diff --git a/0057-release-branch.go1.16-math-big-prevent-overflow-in-R.patch b/0057-release-branch.go1.16-math-big-prevent-overflow-in-R.patch new file mode 100644 index 0000000000000000000000000000000000000000..e2217de269410893e4bc60720bec39c4cb2525b2 --- /dev/null +++ b/0057-release-branch.go1.16-math-big-prevent-overflow-in-R.patch @@ -0,0 +1,64 @@ +From 3ebb1762fb1942b4ffe932000f873e16c194a2d7 Mon Sep 17 00:00:00 2001 +From: Katie Hockman +Date: Wed, 2 Mar 2022 10:52:56 +0800 +Subject: [Backport 1/3] [release-branch.go1.16] math/big: prevent overflow in + (*Rat).SetString + +Credit to rsc@ for the original patch. + +Thanks to the OSS-Fuzz project for discovering this +issue and to Emmanuel Odeke (@odeke_et) for reporting it. + +Updates #50699 +Fixes #50700 +Fixes CVE-2022-23772 + +Change-Id: I590395a3d55689625390cf1e58f5f40623b26ee5 +Reviewed-on: https://go-review.googlesource.com/c/go/+/379537 +Trust: Katie Hockman +Run-TryBot: Katie Hockman +TryBot-Result: Gopher Robot +Reviewed-by: Emmanuel Odeke +Reviewed-by: Roland Shoemaker +Reviewed-by: Julie Qiu +(cherry picked from commit ad345c265916bbf6c646865e4642eafce6d39e78) +Reviewed-on: https://go-review.googlesource.com/c/go/+/381337 + +Reference:https://go-review.googlesource.com/c/go/+/381337 +Conflict:NA +--- + src/math/big/ratconv.go | 5 +++++ + src/math/big/ratconv_test.go | 1 + + 2 files changed, 6 insertions(+) + +diff --git a/src/math/big/ratconv.go b/src/math/big/ratconv.go +index ac3c8bd..90053a9 100644 +--- a/src/math/big/ratconv.go ++++ b/src/math/big/ratconv.go +@@ -169,6 +169,11 @@ func (z *Rat) SetString(s string) (*Rat, bool) { + n := exp5 + if n < 0 { + n = -n ++ if n < 0 { ++ // This can occur if -n overflows. -(-1 << 63) would become ++ // -1 << 63, which is still negative. ++ return nil, false ++ } + } + if n > 1e6 { + return nil, false // avoid excessively large exponents +diff --git a/src/math/big/ratconv_test.go b/src/math/big/ratconv_test.go +index 15d206c..e55e655 100644 +--- a/src/math/big/ratconv_test.go ++++ b/src/math/big/ratconv_test.go +@@ -104,6 +104,7 @@ var setStringTests = []StringTest{ + {in: "4/3/"}, + {in: "4/3."}, + {in: "4/"}, ++ {in: "13e-9223372036854775808"}, // CVE-2022-23772 + + // valid + {"0", "0", true}, +-- +2.30.0 + diff --git a/0058-release-branch.go1.16-crypto-elliptic-make-IsOnCurve.patch b/0058-release-branch.go1.16-crypto-elliptic-make-IsOnCurve.patch new file mode 100644 index 0000000000000000000000000000000000000000..6f232542416a44d890712ac6d585ed6db0ce8768 --- /dev/null +++ b/0058-release-branch.go1.16-crypto-elliptic-make-IsOnCurve.patch @@ -0,0 +1,149 @@ +From 126bdb9ae49d443850459b55cf7c0686eef2f476 Mon Sep 17 00:00:00 2001 +From: Filippo Valsorda +Date: Wed, 2 Mar 2022 10:56:28 +0800 +Subject: [Backport 3/3] [release-branch.go1.16] crypto/elliptic: make + IsOnCurve return false for invalid field elements + +Updates #50974 +Fixes #50977 +Fixes CVE-2022-23806 + +Change-Id: I0201c2c88f13dd82910985a495973f1683af9259 +Reviewed-on: https://go-review.googlesource.com/c/go/+/382855 +Trust: Filippo Valsorda +Run-TryBot: Filippo Valsorda +Reviewed-by: Katie Hockman +Trust: Katie Hockman +TryBot-Result: Gopher Robot + +Conflict:NA +Reference:https://go-review.googlesource.com/c/go/+/382855 +--- + src/crypto/elliptic/elliptic.go | 4 ++ + src/crypto/elliptic/elliptic_test.go | 81 ++++++++++++++++++++++++++++ + src/crypto/elliptic/p224.go | 5 ++ + 3 files changed, 90 insertions(+) + +diff --git a/src/crypto/elliptic/elliptic.go b/src/crypto/elliptic/elliptic.go +index f93dc16..321f926 100644 +--- a/src/crypto/elliptic/elliptic.go ++++ b/src/crypto/elliptic/elliptic.go +@@ -71,6 +71,10 @@ func (curve *CurveParams) polynomial(x *big.Int) *big.Int { + } + + func (curve *CurveParams) IsOnCurve(x, y *big.Int) bool { ++ if x.Sign() < 0 || x.Cmp(curve.P) >= 0 || ++ y.Sign() < 0 || y.Cmp(curve.P) >= 0 { ++ return false ++ } + // y² = x³ - 3x + b + y2 := new(big.Int).Mul(y, y) + y2.Mod(y2, curve.P) +diff --git a/src/crypto/elliptic/elliptic_test.go b/src/crypto/elliptic/elliptic_test.go +index e80e773..bb16b0d 100644 +--- a/src/crypto/elliptic/elliptic_test.go ++++ b/src/crypto/elliptic/elliptic_test.go +@@ -721,3 +721,84 @@ func testMarshalCompressed(t *testing.T, curve Curve, x, y *big.Int, want []byte + t.Errorf("point did not round-trip correctly: got (%v, %v), want (%v, %v)", X, Y, x, y) + } + } ++ ++func testAllCurves(t *testing.T, f func(*testing.T, Curve)) { ++ tests := []struct { ++ name string ++ curve Curve ++ }{ ++ {"P256", P256()}, ++ {"P256/Params", P256().Params()}, ++ {"P224", P224()}, ++ {"P224/Params", P224().Params()}, ++ {"P384", P384()}, ++ {"P384/Params", P384().Params()}, ++ {"P521", P521()}, ++ {"P521/Params", P521().Params()}, ++ } ++ if testing.Short() { ++ tests = tests[:1] ++ } ++ for _, test := range tests { ++ curve := test.curve ++ t.Run(test.name, func(t *testing.T) { ++ t.Parallel() ++ f(t, curve) ++ }) ++ } ++} ++ ++// TestInvalidCoordinates tests big.Int values that are not valid field elements ++// (negative or bigger than P). They are expected to return false from ++// IsOnCurve, all other behavior is undefined. ++func TestInvalidCoordinates(t *testing.T) { ++ testAllCurves(t, testInvalidCoordinates) ++} ++ ++func testInvalidCoordinates(t *testing.T, curve Curve) { ++ checkIsOnCurveFalse := func(name string, x, y *big.Int) { ++ if curve.IsOnCurve(x, y) { ++ t.Errorf("IsOnCurve(%s) unexpectedly returned true", name) ++ } ++ } ++ ++ p := curve.Params().P ++ _, x, y, _ := GenerateKey(curve, rand.Reader) ++ xx, yy := new(big.Int), new(big.Int) ++ ++ // Check if the sign is getting dropped. ++ xx.Neg(x) ++ checkIsOnCurveFalse("-x, y", xx, y) ++ yy.Neg(y) ++ checkIsOnCurveFalse("x, -y", x, yy) ++ ++ // Check if negative values are reduced modulo P. ++ xx.Sub(x, p) ++ checkIsOnCurveFalse("x-P, y", xx, y) ++ yy.Sub(y, p) ++ checkIsOnCurveFalse("x, y-P", x, yy) ++ ++ // Check if positive values are reduced modulo P. ++ xx.Add(x, p) ++ checkIsOnCurveFalse("x+P, y", xx, y) ++ yy.Add(y, p) ++ checkIsOnCurveFalse("x, y+P", x, yy) ++ ++ // Check if the overflow is dropped. ++ xx.Add(x, new(big.Int).Lsh(big.NewInt(1), 535)) ++ checkIsOnCurveFalse("x+2⁵³⁵, y", xx, y) ++ yy.Add(y, new(big.Int).Lsh(big.NewInt(1), 535)) ++ checkIsOnCurveFalse("x, y+2⁵³⁵", x, yy) ++ ++ // Check if P is treated like zero (if possible). ++ // y^2 = x^3 - 3x + B ++ // y = mod_sqrt(x^3 - 3x + B) ++ // y = mod_sqrt(B) if x = 0 ++ // If there is no modsqrt, there is no point with x = 0, can't test x = P. ++ if yy := new(big.Int).ModSqrt(curve.Params().B, p); yy != nil { ++ if !curve.IsOnCurve(big.NewInt(0), yy) { ++ t.Fatal("(0, mod_sqrt(B)) is not on the curve?") ++ } ++ checkIsOnCurveFalse("P, y", p, yy) ++ } ++} +diff --git a/src/crypto/elliptic/p224.go b/src/crypto/elliptic/p224.go +index 8c76021..ff5c834 100644 +--- a/src/crypto/elliptic/p224.go ++++ b/src/crypto/elliptic/p224.go +@@ -48,6 +48,11 @@ func (curve p224Curve) Params() *CurveParams { + } + + func (curve p224Curve) IsOnCurve(bigX, bigY *big.Int) bool { ++ if bigX.Sign() < 0 || bigX.Cmp(curve.P) >= 0 || ++ bigY.Sign() < 0 || bigY.Cmp(curve.P) >= 0 { ++ return false ++ } ++ + var x, y p224FieldElement + p224FromBig(&x, bigX) + p224FromBig(&y, bigY) +-- +2.30.0 + diff --git a/golang.spec b/golang.spec index f204e0f59b1882c06073c76ae74485a17c2b5fa9..f88ae11ef0890e59d0f6ecb3677cf4df1b9ba16b 100644 --- a/golang.spec +++ b/golang.spec @@ -62,7 +62,7 @@ Name: golang Version: 1.15.7 -Release: 8 +Release: 9 Summary: The Go Programming Language License: BSD and Public Domain URL: https://golang.org/ @@ -202,6 +202,8 @@ Patch6053: 0053-net-http-httputil-close-incoming-ReverseProxy-reques.patch Patch6054: 0054-release-branch.go1.16-net-http-update-bundled-golang.patch Patch6055: 0055-release-branch.go1.16-archive-zip-prevent-preallocat.patch Patch6056: 0056-release-branch.go1.16-debug-macho-fail-on-invalid-dy.patch +Patch6057: 0057-release-branch.go1.16-math-big-prevent-overflow-in-R.patch +Patch6058: 0058-release-branch.go1.16-crypto-elliptic-make-IsOnCurve.patch Patch9001: 0001-drop-hard-code-cert.patch @@ -435,6 +437,9 @@ fi %files devel -f go-tests.list -f go-misc.list -f go-src.list %changelog +* Fri Mar 4 2022 hanchao - 1.15.7-9 +- fix CVE-2022-23772 CVE-2022-23806 + * Wed Mar 2 2022 hanchao - 1.15.7-8 - fix CVE-2021-41771 @@ -471,7 +476,7 @@ fi * Tue Mar 17 2020 jingrui - 1.13.5 - drop hard code cert -* Mon Mar 23 2020 jingrui - 1.13.4 +* Mon Mar 16 2020 jingrui - 1.13.4 - fix CVE-2020-7919 * Thu Feb 20 2020 openEuler Buildteam - 1.13-3.2