golang/0009-release-branch.go1.19-mime-multipart-avoid-excessive.patch

From ef41a4e2face45e580c5836eaebd51629fc23f15 Mon Sep 17 00:00:00 2001
From: Damien Neil <dneil@google.com>
Date: Thu, 16 Mar 2023 14:18:04 -0700
Subject: [PATCH] [release-branch.go1.19] mime/multipart: avoid excessive copy
 buffer allocations in ReadForm

When copying form data to disk with io.Copy,
allocate only one copy buffer and reuse it rather than
creating two buffers per file (one from io.multiReader.WriteTo,
and a second one from os.File.ReadFrom).

Thanks to Jakob Ackermann (@das7pad) for reporting this issue.

For CVE-2023-24536
For #59153
For #59269

Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1802453
Run-TryBot: Damien Neil <dneil@google.com>
Reviewed-by: Julie Qiu <julieqiu@google.com>
Reviewed-by: Roland Shoemaker <bracewell@google.com>
Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1802395
Run-TryBot: Roland Shoemaker <bracewell@google.com>
Reviewed-by: Damien Neil <dneil@google.com>
Change-Id: Ie405470c92abffed3356913b37d813e982c96c8b
Reviewed-on: https://go-review.googlesource.com/c/go/+/481983
Run-TryBot: Michael Knyszek <mknyszek@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Auto-Submit: Michael Knyszek <mknyszek@google.com>
Reviewed-by: Matthew Dempsky <mdempsky@google.com>
---
 src/mime/multipart/formdata.go      | 15 +++++++--
 src/mime/multipart/formdata_test.go | 49 +++++++++++++++++++++++++++++
 2 files changed, 61 insertions(+), 3 deletions(-)

diff --git a/src/mime/multipart/formdata.go b/src/mime/multipart/formdata.go
index a7d4ca97f0..975dcb6b26 100644
--- a/src/mime/multipart/formdata.go
+++ b/src/mime/multipart/formdata.go
@@ -84,6 +84,7 @@ func (r *Reader) readForm(maxMemory int64) (_ *Form, err error) {
 			maxMemoryBytes = math.MaxInt64
 		}
 	}
+	var copyBuf []byte
 	for {
 		p, err := r.nextPart(false, maxMemoryBytes)
 		if err == io.EOF {
@@ -147,14 +148,22 @@ func (r *Reader) readForm(maxMemory int64) (_ *Form, err error) {
 				}
 			}
 			numDiskFiles++
-			size, err := io.Copy(file, io.MultiReader(&b, p))
+			if _, err := file.Write(b.Bytes()); err != nil {
+				return nil, err
+			}
+			if copyBuf == nil {
+				copyBuf = make([]byte, 32*1024) // same buffer size as io.Copy uses
+			}
+			// os.File.ReadFrom will allocate its own copy buffer if we let io.Copy use it.
+			type writerOnly struct{ io.Writer }
+			remainingSize, err := io.CopyBuffer(writerOnly{file}, p, copyBuf)
 			if err != nil {
 				return nil, err
 			}
 			fh.tmpfile = file.Name()
-			fh.Size = size
+			fh.Size = int64(b.Len()) + remainingSize
 			fh.tmpoff = fileOff
-			fileOff += size
+			fileOff += fh.Size
 			if !combineFiles {
 				if err := file.Close(); err != nil {
 					return nil, err
diff --git a/src/mime/multipart/formdata_test.go b/src/mime/multipart/formdata_test.go
index 5cded7170c..f5b56083b2 100644
--- a/src/mime/multipart/formdata_test.go
+++ b/src/mime/multipart/formdata_test.go
@@ -368,3 +368,52 @@ func testReadFormManyFiles(t *testing.T, distinct bool) {
 		t.Fatalf("temp dir contains %v files; want 0", len(names))
 	}
 }
+
+func BenchmarkReadForm(b *testing.B) {
+	for _, test := range []struct {
+		name string
+		form func(fw *Writer, count int)
+	}{{
+		name: "fields",
+		form: func(fw *Writer, count int) {
+			for i := 0; i < count; i++ {
+				w, _ := fw.CreateFormField(fmt.Sprintf("field%v", i))
+				fmt.Fprintf(w, "value %v", i)
+			}
+		},
+	}, {
+		name: "files",
+		form: func(fw *Writer, count int) {
+			for i := 0; i < count; i++ {
+				w, _ := fw.CreateFormFile(fmt.Sprintf("field%v", i), fmt.Sprintf("file%v", i))
+				fmt.Fprintf(w, "value %v", i)
+			}
+		},
+	}} {
+		b.Run(test.name, func(b *testing.B) {
+			for _, maxMemory := range []int64{
+				0,
+				1 << 20,
+			} {
+				var buf bytes.Buffer
+				fw := NewWriter(&buf)
+				test.form(fw, 10)
+				if err := fw.Close(); err != nil {
+					b.Fatal(err)
+				}
+				b.Run(fmt.Sprintf("maxMemory=%v", maxMemory), func(b *testing.B) {
+					b.ReportAllocs()
+					for i := 0; i < b.N; i++ {
+						fr := NewReader(bytes.NewReader(buf.Bytes()), fw.Boundary())
+						form, err := fr.ReadForm(maxMemory)
+						if err != nil {
+							b.Fatal(err)
+						}
+						form.RemoveAll()
+					}
+
+				})
+			}
+		})
+	}
+}
-- 
2.37.1
[Backport] fix some CVE CVE num upstream commit openEuler patch CVE-2023-29400 9db0e74f606b8afb28cc71d4b1c8b4ed24cabbf5 0016-release-branch.go1.19-html-template-emit-filterFails.patch CVE-2023-24540 ce7bd33345416e6d8cac901792060591cafc2797 0015-release-branch.go1.19-html-template-handle-all-JS-wh.patch CVE-2023-24539 e49282327b05192e46086bf25fd3ac691205fe80 0014-release-branch.go1.19-html-template-disallow-angle-b.patch CVE-2023-24538 b1e3ecfa06b67014429a197ec5e134ce4303ad9b 0013-release-branch.go1.19-html-template-disallow-actions.patch CVE-2023-24537 126a1d02da82f93ede7ce0bd8d3c51ef627f2104 0012-release-branch.go1.19-go-scanner-reject-large-line-a.patch CVE-2023-24536 7917b5f31204528ea72e0629f0b7d52b35b27538 0011-release-branch.go1.19-mime-multipart-limit-parsed-mi.patch CVE-2023-24536 7a359a651c7ebdb29e0a1c03102fce793e9f58f0 0010-release-branch.go1.19-net-textproto-mime-multipart-i.patch CVE-2023-24536 ef41a4e2face45e580c5836eaebd51629fc23f15 0009-release-branch.go1.19-mime-multipart-avoid-excessive.patch CVE-2023-24534 d6759e7a059f4208f07aa781402841d7ddaaef96 0008-release-branch.go1.19-net-textproto-avoid-overpredic.patch CVE-2023-24532 639b67ed114151c0d786aa26e7faeab942400703 0007-release-branch.go1.19-crypto-internal-nistec-reduce-.patch CVE-2022-41723 5c3e11bd0b5c0a86e5beffcd4339b86a902b21c3 0006-release-branch.go1.19-net-http-update-bundled-golang.patch CVE-2022-41724 00b256e9e3c0fa02a278ec9dfc3e191e02ceaf80 0005-release-branch.go1.19-crypto-tls-replace-all-usages-.patch CVE-2022-41725 5c55ac9bf1e5f779220294c843526536605f42ab 0004-release-branch.go1.19-mime-multipart-limit-memory-in.patch CVE-2022-41722 3345ddca41f00f9ed6fc3c1a36f6e2bede02d7ff 0003-release-branch.go1.19-path-filepath-do-not-Clean-a-..patch Signed-off-by: zhangzhihui <zhangzhihui@xfusion.com> 2023-05-10 15:59:54 +08:00			`From ef41a4e2face45e580c5836eaebd51629fc23f15 Mon Sep 17 00:00:00 2001`
			`From: Damien Neil <dneil@google.com>`
			`Date: Thu, 16 Mar 2023 14:18:04 -0700`
			`Subject: [PATCH] [release-branch.go1.19] mime/multipart: avoid excessive copy`
			`buffer allocations in ReadForm`

			`When copying form data to disk with io.Copy,`
			`allocate only one copy buffer and reuse it rather than`
			`creating two buffers per file (one from io.multiReader.WriteTo,`
			`and a second one from os.File.ReadFrom).`

			`Thanks to Jakob Ackermann (@das7pad) for reporting this issue.`

			`For CVE-2023-24536`
			`For #59153`
			`For #59269`

			`Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1802453`
			`Run-TryBot: Damien Neil <dneil@google.com>`
			`Reviewed-by: Julie Qiu <julieqiu@google.com>`
			`Reviewed-by: Roland Shoemaker <bracewell@google.com>`
			`Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1802395`
			`Run-TryBot: Roland Shoemaker <bracewell@google.com>`
			`Reviewed-by: Damien Neil <dneil@google.com>`
			`Change-Id: Ie405470c92abffed3356913b37d813e982c96c8b`
			`Reviewed-on: https://go-review.googlesource.com/c/go/+/481983`
			`Run-TryBot: Michael Knyszek <mknyszek@google.com>`
			`TryBot-Result: Gopher Robot <gobot@golang.org>`
			`Auto-Submit: Michael Knyszek <mknyszek@google.com>`
			`Reviewed-by: Matthew Dempsky <mdempsky@google.com>`
			`---`
			`src/mime/multipart/formdata.go \| 15 +++++++--`
			`src/mime/multipart/formdata_test.go \| 49 +++++++++++++++++++++++++++++`
			`2 files changed, 61 insertions(+), 3 deletions(-)`

			`diff --git a/src/mime/multipart/formdata.go b/src/mime/multipart/formdata.go`
			`index a7d4ca97f0..975dcb6b26 100644`
			`--- a/src/mime/multipart/formdata.go`
			`+++ b/src/mime/multipart/formdata.go`
			`@@ -84,6 +84,7 @@ func (r Reader) readForm(maxMemory int64) (_ Form, err error) {`
			`maxMemoryBytes = math.MaxInt64`
			`}`
			`}`
			`+ var copyBuf []byte`
			`for {`
			`p, err := r.nextPart(false, maxMemoryBytes)`
			`if err == io.EOF {`
			`@@ -147,14 +148,22 @@ func (r Reader) readForm(maxMemory int64) (_ Form, err error) {`
			`}`
			`}`
			`numDiskFiles++`
			`- size, err := io.Copy(file, io.MultiReader(&b, p))`
			`+ if _, err := file.Write(b.Bytes()); err != nil {`
			`+ return nil, err`
			`+ }`
			`+ if copyBuf == nil {`
			`+ copyBuf = make([]byte, 32*1024) // same buffer size as io.Copy uses`
			`+ }`
			`+ // os.File.ReadFrom will allocate its own copy buffer if we let io.Copy use it.`
			`+ type writerOnly struct{ io.Writer }`
			`+ remainingSize, err := io.CopyBuffer(writerOnly{file}, p, copyBuf)`
			`if err != nil {`
			`return nil, err`
			`}`
			`fh.tmpfile = file.Name()`
			`- fh.Size = size`
			`+ fh.Size = int64(b.Len()) + remainingSize`
			`fh.tmpoff = fileOff`
			`- fileOff += size`
			`+ fileOff += fh.Size`
			`if !combineFiles {`
			`if err := file.Close(); err != nil {`
			`return nil, err`
			`diff --git a/src/mime/multipart/formdata_test.go b/src/mime/multipart/formdata_test.go`
			`index 5cded7170c..f5b56083b2 100644`
			`--- a/src/mime/multipart/formdata_test.go`
			`+++ b/src/mime/multipart/formdata_test.go`
			`@@ -368,3 +368,52 @@ func testReadFormManyFiles(t *testing.T, distinct bool) {`
			`t.Fatalf("temp dir contains %v files; want 0", len(names))`
			`}`
			`}`
			`+`
			`+func BenchmarkReadForm(b *testing.B) {`
			`+ for _, test := range []struct {`
			`+ name string`
			`+ form func(fw *Writer, count int)`
			`+ }{{`
			`+ name: "fields",`
			`+ form: func(fw *Writer, count int) {`
			`+ for i := 0; i < count; i++ {`
			`+ w, _ := fw.CreateFormField(fmt.Sprintf("field%v", i))`
			`+ fmt.Fprintf(w, "value %v", i)`
			`+ }`
			`+ },`
			`+ }, {`
			`+ name: "files",`
			`+ form: func(fw *Writer, count int) {`
			`+ for i := 0; i < count; i++ {`
			`+ w, _ := fw.CreateFormFile(fmt.Sprintf("field%v", i), fmt.Sprintf("file%v", i))`
			`+ fmt.Fprintf(w, "value %v", i)`
			`+ }`
			`+ },`
			`+ }} {`
			`+ b.Run(test.name, func(b *testing.B) {`
			`+ for _, maxMemory := range []int64{`
			`+ 0,`
			`+ 1 << 20,`
			`+ } {`
			`+ var buf bytes.Buffer`
			`+ fw := NewWriter(&buf)`
			`+ test.form(fw, 10)`
			`+ if err := fw.Close(); err != nil {`
			`+ b.Fatal(err)`
			`+ }`
			`+ b.Run(fmt.Sprintf("maxMemory=%v", maxMemory), func(b *testing.B) {`
			`+ b.ReportAllocs()`
			`+ for i := 0; i < b.N; i++ {`
			`+ fr := NewReader(bytes.NewReader(buf.Bytes()), fw.Boundary())`
			`+ form, err := fr.ReadForm(maxMemory)`
			`+ if err != nil {`
			`+ b.Fatal(err)`
			`+ }`
			`+ form.RemoveAll()`
			`+ }`
			`+`
			`+ })`
			`+ }`
			`+ })`
			`+ }`
			`+}`
			`--`
			`2.37.1`