golang/0012-release-branch.go1.17-encoding-xml-use-iterative-Ski.patch

From cedbe8f7a1f0d174636e70de68d85499d8025000 Mon Sep 17 00:00:00 2001
From: Roland Shoemaker <roland@golang.org>
Date: Mon, 28 Mar 2022 18:41:26 -0700
Subject: [PATCH 08/11] [release-branch.go1.17] encoding/xml: use iterative
 Skip, rather than recursive

Prevents exhausting the stack limit in _incredibly_ deeply nested
structures.

Fixes #53711
Updates #53614
Fixes CVE-2022-28131

Change-Id: I47db4595ce10cecc29fbd06afce7b299868599e6
Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1419912
Reviewed-by: Julie Qiu <julieqiu@google.com>
Reviewed-by: Damien Neil <dneil@google.com>
(cherry picked from commit 9278cb78443d2b4deb24cbb5b61c9ba5ac688d49)
Reviewed-on: https://go-review.googlesource.com/c/go/+/417068
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Heschi Kreinick <heschi@google.com>
Run-TryBot: Michael Knyszek <mknyszek@google.com>

Conflict: NA
Reference: https://go-review.googlesource.com/c/go/+/417068
---
 src/encoding/xml/read.go | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/src/encoding/xml/read.go b/src/encoding/xml/read.go
index e0ed8b527ce..c77579880cb 100644
--- a/src/encoding/xml/read.go
+++ b/src/encoding/xml/read.go
@@ -743,12 +743,12 @@ Loop:
 }
 
 // Skip reads tokens until it has consumed the end element
-// matching the most recent start element already consumed.
-// It recurs if it encounters a start element, so it can be used to
-// skip nested structures.
+// matching the most recent start element already consumed,
+// skipping nested structures.
 // It returns nil if it finds an end element matching the start
 // element; otherwise it returns an error describing the problem.
 func (d *Decoder) Skip() error {
+	var depth int64
 	for {
 		tok, err := d.Token()
 		if err != nil {
@@ -756,11 +756,12 @@ func (d *Decoder) Skip() error {
 		}
 		switch tok.(type) {
 		case StartElement:
-			if err := d.Skip(); err != nil {
-				return err
-			}
+			depth++
 		case EndElement:
-			return nil
+			if depth == 0 {
+				return nil
+			}
+			depth--
 		}
 	}
 }
-- 
2.30.2
golang: fix CVE-2022-32148,CVE-2022-1962,CVE-2022-1705,CVE-2022-30633, CVE-2022-30635,CVE-2022-30630,CVE-2022-30632,CVE-2022-28131, CVE-2022-30631,CVE-2022-30629,CVE-2022-30634 Conflict: NA Score: CVE-2022-32148: 5.3 CVE-2022-1962: 6.2 CVE-2022-1705: 5.3 CVE-2022-30633: 6.2 CVE-2022-30635: 5.5 CVE-2022-30630: 6.2 CVE-2022-30632: 6.2 CVE-2022-28131: 6.2 CVE-2022-30631: 7.5 CVE-2022-30629: 2.6 CVE-2022-30634: 7.5 Reference: CVE-2022-32148: https://go-review.googlesource.com/c/go/+/415221 CVE-2022-1962: https://go-review.googlesource.com/c/go/+/417070 CVE-2022-1705: https://go-review.googlesource.com/c/go/+/415217 CVE-2022-30633: https://go-review.googlesource.com/c/go/+/417069 CVE-2022-30635: https://go-review.googlesource.com/c/go/+/417074 CVE-2022-30630: https://go-review.googlesource.com/c/go/+/417072 CVE-2022-30632: https://go-review.googlesource.com/c/go/+/417073 CVE-2022-28131: https://go-review.googlesource.com/c/go/+/417068 CVE-2022-30631: https://go-review.googlesource.com/c/go/+/417071 CVE-2022-30629: https://go-review.googlesource.com/c/go/+/408574 CVE-2022-30634: https://go-review.googlesource.com/c/go/+/406635 Reason: fix CVE: CVE-2022-32148: 0005-release-branch.go1.17-net-http-preserve-nil-values-i.patch CVE-2022-1962: 0006-release-branch.go1.17-go-parser-limit-recursion-dept.patch CVE-2022-1705: 0007-release-branch.go1.17-net-http-don-t-strip-whitespac.patch CVE-2022-30633: 0008-release-branch.go1.17-encoding-xml-limit-depth-of-ne.patch CVE-2022-30635: 0009-release-branch.go1.17-encoding-gob-add-a-depth-limit.patch CVE-2022-30630: 0010-release-branch.go1.17-io-fs-fix-stack-exhaustion-in-.patch CVE-2022-30632: 0011-release-branch.go1.17-path-filepath-fix-stack-exhaus.patch CVE-2022-28131: 0012-release-branch.go1.17-encoding-xml-use-iterative-Ski.patch CVE-2022-30631: 0013-release-branch.go1.17-compress-gzip-fix-stack-exhaus.patch CVE-2022-30629: 0014-release-branch.go1.17-crypto-tls-randomly-generate-t.patch CVE-2022-30634: 0015-release-branch.go1.17-crypto-rand-properly-handle-la.patch 2022-07-26 21:13:25 +08:00			`From cedbe8f7a1f0d174636e70de68d85499d8025000 Mon Sep 17 00:00:00 2001`
			`From: Roland Shoemaker <roland@golang.org>`
			`Date: Mon, 28 Mar 2022 18:41:26 -0700`
			`Subject: [PATCH 08/11] [release-branch.go1.17] encoding/xml: use iterative`
			`Skip, rather than recursive`

			`Prevents exhausting the stack limit in _incredibly_ deeply nested`
			`structures.`

			`Fixes #53711`
			`Updates #53614`
			`Fixes CVE-2022-28131`

			`Change-Id: I47db4595ce10cecc29fbd06afce7b299868599e6`
			`Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1419912`
			`Reviewed-by: Julie Qiu <julieqiu@google.com>`
			`Reviewed-by: Damien Neil <dneil@google.com>`
			`(cherry picked from commit 9278cb78443d2b4deb24cbb5b61c9ba5ac688d49)`
			`Reviewed-on: https://go-review.googlesource.com/c/go/+/417068`
			`TryBot-Result: Gopher Robot <gobot@golang.org>`
			`Reviewed-by: Heschi Kreinick <heschi@google.com>`
			`Run-TryBot: Michael Knyszek <mknyszek@google.com>`

			`Conflict: NA`
			`Reference: https://go-review.googlesource.com/c/go/+/417068`
			`---`
			`src/encoding/xml/read.go \| 15 ++++++++-------`
			`1 file changed, 8 insertions(+), 7 deletions(-)`

			`diff --git a/src/encoding/xml/read.go b/src/encoding/xml/read.go`
			`index e0ed8b527ce..c77579880cb 100644`
			`--- a/src/encoding/xml/read.go`
			`+++ b/src/encoding/xml/read.go`
			`@@ -743,12 +743,12 @@ Loop:`
			`}`

			`// Skip reads tokens until it has consumed the end element`
			`-// matching the most recent start element already consumed.`
			`-// It recurs if it encounters a start element, so it can be used to`
			`-// skip nested structures.`
			`+// matching the most recent start element already consumed,`
			`+// skipping nested structures.`
			`// It returns nil if it finds an end element matching the start`
			`// element; otherwise it returns an error describing the problem.`
			`func (d *Decoder) Skip() error {`
			`+ var depth int64`
			`for {`
			`tok, err := d.Token()`
			`if err != nil {`
			`@@ -756,11 +756,12 @@ func (d *Decoder) Skip() error {`
			`}`
			`switch tok.(type) {`
			`case StartElement:`
			`- if err := d.Skip(); err != nil {`
			`- return err`
			`- }`
			`+ depth++`
			`case EndElement:`
			`- return nil`
			`+ if depth == 0 {`
			`+ return nil`
			`+ }`
			`+ depth--`
			`}`
			`}`
			`}`
			`--`
			`2.30.2`