golang: fix cve CVE-2020-7919
Change-Id: I0c69fd3added6f82599c1cb9e4a1dbb02112de84 Signed-off-by: jingrui <jingrui@huawei.com>
This commit is contained in:
jingrui
parent
e798eb3158
commit
d9ea2f312b
@ -0,0 +1,124 @@
|
||||
From f938e06d0623d0e1de202575d16f1e126741f6e0 Mon Sep 17 00:00:00 2001
|
||||
From: Filippo Valsorda <filippo@golang.org>
|
||||
Date: Fri, 24 Jan 2020 18:04:20 -0500
|
||||
Subject: [PATCH] [release-branch.go1.13-security] src/go.mod: import
|
||||
x/crypto/cryptobyte security fix for 32-bit archs
|
||||
|
||||
cryptobyte: fix panic due to malformed ASN.1 inputs on 32-bit archs
|
||||
|
||||
When int is 32 bits wide (on 32-bit architectures like 386 and arm), an
|
||||
overflow could occur, causing a panic, due to malformed ASN.1 being
|
||||
passed to any of the ASN1 methods of String.
|
||||
|
||||
Tested on linux/386 and darwin/amd64.
|
||||
|
||||
This fixes CVE-2020-7919 and was found thanks to the Project Wycheproof
|
||||
test vectors.
|
||||
|
||||
Change-Id: I8c9696a8bfad1b40ec877cd740dba3467d66ab54
|
||||
Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/645211
|
||||
Reviewed-by: Katie Hockman <katiehockman@google.com>
|
||||
Reviewed-by: Adam Langley <agl@google.com>
|
||||
|
||||
x/crypto/cryptobyte is used in crypto/x509 for parsing certificates.
|
||||
Malformed certificates might cause a panic during parsing on 32-bit
|
||||
architectures (like arm and 386).
|
||||
|
||||
Change-Id: I840feb54eba880dbb96780ef7adcade073c4c4e3
|
||||
Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/647741
|
||||
Reviewed-by: Katie Hockman <katiehockman@google.com>
|
||||
---
|
||||
src/go.mod | 2 +-
|
||||
src/go.sum | 4 ++--
|
||||
src/vendor/golang.org/x/crypto/cryptobyte/asn1.go | 5 +++--
|
||||
src/vendor/golang.org/x/crypto/cryptobyte/string.go | 7 +------
|
||||
src/vendor/modules.txt | 2 +-
|
||||
5 files changed, 8 insertions(+), 12 deletions(-)
|
||||
|
||||
diff --git a/src/go.mod b/src/go.mod
|
||||
index 90af2a7ea0..9c9026f0d8 100644
|
||||
--- a/src/go.mod
|
||||
+++ b/src/go.mod
|
||||
@@ -3,7 +3,7 @@ module std
|
||||
go 1.12
|
||||
|
||||
require (
|
||||
- golang.org/x/crypto v0.0.0-20190611184440-5c40567a22f8
|
||||
+ golang.org/x/crypto v0.0.0-20200124225646-8b5121be2f68
|
||||
golang.org/x/net v0.0.0-20190813141303-74dc4d7220e7
|
||||
golang.org/x/sys v0.0.0-20190529130038-5219a1e1c5f8 // indirect
|
||||
golang.org/x/text v0.3.2 // indirect
|
||||
diff --git a/src/go.sum b/src/go.sum
|
||||
index e358118e4c..e408f66328 100644
|
||||
--- a/src/go.sum
|
||||
+++ b/src/go.sum
|
||||
@@ -1,6 +1,6 @@
|
||||
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
|
||||
-golang.org/x/crypto v0.0.0-20190611184440-5c40567a22f8 h1:1wopBVtVdWnn03fZelqdXTqk7U7zPQCb+T4rbU9ZEoU=
|
||||
-golang.org/x/crypto v0.0.0-20190611184440-5c40567a22f8/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
|
||||
+golang.org/x/crypto v0.0.0-20200124225646-8b5121be2f68 h1:WPLCzSEbawp58wezcvLvLnvhiDJAai54ESbc41NdXS0=
|
||||
+golang.org/x/crypto v0.0.0-20200124225646-8b5121be2f68/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
|
||||
golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
|
||||
golang.org/x/net v0.0.0-20190813141303-74dc4d7220e7 h1:fHDIZ2oxGnUZRN6WgWFCbYBjH9uqVPRCUVUDhs0wnbA=
|
||||
golang.org/x/net v0.0.0-20190813141303-74dc4d7220e7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
|
||||
diff --git a/src/vendor/golang.org/x/crypto/cryptobyte/asn1.go b/src/vendor/golang.org/x/crypto/cryptobyte/asn1.go
|
||||
index 528b9bff67..f930f7e526 100644
|
||||
--- a/src/vendor/golang.org/x/crypto/cryptobyte/asn1.go
|
||||
+++ b/src/vendor/golang.org/x/crypto/cryptobyte/asn1.go
|
||||
@@ -470,7 +470,8 @@ func (s *String) ReadASN1GeneralizedTime(out *time.Time) bool {
|
||||
// It reports whether the read was successful.
|
||||
func (s *String) ReadASN1BitString(out *encoding_asn1.BitString) bool {
|
||||
var bytes String
|
||||
- if !s.ReadASN1(&bytes, asn1.BIT_STRING) || len(bytes) == 0 {
|
||||
+ if !s.ReadASN1(&bytes, asn1.BIT_STRING) || len(bytes) == 0 ||
|
||||
+ len(bytes)*8/8 != len(bytes) {
|
||||
return false
|
||||
}
|
||||
|
||||
@@ -740,7 +741,7 @@ func (s *String) readASN1(out *String, outTag *asn1.Tag, skipHeader bool) bool {
|
||||
length = headerLen + len32
|
||||
}
|
||||
|
||||
- if uint32(int(length)) != length || !s.ReadBytes((*[]byte)(out), int(length)) {
|
||||
+ if int(length) < 0 || !s.ReadBytes((*[]byte)(out), int(length)) {
|
||||
return false
|
||||
}
|
||||
if skipHeader && !out.Skip(int(headerLen)) {
|
||||
diff --git a/src/vendor/golang.org/x/crypto/cryptobyte/string.go b/src/vendor/golang.org/x/crypto/cryptobyte/string.go
|
||||
index 39bf98aeea..589d297e6b 100644
|
||||
--- a/src/vendor/golang.org/x/crypto/cryptobyte/string.go
|
||||
+++ b/src/vendor/golang.org/x/crypto/cryptobyte/string.go
|
||||
@@ -24,7 +24,7 @@ type String []byte
|
||||
// read advances a String by n bytes and returns them. If less than n bytes
|
||||
// remain, it returns nil.
|
||||
func (s *String) read(n int) []byte {
|
||||
- if len(*s) < n {
|
||||
+ if len(*s) < n || n < 0 {
|
||||
return nil
|
||||
}
|
||||
v := (*s)[:n]
|
||||
@@ -105,11 +105,6 @@ func (s *String) readLengthPrefixed(lenLen int, outChild *String) bool {
|
||||
length = length << 8
|
||||
length = length | uint32(b)
|
||||
}
|
||||
- if int(length) < 0 {
|
||||
- // This currently cannot overflow because we read uint24 at most, but check
|
||||
- // anyway in case that changes in the future.
|
||||
- return false
|
||||
- }
|
||||
v := s.read(int(length))
|
||||
if v == nil {
|
||||
return false
|
||||
diff --git a/src/vendor/modules.txt b/src/vendor/modules.txt
|
||||
index 453a312661..cff8acd02e 100644
|
||||
--- a/src/vendor/modules.txt
|
||||
+++ b/src/vendor/modules.txt
|
||||
@@ -1,4 +1,4 @@
|
||||
-# golang.org/x/crypto v0.0.0-20190611184440-5c40567a22f8
|
||||
+# golang.org/x/crypto v0.0.0-20200124225646-8b5121be2f68
|
||||
golang.org/x/crypto/chacha20poly1305
|
||||
golang.org/x/crypto/cryptobyte
|
||||
golang.org/x/crypto/cryptobyte/asn1
|
||||
--
|
||||
2.17.1
|
||||
|
||||
@ -62,7 +62,7 @@
|
||||
|
||||
Name: golang
|
||||
Version: 1.13
|
||||
Release: 3.3
|
||||
Release: 3.4
|
||||
Summary: The Go Programming Language
|
||||
License: BSD and Public Domain
|
||||
URL: http://golang.org/
|
||||
@ -160,6 +160,7 @@ Patch6009: 0009-release-branch.go1.13-net-http-don-t-cache-http2.err.patch
|
||||
Patch6010: 0010-release-branch.go1.13-net-http-fix-Server.ConnContex.patch
|
||||
Patch6011: 0011-release-branch.go1.13-runtime-fix-textOff-for-multip.patch
|
||||
Patch6012: 0012-release-branch.go1.13-runtime-ensure-memmove-write-p.patch
|
||||
Patch6013: backport-0013-release-branch.go1.13-security-src-go.mod-import-x-c.patch
|
||||
|
||||
ExclusiveArch: %{golang_arches}
|
||||
|
||||
@ -393,6 +394,9 @@ fi
|
||||
%files devel -f go-tests.list -f go-misc.list -f go-src.list
|
||||
|
||||
%changelog
|
||||
* Mon Mar 23 2020 jingrui <jingrui@huawei.com> - 1.13.4
|
||||
- fix CVE-2020-7919
|
||||
|
||||
* Thu Feb 20 2020 openEuler Buildteam <buildteam@openeuler.org> - 1.13-3.2
|
||||
- requires remove mercurial
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user