packages/golang
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
golang/0008-release-branch.go1.19-net-textproto-avoid-overpredic.patch
zhangzhihui f1b37a1aac [Backport] fix some CVE 
CVE num	        upstream commit	                          openEuler patch
CVE-2023-29400	9db0e74f606b8afb28cc71d4b1c8b4ed24cabbf5	0016-release-branch.go1.19-html-template-emit-filterFails.patch
CVE-2023-24540	ce7bd33345416e6d8cac901792060591cafc2797	0015-release-branch.go1.19-html-template-handle-all-JS-wh.patch
CVE-2023-24539	e49282327b05192e46086bf25fd3ac691205fe80	0014-release-branch.go1.19-html-template-disallow-angle-b.patch
CVE-2023-24538	b1e3ecfa06b67014429a197ec5e134ce4303ad9b	0013-release-branch.go1.19-html-template-disallow-actions.patch
CVE-2023-24537	126a1d02da82f93ede7ce0bd8d3c51ef627f2104	0012-release-branch.go1.19-go-scanner-reject-large-line-a.patch
CVE-2023-24536	7917b5f31204528ea72e0629f0b7d52b35b27538	0011-release-branch.go1.19-mime-multipart-limit-parsed-mi.patch
CVE-2023-24536	7a359a651c7ebdb29e0a1c03102fce793e9f58f0	0010-release-branch.go1.19-net-textproto-mime-multipart-i.patch
CVE-2023-24536	ef41a4e2face45e580c5836eaebd51629fc23f15	0009-release-branch.go1.19-mime-multipart-avoid-excessive.patch
CVE-2023-24534	d6759e7a059f4208f07aa781402841d7ddaaef96	0008-release-branch.go1.19-net-textproto-avoid-overpredic.patch
CVE-2023-24532	639b67ed114151c0d786aa26e7faeab942400703	0007-release-branch.go1.19-crypto-internal-nistec-reduce-.patch
CVE-2022-41723	5c3e11bd0b5c0a86e5beffcd4339b86a902b21c3	0006-release-branch.go1.19-net-http-update-bundled-golang.patch
CVE-2022-41724	00b256e9e3c0fa02a278ec9dfc3e191e02ceaf80	0005-release-branch.go1.19-crypto-tls-replace-all-usages-.patch
CVE-2022-41725	5c55ac9bf1e5f779220294c843526536605f42ab	0004-release-branch.go1.19-mime-multipart-limit-memory-in.patch
CVE-2022-41722	3345ddca41f00f9ed6fc3c1a36f6e2bede02d7ff	0003-release-branch.go1.19-path-filepath-do-not-Clean-a-..patch

Signed-off-by: zhangzhihui <zhangzhihui@xfusion.com>
2023-05-10 17:38:15 +08:00

189 lines
6.0 KiB
Diff
Raw Blame History

From d6759e7a059f4208f07aa781402841d7ddaaef96 Mon Sep 17 00:00:00 2001
From: Damien Neil <dneil@google.com>
Date: Fri, 10 Mar 2023 14:21:05 -0800
Subject: [PATCH] [release-branch.go1.19] net/textproto: avoid overpredicting
the number of MIME header keys
A parsed MIME header is a map[string][]string. In the common case,
a header contains many one-element []string slices. To avoid
allocating a separate slice for each key, ReadMIMEHeader looks
ahead in the input to predict the number of keys that will be
parsed, and allocates a single []string of that length.
The individual slices are then allocated out of the larger one.
The prediction of the number of header keys was done by counting
newlines in the input buffer, which does not take into account
header continuation lines (where a header key/value spans multiple
lines) or the end of the header block and the start of the body.
This could lead to a substantial amount of overallocation, for
example when the body consists of nothing but a large block of
newlines.
Fix header key count prediction to take into account the end of
the headers (indicated by a blank line) and continuation lines
(starting with whitespace).
Thanks to Jakob Ackermann (@das7pad) for reporting this issue.
Fixes CVE-2023-24534
For #58975
Fixes #59267
Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1802452
Run-TryBot: Damien Neil <dneil@google.com>
Reviewed-by: Roland Shoemaker <bracewell@google.com>
Reviewed-by: Julie Qiu <julieqiu@google.com>
(cherry picked from commit f739f080a72fd5b06d35c8e244165159645e2ed6)
Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1802393
Reviewed-by: Damien Neil <dneil@google.com>
Run-TryBot: Roland Shoemaker <bracewell@google.com>
Change-Id: I675451438d619a9130360c56daf529559004903f
Reviewed-on: https://go-review.googlesource.com/c/go/+/481982
Run-TryBot: Michael Knyszek <mknyszek@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Matthew Dempsky <mdempsky@google.com>
Auto-Submit: Michael Knyszek <mknyszek@google.com>
---
src/net/textproto/reader.go | 24 ++++++++++---
src/net/textproto/reader_test.go | 59 ++++++++++++++++++++++++++++++++
2 files changed, 79 insertions(+), 4 deletions(-)
diff --git a/src/net/textproto/reader.go b/src/net/textproto/reader.go
index b37be54d67..9a21777df8 100644
--- a/src/net/textproto/reader.go
+++ b/src/net/textproto/reader.go
@@ -493,8 +493,11 @@ func readMIMEHeader(r *Reader, lim int64) (MIMEHeader, error) {
// large one ahead of time which we'll cut up into smaller
// slices. If this isn't big enough later, we allocate small ones.
var strs []string
- hint := r.upcomingHeaderNewlines()
+ hint := r.upcomingHeaderKeys()
if hint > 0 {
+ if hint > 1000 {
+ hint = 1000 // set a cap to avoid overallocation
+ }
strs = make([]string, hint)
}
@@ -577,9 +580,9 @@ func mustHaveFieldNameColon(line []byte) error {
var nl = []byte("\n")
-// upcomingHeaderNewlines returns an approximation of the number of newlines
+// upcomingHeaderKeys returns an approximation of the number of keys
// that will be in this header. If it gets confused, it returns 0.
-func (r *Reader) upcomingHeaderNewlines() (n int) {
+func (r *Reader) upcomingHeaderKeys() (n int) {
// Try to determine the 'hint' size.
r.R.Peek(1) // force a buffer load if empty
s := r.R.Buffered()
@@ -587,7 +590,20 @@ func (r *Reader) upcomingHeaderNewlines() (n int) {
return
}
peek, _ := r.R.Peek(s)
- return bytes.Count(peek, nl)
+ for len(peek) > 0 && n < 1000 {
+ var line []byte
+ line, peek, _ = bytes.Cut(peek, nl)
+ if len(line) == 0 || (len(line) == 1 && line[0] == '\r') {
+ // Blank line separating headers from the body.
+ break
+ }
+ if line[0] == ' ' || line[0] == '\t' {
+ // Folded continuation of the previous line.
+ continue
+ }
+ n++
+ }
+ return n
}
// CanonicalMIMEHeaderKey returns the canonical format of the
diff --git a/src/net/textproto/reader_test.go b/src/net/textproto/reader_test.go
index d11d40f1cf..f3c372ce03 100644
--- a/src/net/textproto/reader_test.go
+++ b/src/net/textproto/reader_test.go
@@ -10,6 +10,7 @@ import (
"io"
"net"
"reflect"
+ "runtime"
"strings"
"sync"
"testing"
@@ -129,6 +130,42 @@ func TestReadMIMEHeaderSingle(t *testing.T) {
}
}
+// TestReaderUpcomingHeaderKeys is testing an internal function, but it's very
+// difficult to test well via the external API.
+func TestReaderUpcomingHeaderKeys(t *testing.T) {
+ for _, test := range []struct {
+ input string
+ want int
+ }{{
+ input: "",
+ want: 0,
+ }, {
+ input: "A: v",
+ want: 1,
+ }, {
+ input: "A: v\r\nB: v\r\n",
+ want: 2,
+ }, {
+ input: "A: v\nB: v\n",
+ want: 2,
+ }, {
+ input: "A: v\r\n continued\r\n still continued\r\nB: v\r\n\r\n",
+ want: 2,
+ }, {
+ input: "A: v\r\n\r\nB: v\r\nC: v\r\n",
+ want: 1,
+ }, {
+ input: "A: v" + strings.Repeat("\n", 1000),
+ want: 1,
+ }} {
+ r := reader(test.input)
+ got := r.upcomingHeaderKeys()
+ if test.want != got {
+ t.Fatalf("upcomingHeaderKeys(%q): %v; want %v", test.input, got, test.want)
+ }
+ }
+}
+
func TestReadMIMEHeaderNoKey(t *testing.T) {
r := reader(": bar\ntest-1: 1\n\n")
m, err := r.ReadMIMEHeader()
@@ -225,6 +262,28 @@ func TestReadMIMEHeaderTrimContinued(t *testing.T) {
}
}
+// Test that reading a header doesn't overallocate. Issue 58975.
+func TestReadMIMEHeaderAllocations(t *testing.T) {
+ var totalAlloc uint64
+ const count = 200
+ for i := 0; i < count; i++ {
+ r := reader("A: b\r\n\r\n" + strings.Repeat("\n", 4096))
+ var m1, m2 runtime.MemStats
+ runtime.ReadMemStats(&m1)
+ _, err := r.ReadMIMEHeader()
+ if err != nil {
+ t.Fatalf("ReadMIMEHeader: %v", err)
+ }
+ runtime.ReadMemStats(&m2)
+ totalAlloc += m2.TotalAlloc - m1.TotalAlloc
+ }
+ // 32k is large and we actually allocate substantially less,
+ // but prior to the fix for #58975 we allocated ~400k in this case.
+ if got, want := totalAlloc/count, uint64(32768); got > want {
+ t.Fatalf("ReadMIMEHeader allocated %v bytes, want < %v", got, want)
+ }
+}
+
type readResponseTest struct {
in string
inCode int
--
2.37.1
Reference in New Issue View Git Blame Copy Permalink