From 23ee1119862438f1437aa55a6f25c72f1306140b Mon Sep 17 00:00:00 2001
From: changtao <changtao@kylinos.cn>
Date: Fri, 6 Sep 2024 18:27:51 +0800
Subject: [PATCH 01/11] Fixes-CVE-2024-34156

---
 backport-0016-Fixes-CVE-2024-34156.patch | 127 +++++++++++++++++++++++
 golang.spec                              |  10 +-
 2 files changed, 135 insertions(+), 2 deletions(-)
 create mode 100644 backport-0016-Fixes-CVE-2024-34156.patch

diff --git a/backport-0016-Fixes-CVE-2024-34156.patch b/backport-0016-Fixes-CVE-2024-34156.patch
new file mode 100644
index 0000000..b59cc5e
--- /dev/null
+++ b/backport-0016-Fixes-CVE-2024-34156.patch
@@ -0,0 +1,127 @@
+From 2092294f2b097c5828f4eace6c98a322c1510b01 Mon Sep 17 00:00:00 2001
+From: Roland Shoemaker <bracewell@google.com>
+Date: Fri, 6 Sep 2024 18:17:12 +0800
+Subject: [PATCH] Fixes CVE-2024-34156
+
+This change makes sure that we are properly checking the ignored field
+recursion depth in decIgnoreOpFor consistently. This prevents stack
+exhaustion when attempting to decode a message that contains an
+extremely deeply nested struct which is ignored.
+
+---
+ src/encoding/gob/decode.go         | 19 +++++++++++--------
+ src/encoding/gob/decoder.go        |  2 ++
+ src/encoding/gob/gobencdec_test.go | 15 +++++++++++++++
+ 3 files changed, 28 insertions(+), 8 deletions(-)
+
+diff --git a/src/encoding/gob/decode.go b/src/encoding/gob/decode.go
+index c0b054e..a2d4eab 100644
+--- a/src/encoding/gob/decode.go
++++ b/src/encoding/gob/decode.go
+@@ -911,8 +911,11 @@ func (dec *Decoder) decOpFor(wireId typeId, rt reflect.Type, name string, inProg
+ var maxIgnoreNestingDepth = 10000
+ 
+ // decIgnoreOpFor returns the decoding op for a field that has no destination.
+-func (dec *Decoder) decIgnoreOpFor(wireId typeId, inProgress map[typeId]*decOp, depth int) *decOp {
+-	if depth > maxIgnoreNestingDepth {
++func (dec *Decoder) decIgnoreOpFor(wireId typeId, inProgress map[typeId]*decOp) *decOp {
++	// Track how deep we've recursed trying to skip nested ignored fields.
++	dec.ignoreDepth++
++	defer func() { dec.ignoreDepth-- }()
++	if dec.ignoreDepth > maxIgnoreNestingDepth {
+ 		error_(errors.New("invalid nesting depth"))
+ 	}
+ 	// If this type is already in progress, it's a recursive type (e.g. map[string]*T).
+@@ -938,7 +941,7 @@ func (dec *Decoder) decIgnoreOpFor(wireId typeId, inProgress map[typeId]*decOp,
+ 			errorf("bad data: undefined type %s", wireId.string())
+ 		case wire.ArrayT != nil:
+ 			elemId := wire.ArrayT.Elem
+-			elemOp := dec.decIgnoreOpFor(elemId, inProgress, depth+1)
++			elemOp := dec.decIgnoreOpFor(elemId, inProgress)
+ 			op = func(i *decInstr, state *decoderState, value reflect.Value) {
+ 				state.dec.ignoreArray(state, *elemOp, wire.ArrayT.Len)
+ 			}
+@@ -946,15 +949,15 @@ func (dec *Decoder) decIgnoreOpFor(wireId typeId, inProgress map[typeId]*decOp,
+ 		case wire.MapT != nil:
+ 			keyId := dec.wireType[wireId].MapT.Key
+ 			elemId := dec.wireType[wireId].MapT.Elem
+-			keyOp := dec.decIgnoreOpFor(keyId, inProgress, depth+1)
+-			elemOp := dec.decIgnoreOpFor(elemId, inProgress, depth+1)
++			keyOp := dec.decIgnoreOpFor(keyId, inProgress)
++			elemOp := dec.decIgnoreOpFor(elemId, inProgress)
+ 			op = func(i *decInstr, state *decoderState, value reflect.Value) {
+ 				state.dec.ignoreMap(state, *keyOp, *elemOp)
+ 			}
+ 
+ 		case wire.SliceT != nil:
+ 			elemId := wire.SliceT.Elem
+-			elemOp := dec.decIgnoreOpFor(elemId, inProgress, depth+1)
++			elemOp := dec.decIgnoreOpFor(elemId, inProgress)
+ 			op = func(i *decInstr, state *decoderState, value reflect.Value) {
+ 				state.dec.ignoreSlice(state, *elemOp)
+ 			}
+@@ -1115,7 +1118,7 @@ func (dec *Decoder) compileSingle(remoteId typeId, ut *userTypeInfo) (engine *de
+ func (dec *Decoder) compileIgnoreSingle(remoteId typeId) *decEngine {
+ 	engine := new(decEngine)
+ 	engine.instr = make([]decInstr, 1) // one item
+-	op := dec.decIgnoreOpFor(remoteId, make(map[typeId]*decOp), 0)
++	op := dec.decIgnoreOpFor(remoteId, make(map[typeId]*decOp))
+ 	ovfl := overflow(dec.typeString(remoteId))
+ 	engine.instr[0] = decInstr{*op, 0, nil, ovfl}
+ 	engine.numInstr = 1
+@@ -1160,7 +1163,7 @@ func (dec *Decoder) compileDec(remoteId typeId, ut *userTypeInfo) (engine *decEn
+ 		localField, present := srt.FieldByName(wireField.Name)
+ 		// TODO(r): anonymous names
+ 		if !present || !isExported(wireField.Name) {
+-			op := dec.decIgnoreOpFor(wireField.Id, make(map[typeId]*decOp), 0)
++			op := dec.decIgnoreOpFor(wireField.Id, make(map[typeId]*decOp))
+ 			engine.instr[fieldnum] = decInstr{*op, fieldnum, nil, ovfl}
+ 			continue
+ 		}
+diff --git a/src/encoding/gob/decoder.go b/src/encoding/gob/decoder.go
+index 5b77adc..4da5717 100644
+--- a/src/encoding/gob/decoder.go
++++ b/src/encoding/gob/decoder.go
+@@ -35,6 +35,8 @@ type Decoder struct {
+ 	freeList     *decoderState                           // list of free decoderStates; avoids reallocation
+ 	countBuf     []byte                                  // used for decoding integers while parsing messages
+ 	err          error
++	// ignoreDepth tracks the depth of recursively parsed ignored fields
++	ignoreDepth int
+ }
+ 
+ // NewDecoder returns a new decoder that reads from the io.Reader.
+diff --git a/src/encoding/gob/gobencdec_test.go b/src/encoding/gob/gobencdec_test.go
+index 6fefd36..f4f76d1 100644
+--- a/src/encoding/gob/gobencdec_test.go
++++ b/src/encoding/gob/gobencdec_test.go
+@@ -806,6 +806,8 @@ func TestIgnoreDepthLimit(t *testing.T) {
+ 	defer func() { maxIgnoreNestingDepth = oldNestingDepth }()
+ 	b := new(bytes.Buffer)
+ 	enc := NewEncoder(b)
++
++	// Nested slice
+ 	typ := reflect.TypeOf(int(0))
+ 	nested := reflect.ArrayOf(1, typ)
+ 	for i := 0; i < 100; i++ {
+@@ -819,4 +821,17 @@ func TestIgnoreDepthLimit(t *testing.T) {
+ 	if err := dec.Decode(&output); err == nil || err.Error() != expectedErr {
+ 		t.Errorf("Decode didn't fail with depth limit of 100: want %q, got %q", expectedErr, err)
+ 	}
++
++	// Nested struct
++	nested = reflect.StructOf([]reflect.StructField{{Name: "F", Type: typ}})
++	for i := 0; i < 100; i++ {
++		nested = reflect.StructOf([]reflect.StructField{{Name: "F", Type: nested}})
++	}
++	badStruct = reflect.New(reflect.StructOf([]reflect.StructField{{Name: "F", Type: nested}}))
++	enc.Encode(badStruct.Interface())
++	dec = NewDecoder(b)
++	if err := dec.Decode(&output); err == nil || err.Error() != expectedErr {
++		t.Errorf("Decode didn't fail with depth limit of 100: want %q, got %q", expectedErr, err)
++	}
++}
+ }
+-- 
+2.43.0
+
diff --git a/golang.spec b/golang.spec
index 2af841f..d7153bb 100644
--- a/golang.spec
+++ b/golang.spec
@@ -66,7 +66,7 @@
 
 Name:           golang
 Version:        1.21.4
-Release:        17
+Release:        18
 Summary:        The Go Programming Language
 License:        BSD and Public Domain
 URL:            https://golang.org/
@@ -136,7 +136,7 @@ Patch6012:	backport-0012-net-http-send-body-or-close-connection-on-expect-100.pa
 Patch6013:	backport-0013-release-branch.go1.21-net-http-update-bundled-golang.patch
 Patch6014:	backport-0014-cmd-compile-handle-constant-pointer-offsets-in-dead-.patch
 Patch6015:	backport-0015-release-branch.go1.21-cmd-compile-ensure-pointer-ari.patch
-
+Patch6016:	backport-0016-Fixes-CVE-2024-34156.patch
 ExclusiveArch:  %{golang_arches}
 
 %description
@@ -374,6 +374,12 @@ fi
 %files devel -f go-tests.list -f go-misc.list -f go-src.list
 
 %changelog
+* Mon Sep 09 2024 changtao <changtao@kylinos.cn> - 1.21.4-18
+- Type:cves
+- ID:CVE-2024-34156
+- SUG:NA
+- DESC:fix CVE-2024-34156
+
 * Mon Jul 30 2024 jingxiaolu <lujingxiao@huawei.com> - 1.21.4-17
 - cmd/compile: ensure pointer arithmetic happens after the nil check
 
-- 
Gitee


From 934187ab31d1a9ce55c5f45bf41593c42866cfff Mon Sep 17 00:00:00 2001
From: changtao <changtao@kylinos.cn>
Date: Mon, 9 Sep 2024 01:55:37 +0000
Subject: [PATCH 02/11] update backport-0016-Fixes-CVE-2024-34156.patch.

Signed-off-by: changtao <changtao@kylinos.cn>
---
 backport-0016-Fixes-CVE-2024-34156.patch | 1 -
 1 file changed, 1 deletion(-)

diff --git a/backport-0016-Fixes-CVE-2024-34156.patch b/backport-0016-Fixes-CVE-2024-34156.patch
index b59cc5e..d3a1230 100644
--- a/backport-0016-Fixes-CVE-2024-34156.patch
+++ b/backport-0016-Fixes-CVE-2024-34156.patch
@@ -120,7 +120,6 @@ index 6fefd36..f4f76d1 100644
 +	if err := dec.Decode(&output); err == nil || err.Error() != expectedErr {
 +		t.Errorf("Decode didn't fail with depth limit of 100: want %q, got %q", expectedErr, err)
 +	}
-+}
  }
 -- 
 2.43.0
-- 
Gitee


From 585fa714403330476d678e1675bd42f4da58384a Mon Sep 17 00:00:00 2001
From: changtao <changtao@kylinos.cn>
Date: Mon, 9 Sep 2024 02:40:00 +0000
Subject: [PATCH 03/11] update golang.spec.

Signed-off-by: changtao <changtao@kylinos.cn>
---
 golang.spec | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/golang.spec b/golang.spec
index d7153bb..1569a26 100644
--- a/golang.spec
+++ b/golang.spec
@@ -380,10 +380,10 @@ fi
 - SUG:NA
 - DESC:fix CVE-2024-34156
 
-* Mon Jul 30 2024 jingxiaolu <lujingxiao@huawei.com> - 1.21.4-17
+* Tue Jul 30 2024 jingxiaolu <lujingxiao@huawei.com> - 1.21.4-17
 - cmd/compile: ensure pointer arithmetic happens after the nil check
 
-* Mon Jul 30 2024 jingxiaolu <lujingxiao@huawei.com> - 1.21.4-16
+* Tue Jul 30 2024 jingxiaolu <lujingxiao@huawei.com> - 1.21.4-16
 - cmd/compile: handle constant pointer offsets in dead store elimination
 
 * Mon Jul 29 2024 EulerOSWander <314264452@qq.com> - 1.21.4-15
-- 
Gitee


From 9c760fd51ec3df19eb5633783da9cdbcf4867a95 Mon Sep 17 00:00:00 2001
From: changtao <changtao@kylinos.cn>
Date: Thu, 19 Sep 2024 09:36:10 +0000
Subject: [PATCH 04/11] update golang.spec.

Signed-off-by: changtao <changtao@kylinos.cn>
---
 golang.spec | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/golang.spec b/golang.spec
index 281ae51..ad8cd9f 100644
--- a/golang.spec
+++ b/golang.spec
@@ -66,7 +66,7 @@
 
 Name:           golang
 Version:        1.21.4
-Release:        20
+Release:        21
 Summary:        The Go Programming Language
 License:        BSD and Public Domain
 URL:            https://golang.org/
@@ -377,13 +377,12 @@ fi
 %files devel -f go-tests.list -f go-misc.list -f go-src.list
 
 %changelog
-* Mon Sep 09 2024 changtao <changtao@kylinos.cn> - 1.21.4-20
+* Mon Sep 09 2024 changtao <changtao@kylinos.cn> - 1.21.4-21
 - Type:cves
 - ID:CVE-2024-34156
 - SUG:NA
 - DESC:fix CVE-2024-34156
 
-* Tue Jul 30 2024 jingxiaolu <lujingxiao@huawei.com> - 1.21.4-17
 * Thu Aug 1 2024 EulerOSWander <314264452@qq.com> - 1.21.4-20
 - cmd/compile: fix findIndVar so it does not match disjointed loop headers
 
-- 
Gitee


From c0018148aedada45e4522f15cc83af6187e9cca1 Mon Sep 17 00:00:00 2001
From: changtao <changtao@kylinos.cn>
Date: Thu, 19 Sep 2024 09:36:59 +0000
Subject: [PATCH 05/11] update golang.spec.

Signed-off-by: changtao <changtao@kylinos.cn>
---
 golang.spec | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/golang.spec b/golang.spec
index ad8cd9f..fb50780 100644
--- a/golang.spec
+++ b/golang.spec
@@ -139,7 +139,7 @@ Patch6015:	backport-0015-release-branch.go1.21-cmd-compile-ensure-pointer-ari.pa
 Patch6016:	backport-0016-release-branch.go1.21-internal-poll-add-SPLICE_F_NON.patch
 Patch6017:	backport-0017-release-branch.go1.21-runtime-call-enableMetadataHug.patch
 Patch6018:	backport-0018-release-branch.go1.21-cmd-compile-fix-findIndVar-so-.patch
-Patch6019:	backport-0016-Fixes-CVE-2024-34156.patch
+Patch6019:	backport-0019-Fixes-CVE-2024-34156.patch
 ExclusiveArch:  %{golang_arches}
 
 %description
-- 
Gitee


From 1a4aaf4a74e35a0e8f7941ed7f196397fb0023ba Mon Sep 17 00:00:00 2001
From: changtao <changtao@kylinos.cn>
Date: Thu, 19 Sep 2024 09:37:35 +0000
Subject: [PATCH 06/11] =?UTF-8?q?=E9=87=8D=E5=91=BD=E5=90=8D=20backport-00?=
 =?UTF-8?q?16-Fixes-CVE-2024-34156.patch=20=E4=B8=BA=20backport-0019-Fixes?=
 =?UTF-8?q?-CVE-2024-34156.patch?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 ...E-2024-34156.patch => backport-0019-Fixes-CVE-2024-34156.patch | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename backport-0016-Fixes-CVE-2024-34156.patch => backport-0019-Fixes-CVE-2024-34156.patch (100%)

diff --git a/backport-0016-Fixes-CVE-2024-34156.patch b/backport-0019-Fixes-CVE-2024-34156.patch
similarity index 100%
rename from backport-0016-Fixes-CVE-2024-34156.patch
rename to backport-0019-Fixes-CVE-2024-34156.patch
-- 
Gitee


From 1354619e6a74654f9246fa0fbd09cf24b4cf2fb0 Mon Sep 17 00:00:00 2001
From: changtao <changtao@kylinos.cn>
Date: Fri, 20 Sep 2024 00:36:00 +0000
Subject: [PATCH 07/11] update golang.spec.

Signed-off-by: changtao <changtao@kylinos.cn>
---
 golang.spec | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/golang.spec b/golang.spec
index fb50780..4952a37 100644
--- a/golang.spec
+++ b/golang.spec
@@ -139,7 +139,7 @@ Patch6015:	backport-0015-release-branch.go1.21-cmd-compile-ensure-pointer-ari.pa
 Patch6016:	backport-0016-release-branch.go1.21-internal-poll-add-SPLICE_F_NON.patch
 Patch6017:	backport-0017-release-branch.go1.21-runtime-call-enableMetadataHug.patch
 Patch6018:	backport-0018-release-branch.go1.21-cmd-compile-fix-findIndVar-so-.patch
-Patch6019:	backport-0019-Fixes-CVE-2024-34156.patch
+Patch6020:	backport-0020-Fixes-CVE-2024-34156.patch
 ExclusiveArch:  %{golang_arches}
 
 %description
@@ -377,7 +377,7 @@ fi
 %files devel -f go-tests.list -f go-misc.list -f go-src.list
 
 %changelog
-* Mon Sep 09 2024 changtao <changtao@kylinos.cn> - 1.21.4-21
+* Fri Sep 20 2024 changtao <changtao@kylinos.cn> - 1.21.4-22
 - Type:cves
 - ID:CVE-2024-34156
 - SUG:NA
-- 
Gitee


From df3b72027bd0dadc1c9ebbc60e7a4f1724d6bd25 Mon Sep 17 00:00:00 2001
From: changtao <changtao@kylinos.cn>
Date: Fri, 20 Sep 2024 00:36:21 +0000
Subject: [PATCH 08/11] =?UTF-8?q?=E9=87=8D=E5=91=BD=E5=90=8D=20backport-00?=
 =?UTF-8?q?19-Fixes-CVE-2024-34156.patch=20=E4=B8=BA=20backport-0020-Fixes?=
 =?UTF-8?q?-CVE-2024-34156.patch?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 ...E-2024-34156.patch => backport-0020-Fixes-CVE-2024-34156.patch | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename backport-0019-Fixes-CVE-2024-34156.patch => backport-0020-Fixes-CVE-2024-34156.patch (100%)

diff --git a/backport-0019-Fixes-CVE-2024-34156.patch b/backport-0020-Fixes-CVE-2024-34156.patch
similarity index 100%
rename from backport-0019-Fixes-CVE-2024-34156.patch
rename to backport-0020-Fixes-CVE-2024-34156.patch
-- 
Gitee


From 7d42f74430552a9a16112e827a8e307db3a3d0e9 Mon Sep 17 00:00:00 2001
From: changtao <changtao@kylinos.cn>
Date: Fri, 20 Sep 2024 00:51:24 +0000
Subject: [PATCH 09/11] update golang.spec.

Signed-off-by: changtao <changtao@kylinos.cn>
---
 golang.spec | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/golang.spec b/golang.spec
index cd53ec3..12a8c4e 100644
--- a/golang.spec
+++ b/golang.spec
@@ -66,7 +66,7 @@
 
 Name:           golang
 Version:        1.21.4
-Release:        21
+Release:        22
 Summary:        The Go Programming Language
 License:        BSD and Public Domain
 URL:            https://golang.org/
-- 
Gitee


From 586344eef0861c4b845b3500cbf1e1104e97524d Mon Sep 17 00:00:00 2001
From: changtao <changtao@kylinos.cn>
Date: Fri, 20 Sep 2024 01:02:30 +0000
Subject: [PATCH 10/11] update golang.spec.

Signed-off-by: changtao <changtao@kylinos.cn>
---
 golang.spec | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/golang.spec b/golang.spec
index 12a8c4e..f1c626d 100644
--- a/golang.spec
+++ b/golang.spec
@@ -396,7 +396,7 @@ fi
 * Thu Aug 1 2024 EulerOSWander <314264452@qq.com> - 1.21.4-18
 - internal/poll:add SPLICE_F_NONBLOCK flag for splice to avoid insonsistency with O_NONBLOCK
 
-* Mon Jul 30 2024 jingxiaolu <lujingxiao@huawei.com> - 1.21.4-17
+* Tue Jul 30 2024 jingxiaolu <lujingxiao@huawei.com> - 1.21.4-17
 - cmd/compile: ensure pointer arithmetic happens after the nil check
 
 * Tue Jul 30 2024 jingxiaolu <lujingxiao@huawei.com> - 1.21.4-16
-- 
Gitee


From 2fbcc90480cfca3f7c5922efcd1fe47a00ef2e1c Mon Sep 17 00:00:00 2001
From: changtao <changtao@kylinos.cn>
Date: Fri, 20 Sep 2024 06:41:21 +0000
Subject: [PATCH 11/11] update golang.spec.

Signed-off-by: changtao <changtao@kylinos.cn>
---
 golang.spec | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/golang.spec b/golang.spec
index f1c626d..73d6e83 100644
--- a/golang.spec
+++ b/golang.spec
@@ -378,11 +378,9 @@ fi
 %files devel -f go-tests.list -f go-misc.list -f go-src.list
 
 %changelog
+
 * Fri Sep 20 2024 changtao <changtao@kylinos.cn> - 1.21.4-22
-- Type:cves
-- ID:CVE-2024-34156
-- SUG:NA
-- DESC:fix CVE-2024-34156
+- fix CVE-2024-34156
 
 * Thu Sep 19 2024 Vanient <xiadanni1@huawei.com> - 1.21.4-21
 - cmd/compile: fix escape analysis of string min/max
-- 
Gitee