42 lines
1.7 KiB
Diff
42 lines
1.7 KiB
Diff
From b479c8f294b21bd0d0f89efadc9978b8f6cf05a5 Mon Sep 17 00:00:00 2001
|
|
From: lauk001 <liukuo@kylinos.cn>
|
|
Date: Mon, 15 Apr 2024 14:38:31 +0800
|
|
Subject: [PATCH] Fix CVE-2024-24786
|
|
|
|
---
|
|
.../protobuf/encoding/protojson/well_known_types.go | 4 ++++
|
|
.../protobuf/internal/encoding/json/decode.go | 2 +-
|
|
2 files changed, 5 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/vendor/google.golang.org/protobuf/encoding/protojson/well_known_types.go b/vendor/google.golang.org/protobuf/encoding/protojson/well_known_types.go
|
|
index 25329b7..4b177c8 100644
|
|
--- a/vendor/google.golang.org/protobuf/encoding/protojson/well_known_types.go
|
|
+++ b/vendor/google.golang.org/protobuf/encoding/protojson/well_known_types.go
|
|
@@ -322,6 +322,10 @@ func (d decoder) skipJSONValue() error {
|
|
if open > d.opts.RecursionLimit {
|
|
return errors.New("exceeded max recursion depth")
|
|
}
|
|
+ case json.EOF:
|
|
+ // This can only happen if there's a bug in Decoder.Read.
|
|
+ // Avoid an infinite loop if this does happen.
|
|
+ return errors.New("unexpected EOF")
|
|
}
|
|
if open == 0 {
|
|
return nil
|
|
diff --git a/vendor/google.golang.org/protobuf/internal/encoding/json/decode.go b/vendor/google.golang.org/protobuf/internal/encoding/json/decode.go
|
|
index d043a6e..d2b3ac0 100644
|
|
--- a/vendor/google.golang.org/protobuf/internal/encoding/json/decode.go
|
|
+++ b/vendor/google.golang.org/protobuf/internal/encoding/json/decode.go
|
|
@@ -121,7 +121,7 @@ func (d *Decoder) Read() (Token, error) {
|
|
|
|
case ObjectClose:
|
|
if len(d.openStack) == 0 ||
|
|
- d.lastToken.kind == comma ||
|
|
+ d.lastToken.kind&(Name|comma) != 0 ||
|
|
d.openStack[len(d.openStack)-1] != ObjectOpen {
|
|
return Token{}, d.newSyntaxError(tok.pos, unexpectedFmt, tok.RawString())
|
|
}
|
|
--
|
|
2.33.0
|
|
|