeedMore`
			`+ return u, p, errNeedMore`
			`}`
			`isHuff := p[0]&128 != 0`
			`strLen, p, err := readVarInt(7, p)`
			`if err != nil {`
			`- return "", p, err`
			`+ return u, p, err`
			`}`
			`if d.maxStrLen != 0 && strLen > uint64(d.maxStrLen) {`
			`- return "", nil, ErrStringLength`
			`+ // Returning an error here means Huffman decoding errors`
			`+ // for non-indexed strings past the maximum string length`
			`+ // are ignored, but the server is returning an error anyway`
			`+ // and because the string is not indexed the error will not`
			`+ // affect the decoding state.`
			`+ return u, nil, ErrStringLength`
			`}`
			`if uint64(len(p)) < strLen {`
			`- return "", p, errNeedMore`
			`- }`
			`- if !isHuff {`
			`- if wantStr {`
			`- s = string(p[:strLen])`
			`- }`
			`- return s, p[strLen:], nil`
			`+ return u, p, errNeedMore`
			`}`
			`+ u.isHuff = isHuff`
			`+ u.b = p[:strLen]`
			`+ return u, p[strLen:], nil`
			`+}`

			`- if wantStr {`
			`- buf := bufPool.Get().(*bytes.Buffer)`
			`- buf.Reset() // don't trust others`
			`- defer bufPool.Put(buf)`
			`- if err := huffmanDecode(buf, d.maxStrLen, p[:strLen]); err != nil {`
			`- buf.Reset()`
			`- return "", nil, err`
			`- }`
			`+type undecodedString struct {`
			`+ isHuff bool`
			`+ b []byte`
			`+}`
			`+`
			`+func (d *Decoder) decodeString(u undecodedString) (string, error) {`
			`+ if !u.isHuff {`
			`+ return string(u.b), nil`
			`+ }`
			`+ buf := bufPool.Get().(*bytes.Buffer)`
			`+ buf.Reset() // don't trust others`
			`+ var s string`
			`+ err := huffmanDecode(buf, d.maxStrLen, u.b)`
			`+ if err == nil {`
			`s = buf.String()`
			`- buf.Reset() // be nice to GC`
			`}`
			`- return s, p[strLen:], nil`
			`+ buf.Reset() // be nice to GC`
			`+ bufPool.Put(buf)`
			`+ return s, err`
			`}`
			`--`
			`2.37.1`