From: Archana Polampalli <[email protected]> Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion.
Reference: https://nvd.nist.gov/vuln/detail/CVE-2024-34155 Upstream-patch: https://github.com/golang/go/commit/b232596139dbe96a62edbe3a2a203e856bf556eb Signed-off-by: Archana Polampalli <[email protected]> Signed-off-by: Steve Sakoman <[email protected]> --- meta/recipes-devtools/go/go-1.17.13.inc | 1 + .../go/go-1.21/CVE-2024-34155.patch | 71 +++++++++++++++++++ 2 files changed, 72 insertions(+) create mode 100644 meta/recipes-devtools/go/go-1.21/CVE-2024-34155.patch diff --git a/meta/recipes-devtools/go/go-1.17.13.inc b/meta/recipes-devtools/go/go-1.17.13.inc index 349b0be6be..11bd2afde0 100644 --- a/meta/recipes-devtools/go/go-1.17.13.inc +++ b/meta/recipes-devtools/go/go-1.17.13.inc @@ -58,6 +58,7 @@ SRC_URI += "\ file://CVE-2023-45288.patch \ file://CVE-2024-24789.patch \ file://CVE-2024-24791.patch \ + file://CVE-2024-34155.patch \ " SRC_URI[main.sha256sum] = "a1a48b23afb206f95e7bbaa9b898d965f90826f6f1d1fc0c1d784ada0cd300fd" diff --git a/meta/recipes-devtools/go/go-1.21/CVE-2024-34155.patch b/meta/recipes-devtools/go/go-1.21/CVE-2024-34155.patch new file mode 100644 index 0000000000..515d9dcdff --- /dev/null +++ b/meta/recipes-devtools/go/go-1.21/CVE-2024-34155.patch @@ -0,0 +1,71 @@ +From b232596139dbe96a62edbe3a2a203e856bf556eb Mon Sep 17 00:00:00 2001 +From: Roland Shoemaker <[email protected]> +Date: Mon, 10 Jun 2024 15:34:12 -0700 +Subject: [PATCH] go/parser: track depth in nested element lists + +Prevents stack exhaustion with extremely deeply nested literal values, +i.e. field values in structs. + +Updates #69138 +Fixes #69142 +Fixes CVE-2024-34155 + +Change-Id: I2e8e33b44105cc169d7ed1ae83fb56df0c10f1ee +Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/1520 +Reviewed-by: Robert Griesemer <[email protected]> +Reviewed-by: Damien Neil <[email protected]> +Reviewed-by: Russ Cox <[email protected]> +(cherry picked from commit eb1b038c0d01761694e7a735ef87ac9164c6568e) +Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/1561 +Reviewed-by: Tatiana Bradley <[email protected]> +Reviewed-on: https://go-review.googlesource.com/c/go/+/611181 +Reviewed-by: Michael Pratt <[email protected]> +TryBot-Bypass: Dmitri Shuralyov <[email protected]> +Auto-Submit: Dmitri Shuralyov <[email protected]> +Reviewed-by: Dmitri Shuralyov <[email protected]> + +CVE: CVE-2024-34155 + +Upstream-Status: Backport [https://github.com/golang/go/commit/b232596139dbe96a62edbe3a2a203e856bf556eb] + +Signed-off-by: Archana Polampalli <[email protected]> +--- + src/go/parser/parser.go | 2 ++ + src/go/parser/parser_test.go | 9 +++++---- + 2 files changed, 7 insertions(+), 4 deletions(-) + +diff --git a/src/go/parser/parser.go b/src/go/parser/parser.go +index 2c42b9f..a728d9a 100644 +--- a/src/go/parser/parser.go ++++ b/src/go/parser/parser.go +@@ -1481,6 +1481,8 @@ func (p *parser) parseElementList() (list []ast.Expr) { + } + + func (p *parser) parseLiteralValue(typ ast.Expr) ast.Expr { ++ defer decNestLev(incNestLev(p)) ++ + if p.trace { + defer un(trace(p, "LiteralValue")) + } +diff --git a/src/go/parser/parser_test.go b/src/go/parser/parser_test.go +index 993df63..b2cd501 100644 +--- a/src/go/parser/parser_test.go ++++ b/src/go/parser/parser_test.go +@@ -607,10 +607,11 @@ var parseDepthTests = []struct { + {name: "chan2", format: "package main; var x «<-chan »int"}, + {name: "interface", format: "package main; var x «interface { M() «int» }»", scope: true, scopeMultiplier: 2}, // Scopes: InterfaceType, FuncType + {name: "map", format: "package main; var x «map[int]»int"}, +- {name: "slicelit", format: "package main; var x = «[]any{«»}»", parseMultiplier: 2}, // Parser nodes: UnaryExpr, CompositeLit +- {name: "arraylit", format: "package main; var x = «[1]any{«nil»}»", parseMultiplier: 2}, // Parser nodes: UnaryExpr, CompositeLit +- {name: "structlit", format: "package main; var x = «struct{x any}{«nil»}»", parseMultiplier: 2}, // Parser nodes: UnaryExpr, CompositeLit +- {name: "maplit", format: "package main; var x = «map[int]any{1:«nil»}»", parseMultiplier: 2}, // Parser nodes: CompositeLit, KeyValueExpr ++ {name: "slicelit", format: "package main; var x = []any{«[]any{«»}»}", parseMultiplier: 3}, // Parser nodes: UnaryExpr, CompositeLit ++ {name: "arraylit", format: "package main; var x = «[1]any{«nil»}»", parseMultiplier: 3}, // Parser nodes: UnaryExpr, CompositeLit ++ {name: "structlit", format: "package main; var x = «struct{x any}{«nil»}»", parseMultiplier: 3}, // Parser nodes: UnaryExpr, CompositeLit ++ {name: "maplit", format: "package main; var x = «map[int]any{1:«nil»}»", parseMultiplier: 3}, // Parser nodes: CompositeLit, KeyValueExpr ++ {name: "element", format: "package main; var x = struct{x any}{x: «{«»}»}"}, + {name: "dot", format: "package main; var x = «x.»x"}, + {name: "index", format: "package main; var x = x«[1]»"}, + {name: "slice", format: "package main; var x = x«[1:2]»"}, +-- +2.40.0 -- 2.43.0
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#209906): https://lists.openembedded.org/g/openembedded-core/message/209906 Mute This Topic: https://lists.openembedded.org/mt/110628291/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
