packages/golang
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!171 [sync] PR-168: golang: fix CVE-2022-41717

Browse Source 
From: @openeuler-sync-bot 
Reviewed-by: @jing-rui 
Signed-off-by: @jing-rui
This commit is contained in:
openeuler-ci-bot 2023-02-09 11:00:03 +00:00 committed by Gitee
commit 46ff905a5c
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 83 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

75
0084-release-branch.go1.18-net-http-update-bundled-golang.patch Normal file
View File

@ -0,0 +1,75 @@
From 8d2cac9ac54ae7278bc5979a824f1278e124fc70 Mon Sep 17 00:00:00 2001
From: Damien Neil <dneil@google.com>
Date: Wed, 30 Nov 2022 16:37:07 -0500
Subject: [PATCH] [release-branch.go1.18] net/http: update bundled
golang.org/x/net/http2
Disable cmd/internal/moddeps test, since this update includes PRIVATE
track fixes.
For #56350
For #57008
Fixes CVE-2022-41717
Change-Id: I31ebd2b9ae190ef6f7646187103ea1c8a713ff2e
Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1663833
Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
Reviewed-by: Julie Qiu <julieqiu@google.com>
Reviewed-on: https://go-review.googlesource.com/c/go/+/455361
Run-TryBot: Jenny Rakoczy <jenny@golang.org>
Reviewed-by: Michael Pratt <mpratt@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Conflict:NA
Reference:https://go-review.googlesource.com/c/go/+/455361
---
src/net/http/h2_bundle.go | 18 +++++++++++-------
1 file changed, 11 insertions(+), 7 deletions(-)
diff --git a/src/net/http/h2_bundle.go b/src/net/http/h2_bundle.go
index dc30e077ae..d951d4f38c 100644
--- a/src/net/http/h2_bundle.go
+++ b/src/net/http/h2_bundle.go
@@ -4096,6 +4096,7 @@ type http2serverConn struct {
headerTableSize uint32
peerMaxHeaderListSize uint32 // zero means unknown (default)
canonHeader map[string]string // http2-lower-case -> Go-Canonical-Case
+ canonHeaderKeysSize int // canonHeader keys size in bytes
writingFrame bool // started writing a frame (on serve goroutine or separate)
writingFrameAsync bool // started a frame on its own goroutine but haven't heard back on wroteFrameCh
needsFrameFlush bool // last frame write wasn't a flush
@@ -4275,6 +4276,13 @@ func (sc *http2serverConn) condlogf(err error, format string, args ...interface{
}
}
+// maxCachedCanonicalHeadersKeysSize is an arbitrarily-chosen limit on the size
+// of the entries in the canonHeader cache.
+// This should be larger than the size of unique, uncommon header keys likely to
+// be sent by the peer, while not so high as to permit unreasonable memory usage
+// if the peer sends an unbounded number of unique header keys.
+const http2maxCachedCanonicalHeadersKeysSize = 2048
+
func (sc *http2serverConn) canonicalHeader(v string) string {
sc.serveG.check()
http2buildCommonHeaderMapsOnce()
@@ -4290,14 +4298,10 @@ func (sc *http2serverConn) canonicalHeader(v string) string {
sc.canonHeader = make(map[string]string)
}
cv = CanonicalHeaderKey(v)
- // maxCachedCanonicalHeaders is an arbitrarily-chosen limit on the number of
- // entries in the canonHeader cache. This should be larger than the number
- // of unique, uncommon header keys likely to be sent by the peer, while not
- // so high as to permit unreaasonable memory usage if the peer sends an unbounded
- // number of unique header keys.
- const maxCachedCanonicalHeaders = 32
- if len(sc.canonHeader) < maxCachedCanonicalHeaders {
+ size := 100 + len(v)*2 // 100 bytes of map overhead + key + value
+ if sc.canonHeaderKeysSize+size <= http2maxCachedCanonicalHeadersKeysSize {
sc.canonHeader[v] = cv
+ sc.canonHeaderKeysSize += size
}
return cv
}
--
2.33.0

9
golang.spec
View File

@ -58,7 +58,7 @@
Name: golang Name: golang
Version: 1.15.7 Version: 1.15.7
Release: 22 Release: 23
Summary: The Go Programming Language Summary: The Go Programming Language
License: BSD and Public Domain License: BSD and Public Domain
URL: https://golang.org/ URL: https://golang.org/
@ -225,6 +225,7 @@ Patch6080: 0080-release-branch.go1.18-net-http-httputil-avoid-query-.patch
Patch6081: 0081-release-branch.go1.18-archive-tar-limit-size-of-head.patch Patch6081: 0081-release-branch.go1.18-archive-tar-limit-size-of-head.patch
Patch6082: 0082-net-url-reject-query-values-with-semicolons.patch Patch6082: 0082-net-url-reject-query-values-with-semicolons.patch
Patch6083: 0083-syscall-os-exec-reject-environment-variables-contain.patch Patch6083: 0083-syscall-os-exec-reject-environment-variables-contain.patch
Patch6084: 0084-release-branch.go1.18-net-http-update-bundled-golang.patch
Patch9001: 0001-drop-hard-code-cert.patch Patch9001: 0001-drop-hard-code-cert.patch
Patch9002: 0002-fix-patch-cmd-go-internal-modfetch-do-not-sho.patch Patch9002: 0002-fix-patch-cmd-go-internal-modfetch-do-not-sho.patch
@ -464,6 +465,12 @@ fi
%files devel -f go-tests.list -f go-misc.list -f go-src.list %files devel -f go-tests.list -f go-misc.list -f go-src.list
%changelog %changelog
* Fri Jan 20 2023 hanchao <hanchao47@huawei.com> - 1.15.7-23
- Type:CVE
- CVE:CVE-2022-41717
- SUG:NA
- DESC:fix CVE-2022-41717
* Thu Nov 17 2022 hanchao<hanchao47@huawei.com> - 1.15.7-22 * Thu Nov 17 2022 hanchao<hanchao47@huawei.com> - 1.15.7-22
- Type:CVE - Type:CVE
- CVE:CVE-2022-41716 - CVE:CVE-2022-41716