From aec43ba48a4d2a73db4da27fb78edfd0e5973bec Mon Sep 17 00:00:00 2001 From: hanchao Date: Wed, 16 Oct 2024 14:55:12 +0800 Subject: [PATCH 1/2] fix CVE-2024-34155 --- ...er-track-depth-in-nested-element-lis.patch | 71 +++++++++++++++++++ golang.spec | 9 ++- 2 files changed, 79 insertions(+), 1 deletion(-) create mode 100644 0068-Backport-go-parser-track-depth-in-nested-element-lis.patch diff --git a/0068-Backport-go-parser-track-depth-in-nested-element-lis.patch b/0068-Backport-go-parser-track-depth-in-nested-element-lis.patch new file mode 100644 index 0000000..f9fe8ab --- /dev/null +++ b/0068-Backport-go-parser-track-depth-in-nested-element-lis.patch @@ -0,0 +1,71 @@ +From e7581d44ab3029f863b732f624ba44b1495a2936 Mon Sep 17 00:00:00 2001 +From: Roland Shoemaker +Date: Mon, 10 Jun 2024 15:34:12 -0700 +Subject: [PATCH] [Backport] go/parser: track depth in nested element lists + +CVE: CVE-2024-34155 +Reference: https://go-review.googlesource.com/c/go/+/611238 + +Prevents stack exhaustion with extremely deeply nested literal values, +i.e. field values in structs. + +Note: The upstream does not submit this change to go1.17 according to the rules of MinorReleases. +Corego3.x are based on go1.17.8. Therefore, it need to submit the change to corego3.x. + +Edited-by: qinlonglong q00508429 + +Fixes #69138 +Fixes CVE-2024-34155 + +Change-Id: I2e8e33b44105cc169d7ed1ae83fb56df0c10f1ee +Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/1520 +Reviewed-by: Robert Griesemer gri@google.com +Reviewed-by: Damien Neil dneil@google.com +Reviewed-by: Russ Cox rsc@google.com +Reviewed-on: https://go-review.googlesource.com/c/go/+/611238 +LUCI-TryBot-Result: Go LUCI golang-scoped@luci-project-accounts.iam.gserviceaccount.com +Reviewed-by: Roland Shoemaker roland@golang.org +Reviewed-by: Dmitri Shuralyov dmitshur@google.com +Auto-Submit: Dmitri Shuralyov dmitshur@golang.org +Signed-off-by: QinLongLong qinlonglong@huawei.com +--- + src/go/parser/parser.go | 2 ++ + src/go/parser/parser_test.go | 9 +++++---- + 2 files changed, 7 insertions(+), 4 deletions(-) + +diff --git a/src/go/parser/parser.go b/src/go/parser/parser.go +index 2c42b9f8cc..a728d9a68a 100644 +--- a/src/go/parser/parser.go ++++ b/src/go/parser/parser.go +@@ -1481,6 +1481,8 @@ func (p *parser) parseElementList() (list []ast.Expr) { + } + + func (p *parser) parseLiteralValue(typ ast.Expr) ast.Expr { ++ defer decNestLev(incNestLev(p)) ++ + if p.trace { + defer un(trace(p, "LiteralValue")) + } +diff --git a/src/go/parser/parser_test.go b/src/go/parser/parser_test.go +index 993df6315f..b2cd501a44 100644 +--- a/src/go/parser/parser_test.go ++++ b/src/go/parser/parser_test.go +@@ -607,10 +607,11 @@ var parseDepthTests = []struct { + {name: "chan2", format: "package main; var x «<-chan »int"}, + {name: "interface", format: "package main; var x «interface { M() «int» }»", scope: true, scopeMultiplier: 2}, // Scopes: InterfaceType, FuncType + {name: "map", format: "package main; var x «map[int]»int"}, +- {name: "slicelit", format: "package main; var x = «[]any{«»}»", parseMultiplier: 2}, // Parser nodes: UnaryExpr, CompositeLit +- {name: "arraylit", format: "package main; var x = «[1]any{«nil»}»", parseMultiplier: 2}, // Parser nodes: UnaryExpr, CompositeLit +- {name: "structlit", format: "package main; var x = «struct{x any}{«nil»}»", parseMultiplier: 2}, // Parser nodes: UnaryExpr, CompositeLit +- {name: "maplit", format: "package main; var x = «map[int]any{1:«nil»}»", parseMultiplier: 2}, // Parser nodes: CompositeLit, KeyValueExpr ++ {name: "slicelit", format: "package main; var x = []any{«[]any{«»}»}", parseMultiplier: 3}, // Parser nodes: UnaryExpr, CompositeLit ++ {name: "arraylit", format: "package main; var x = «[1]any{«nil»}»", parseMultiplier: 3}, // Parser nodes: UnaryExpr, CompositeLit ++ {name: "structlit", format: "package main; var x = «struct{x any}{«nil»}»", parseMultiplier: 3}, // Parser nodes: UnaryExpr, CompositeLit ++ {name: "maplit", format: "package main; var x = «map[int]any{1:«nil»}»", parseMultiplier: 3}, // Parser nodes: CompositeLit, KeyValueExpr ++ {name: "element", format: "package main; var x = struct{x any}{x: «{«»}»}"}, + {name: "dot", format: "package main; var x = «x.»x"}, + {name: "index", format: "package main; var x = x«[1]»"}, + {name: "slice", format: "package main; var x = x«[1:2]»"}, +-- +2.33.0 + diff --git a/golang.spec b/golang.spec index 758fad0..e905680 100644 --- a/golang.spec +++ b/golang.spec @@ -63,7 +63,7 @@ Name: golang Version: 1.17.3 -Release: 35 +Release: 36 Summary: The Go Programming Language License: BSD and Public Domain URL: https://golang.org/ @@ -217,6 +217,7 @@ Patch6064: 0064-Backport-net-http-update-bundled-golang.org-x-net-ht.patch Patch6065: 0065-Backport-cmd-go-disallow-lto_library-in-LDFLAGS.patch Patch6066: 0066-Backport-archive-zip-treat-truncated-EOCDR-comment-a.patch Patch6067: 0067-Backport-net-http-send-body-or-close-connection-on-e.patch +Patch6068: 0068-Backport-go-parser-track-depth-in-nested-element-lis.patch ExclusiveArch: %{golang_arches} @@ -455,6 +456,12 @@ fi %files devel -f go-tests.list -f go-misc.list -f go-src.list %changelog +* Wed Oct 16 2024 hanchao - 1.17.3-36 +- Type:CVE +- CVE:CVE-2024-34155 +- SUG:NA +- DESC:fix CVE-2024-34155 + * Tue Aug 06 2024 hanchao - 1.17.3-35 - Type:CVE - CVE:CVE-2024-24791 -- Gitee From e0256a33c374e931ed69d3273f1f638693b123a4 Mon Sep 17 00:00:00 2001 From: hanchao Date: Tue, 22 Oct 2024 18:01:05 +0800 Subject: [PATCH 2/2] fix CVE-2024-34156,CVE-2024-34158 --- ...g-gob-cover-missed-cases-when-checki.patch | 152 +++++++++++++ ...-build-constraint-add-parsing-limits.patch | 210 ++++++++++++++++++ golang.spec | 10 +- 3 files changed, 371 insertions(+), 1 deletion(-) create mode 100644 0069-Backport-encoding-gob-cover-missed-cases-when-checki.patch create mode 100644 0070-Backport-go-build-constraint-add-parsing-limits.patch diff --git a/0069-Backport-encoding-gob-cover-missed-cases-when-checki.patch b/0069-Backport-encoding-gob-cover-missed-cases-when-checki.patch new file mode 100644 index 0000000..746874a --- /dev/null +++ b/0069-Backport-encoding-gob-cover-missed-cases-when-checki.patch @@ -0,0 +1,152 @@ +From 51e3300f77cc696da324ba69fc442c9e3a57c0d8 Mon Sep 17 00:00:00 2001 +From: Roland Shoemaker +Date: Fri, 3 May 2024 09:21:39 -0400 +Subject: [PATCH 1/2] [Backport] encoding/gob: cover missed cases when checking + ignore depth + +Offering: Cloud Core Network +CVE: CVE-2024-34156 +Reference: https://go-review.googlesource.com/c/go/+/611239 + +This change makes sure that we are properly checking the ignored field +recursion depth in decIgnoreOpFor consistently. This prevents stack +exhaustion when attempting to decode a message that contains an +extremely deeply nested struct which is ignored. + +Thanks to Md Sakib Anwar of The Ohio State University (anwar.40@osu.edu) +for reporting this issue. + +Note: The upstream does not submit this change to go1.16 according to the rules of MinorReleases. +Corego2.x are based on go1.16.5. Therefore, it need to submit the change to corego2.x. + +Edited-by: zhaoshengwei z00581105 + +Fixes #69139 +Fixes CVE-2024-34156 + +Change-Id: Iacce06be95a5892b3064f1c40fcba2e2567862d6 +Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/1440 +Reviewed-by: Russ Cox +Reviewed-by: Damien Neil +Reviewed-on: https://go-review.googlesource.com/c/go/+/611239 +LUCI-TryBot-Result: Go LUCI +Reviewed-by: Dmitri Shuralyov +Reviewed-by: Roland Shoemaker +Auto-Submit: Dmitri Shuralyov +Signed-off-by: Zhao Sheng Wei zhaoshengwei@huawei.com +--- + src/encoding/gob/decode.go | 19 +++++++++++-------- + src/encoding/gob/decoder.go | 2 ++ + src/encoding/gob/gobencdec_test.go | 14 ++++++++++++++ + 3 files changed, 27 insertions(+), 8 deletions(-) + +diff --git a/src/encoding/gob/decode.go b/src/encoding/gob/decode.go +index 0e0ec75ccc..92d64cb07f 100644 +--- a/src/encoding/gob/decode.go ++++ b/src/encoding/gob/decode.go +@@ -874,8 +874,11 @@ func (dec *Decoder) decOpFor(wireId typeId, rt reflect.Type, name string, inProg + var maxIgnoreNestingDepth = 10000 + + // decIgnoreOpFor returns the decoding op for a field that has no destination. +-func (dec *Decoder) decIgnoreOpFor(wireId typeId, inProgress map[typeId]*decOp, depth int) *decOp { +- if depth > maxIgnoreNestingDepth { ++func (dec *Decoder) decIgnoreOpFor(wireId typeId, inProgress map[typeId]*decOp) *decOp { ++ // Track how deep we've recursed trying to skip nested ignored fields. ++ dec.ignoreDepth++ ++ defer func() { dec.ignoreDepth-- }() ++ if dec.ignoreDepth > maxIgnoreNestingDepth { + error_(errors.New("invalid nesting depth")) + } + // If this type is already in progress, it's a recursive type (e.g. map[string]*T). +@@ -901,7 +904,7 @@ func (dec *Decoder) decIgnoreOpFor(wireId typeId, inProgress map[typeId]*decOp, + errorf("bad data: undefined type %s", wireId.string()) + case wire.ArrayT != nil: + elemId := wire.ArrayT.Elem +- elemOp := dec.decIgnoreOpFor(elemId, inProgress, depth+1) ++ elemOp := dec.decIgnoreOpFor(elemId, inProgress) + op = func(i *decInstr, state *decoderState, value reflect.Value) { + state.dec.ignoreArray(state, *elemOp, wire.ArrayT.Len) + } +@@ -909,15 +912,15 @@ func (dec *Decoder) decIgnoreOpFor(wireId typeId, inProgress map[typeId]*decOp, + case wire.MapT != nil: + keyId := dec.wireType[wireId].MapT.Key + elemId := dec.wireType[wireId].MapT.Elem +- keyOp := dec.decIgnoreOpFor(keyId, inProgress, depth+1) +- elemOp := dec.decIgnoreOpFor(elemId, inProgress, depth+1) ++ keyOp := dec.decIgnoreOpFor(keyId, inProgress) ++ elemOp := dec.decIgnoreOpFor(elemId, inProgress) + op = func(i *decInstr, state *decoderState, value reflect.Value) { + state.dec.ignoreMap(state, *keyOp, *elemOp) + } + + case wire.SliceT != nil: + elemId := wire.SliceT.Elem +- elemOp := dec.decIgnoreOpFor(elemId, inProgress, depth+1) ++ elemOp := dec.decIgnoreOpFor(elemId, inProgress) + op = func(i *decInstr, state *decoderState, value reflect.Value) { + state.dec.ignoreSlice(state, *elemOp) + } +@@ -1078,7 +1081,7 @@ func (dec *Decoder) compileSingle(remoteId typeId, ut *userTypeInfo) (engine *de + func (dec *Decoder) compileIgnoreSingle(remoteId typeId) *decEngine { + engine := new(decEngine) + engine.instr = make([]decInstr, 1) // one item +- op := dec.decIgnoreOpFor(remoteId, make(map[typeId]*decOp), 0) ++ op := dec.decIgnoreOpFor(remoteId, make(map[typeId]*decOp)) + ovfl := overflow(dec.typeString(remoteId)) + engine.instr[0] = decInstr{*op, 0, nil, ovfl} + engine.numInstr = 1 +@@ -1123,7 +1126,7 @@ func (dec *Decoder) compileDec(remoteId typeId, ut *userTypeInfo) (engine *decEn + localField, present := srt.FieldByName(wireField.Name) + // TODO(r): anonymous names + if !present || !isExported(wireField.Name) { +- op := dec.decIgnoreOpFor(wireField.Id, make(map[typeId]*decOp), 0) ++ op := dec.decIgnoreOpFor(wireField.Id, make(map[typeId]*decOp)) + engine.instr[fieldnum] = decInstr{*op, fieldnum, nil, ovfl} + continue + } +diff --git a/src/encoding/gob/decoder.go b/src/encoding/gob/decoder.go +index b476aaac93..2486c4b30a 100644 +--- a/src/encoding/gob/decoder.go ++++ b/src/encoding/gob/decoder.go +@@ -34,6 +34,8 @@ type Decoder struct { + freeList *decoderState // list of free decoderStates; avoids reallocation + countBuf []byte // used for decoding integers while parsing messages + err error ++ // ignoreDepth tracks the depth of recursively parsed ignored fields ++ ignoreDepth int + } + + // NewDecoder returns a new decoder that reads from the io.Reader. +diff --git a/src/encoding/gob/gobencdec_test.go b/src/encoding/gob/gobencdec_test.go +index 1b52ecc6c8..2b5f2a8e88 100644 +--- a/src/encoding/gob/gobencdec_test.go ++++ b/src/encoding/gob/gobencdec_test.go +@@ -806,6 +806,8 @@ func TestIngoreDepthLimit(t *testing.T) { + defer func() { maxIgnoreNestingDepth = oldNestingDepth }() + b := new(bytes.Buffer) + enc := NewEncoder(b) ++ ++ // Nested slice + typ := reflect.TypeOf(int(0)) + nested := reflect.ArrayOf(1, typ) + for i := 0; i < 100; i++ { +@@ -819,4 +821,16 @@ func TestIngoreDepthLimit(t *testing.T) { + if err := dec.Decode(&output); err == nil || err.Error() != expectedErr { + t.Errorf("Decode didn't fail with depth limit of 100: want %q, got %q", expectedErr, err) + } ++ ++ // Nested struct ++ nested = reflect.StructOf([]reflect.StructField{{Name: "F", Type: typ}}) ++ for i := 0; i < 100; i++ { ++ nested = reflect.StructOf([]reflect.StructField{{Name: "F", Type: nested}}) ++ } ++ badStruct = reflect.New(reflect.StructOf([]reflect.StructField{{Name: "F", Type: nested}})) ++ enc.Encode(badStruct.Interface()) ++ dec = NewDecoder(b) ++ if err := dec.Decode(&output); err == nil || err.Error() != expectedErr { ++ t.Errorf("Decode didn't fail with depth limit of 100: want %q, got %q", expectedErr, err) ++ } + } +-- +2.33.0 + diff --git a/0070-Backport-go-build-constraint-add-parsing-limits.patch b/0070-Backport-go-build-constraint-add-parsing-limits.patch new file mode 100644 index 0000000..b1dace3 --- /dev/null +++ b/0070-Backport-go-build-constraint-add-parsing-limits.patch @@ -0,0 +1,210 @@ +From 328c8da3dfa27bb5dad18a4bb4d90997abd6b44b Mon Sep 17 00:00:00 2001 +From: Roland Shoemaker +Date: Thu, 20 Jun 2024 10:45:30 -0700 +Subject: [PATCH 2/2] [Backport] go/build/constraint: add parsing limits + +Offering: Cloud Core Network +CVE: CVE-2024-34158 +Reference: https://go-review.googlesource.com/c/go/+/611183 + +Limit the size of build constraints that we will parse. This prevents a +number of stack exhaustions that can be hit when parsing overly complex +constraints. The imposed limits are unlikely to ever be hit in real +world usage. + +Note: The upstream does not submit this change to go1.16 according to the rules of MinorReleases. +Corego2.x are based on go1.16.5. Therefore, it need to submit the change to corego2.x. + +Edited-by: qinlonglong q00508429 + +Updates #69141 +Fixes #69148 +Fixes CVE-2024-34158 + +Change-Id: I38b614bf04caa36eefc6a4350d848588c4cef3c4 +Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/1540 +Reviewed-by: Damien Neil +Reviewed-by: Russ Cox +(cherry picked from commit 0c74dc9e0da0cf1e12494b514d822b5bebbc9f04) +Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/1582 +Reviewed-by: Tatiana Bradley +Reviewed-on: https://go-review.googlesource.com/c/go/+/611183 +Auto-Submit: Dmitri Shuralyov +Reviewed-by: Dmitri Shuralyov +Reviewed-by: Michael Pratt +TryBot-Bypass: Dmitri Shuralyov +Signed-off-by: QinLongLong qinlonglong@huawei.com +--- + src/go/build/constraint/expr.go | 28 ++++++++++-- + src/go/build/constraint/expr_test.go | 65 +++++++++++++++++++++++++++- + 2 files changed, 89 insertions(+), 4 deletions(-) + +diff --git a/src/go/build/constraint/expr.go b/src/go/build/constraint/expr.go +index 957eb9b527..85897e2435 100644 +--- a/src/go/build/constraint/expr.go ++++ b/src/go/build/constraint/expr.go +@@ -18,6 +18,10 @@ import ( + "unicode/utf8" + ) + ++// maxSize is a limit used to control the complexity of expressions, in order ++// to prevent stack exhaustion issues due to recursion. ++const maxSize = 1000 ++ + // An Expr is a build tag constraint expression. + // The underlying concrete type is *AndExpr, *OrExpr, *NotExpr, or *TagExpr. + type Expr interface { +@@ -153,7 +157,7 @@ func Parse(line string) (Expr, error) { + return parseExpr(text) + } + if text, ok := splitPlusBuild(line); ok { +- return parsePlusBuildExpr(text), nil ++ return parsePlusBuildExpr(text) + } + return nil, errNotConstraint + } +@@ -203,6 +207,8 @@ type exprParser struct { + tok string // last token read + isTag bool + pos int // position (start) of last token ++ ++ size int + } + + // parseExpr parses a boolean build tag expression. +@@ -251,6 +257,10 @@ func (p *exprParser) and() Expr { + // On entry, the next input token has not yet been lexed. + // On exit, the next input token has been lexed and is in p.tok. + func (p *exprParser) not() Expr { ++ p.size++ ++ if p.size > maxSize { ++ panic(&SyntaxError{Offset: p.pos, Err: "build expression too large"}) ++ } + p.lex() + if p.tok == "!" { + p.lex() +@@ -391,7 +401,13 @@ func splitPlusBuild(line string) (expr string, ok bool) { + } + + // parsePlusBuildExpr parses a legacy build tag expression (as used with “// +build”). +-func parsePlusBuildExpr(text string) Expr { ++func parsePlusBuildExpr(text string) (Expr, error) { ++ // Only allow up to 100 AND/OR operators for "old" syntax. ++ // This is much less than the limit for "new" syntax, ++ // but uses of old syntax were always very simple. ++ const maxOldSize = 100 ++ size := 0 ++ + var x Expr + for _, clause := range strings.Fields(text) { + var y Expr +@@ -417,19 +433,25 @@ func parsePlusBuildExpr(text string) Expr { + if y == nil { + y = z + } else { ++ if size++; size > maxOldSize { ++ return nil, errComplex ++ } + y = and(y, z) + } + } + if x == nil { + x = y + } else { ++ if size++; size > maxOldSize { ++ return nil, errComplex ++ } + x = or(x, y) + } + } + if x == nil { + x = tag("ignore") + } +- return x ++ return x, nil + } + + // isValidTag reports whether the word is a valid build tag. +diff --git a/src/go/build/constraint/expr_test.go b/src/go/build/constraint/expr_test.go +index 15d189012e..ac38ba6929 100644 +--- a/src/go/build/constraint/expr_test.go ++++ b/src/go/build/constraint/expr_test.go +@@ -222,7 +222,7 @@ var parsePlusBuildExprTests = []struct { + func TestParsePlusBuildExpr(t *testing.T) { + for i, tt := range parsePlusBuildExprTests { + t.Run(fmt.Sprint(i), func(t *testing.T) { +- x := parsePlusBuildExpr(tt.in) ++ x, _ := parsePlusBuildExpr(tt.in) + if x.String() != tt.x.String() { + t.Errorf("parsePlusBuildExpr(%q):\nhave %v\nwant %v", tt.in, x, tt.x) + } +@@ -319,3 +319,66 @@ func TestPlusBuildLines(t *testing.T) { + }) + } + } ++ ++func TestSizeLimits(t *testing.T) { ++ for _, tc := range []struct { ++ name string ++ expr string ++ }{ ++ { ++ name: "go:build or limit", ++ expr: "//go:build " + strings.Repeat("a || ", maxSize+2), ++ }, ++ { ++ name: "go:build and limit", ++ expr: "//go:build " + strings.Repeat("a && ", maxSize+2), ++ }, ++ { ++ name: "go:build and depth limit", ++ expr: "//go:build " + strings.Repeat("(a &&", maxSize+2), ++ }, ++ { ++ name: "go:build or depth limit", ++ expr: "//go:build " + strings.Repeat("(a ||", maxSize+2), ++ }, ++ } { ++ t.Run(tc.name, func(t *testing.T) { ++ _, err := Parse(tc.expr) ++ if err == nil { ++ t.Error("expression did not trigger limit") ++ } else if syntaxErr, ok := err.(*SyntaxError); !ok || syntaxErr.Err != "build expression too large" { ++ if !ok { ++ t.Errorf("unexpected error: %v", err) ++ } else { ++ t.Errorf("unexpected syntax error: %s", syntaxErr.Err) ++ } ++ } ++ }) ++ } ++} ++ ++func TestPlusSizeLimits(t *testing.T) { ++ maxOldSize := 100 ++ for _, tc := range []struct { ++ name string ++ expr string ++ }{ ++ { ++ name: "+build or limit", ++ expr: "// +build " + strings.Repeat("a ", maxOldSize+2), ++ }, ++ { ++ name: "+build and limit", ++ expr: "// +build " + strings.Repeat("a,", maxOldSize+2), ++ }, ++ } { ++ t.Run(tc.name, func(t *testing.T) { ++ _, err := Parse(tc.expr) ++ if err == nil { ++ t.Error("expression did not trigger limit") ++ } else if err != errComplex { ++ t.Errorf("unexpected error: got %q, want %q", err, errComplex) ++ } ++ }) ++ } ++} +-- +2.33.0 + diff --git a/golang.spec b/golang.spec index e905680..8198a18 100644 --- a/golang.spec +++ b/golang.spec @@ -63,7 +63,7 @@ Name: golang Version: 1.17.3 -Release: 36 +Release: 37 Summary: The Go Programming Language License: BSD and Public Domain URL: https://golang.org/ @@ -218,6 +218,8 @@ Patch6065: 0065-Backport-cmd-go-disallow-lto_library-in-LDFLAGS.patch Patch6066: 0066-Backport-archive-zip-treat-truncated-EOCDR-comment-a.patch Patch6067: 0067-Backport-net-http-send-body-or-close-connection-on-e.patch Patch6068: 0068-Backport-go-parser-track-depth-in-nested-element-lis.patch +Patch6069: 0069-Backport-encoding-gob-cover-missed-cases-when-checki.patch +Patch6070: 0070-Backport-go-build-constraint-add-parsing-limits.patch ExclusiveArch: %{golang_arches} @@ -456,6 +458,12 @@ fi %files devel -f go-tests.list -f go-misc.list -f go-src.list %changelog +* Tue Oct 22 2024 hanchao - 1.17.3-37 +- Type:CVE +- CVE:CVE-2024-34156,CVE-2024-34158 +- SUG:NA +- DESC:fix CVE-2024-34156,CVE-2024-34158 + * Wed Oct 16 2024 hanchao - 1.17.3-36 - Type:CVE - CVE:CVE-2024-34155 -- Gitee