diff --git a/0061-release-branch.go1.17-crypto-elliptic-tolerate-zero-.patch b/0061-release-branch.go1.17-crypto-elliptic-tolerate-zero-.patch new file mode 100644 index 0000000000000000000000000000000000000000..d0da46e29856dad78dc0f30056104cd289a5c5c1 --- /dev/null +++ b/0061-release-branch.go1.17-crypto-elliptic-tolerate-zero-.patch @@ -0,0 +1,60 @@ +From 0a42f7750216ff7ca3aa1c0fb3fcf6a1f431cca0 Mon Sep 17 00:00:00 2001 +From: Filippo Valsorda +Date: Thu, 31 Mar 2022 12:31:58 -0400 +Subject: [Backport] [release-branch.go1.17] crypto/elliptic: tolerate + zero-padded scalars in generic P-256 + +Updates #52075 +Fixes #52076 +Fixes CVE-2022-28327 + +Change-Id: I595a7514c9a0aa1b9c76aedfc2307e1124271f27 +Reviewed-on: https://go-review.googlesource.com/c/go/+/397136 +Trust: Filippo Valsorda +Reviewed-by: Julie Qiu + +Conflict: NA +Reference: https://go-review.googlesource.com/c/go/+/397136 +--- + src/crypto/elliptic/elliptic_test.go | 14 ++++++++++++++ + src/crypto/elliptic/p256.go | 2 +- + 2 files changed, 15 insertions(+), 1 deletion(-) + +diff --git a/src/crypto/elliptic/elliptic_test.go b/src/crypto/elliptic/elliptic_test.go +index bb16b0d163..498f617198 100644 +--- a/src/crypto/elliptic/elliptic_test.go ++++ b/src/crypto/elliptic/elliptic_test.go +@@ -802,3 +802,17 @@ func testInvalidCoordinates(t *testing.T, curve Curve) { + checkIsOnCurveFalse("P, y", p, yy) + } + } ++ ++func TestIssue52075(t *testing.T) { ++ Gx, Gy := P256().Params().Gx, P256().Params().Gy ++ scalar := make([]byte, 33) ++ scalar[32] = 1 ++ x, y := P256().ScalarBaseMult(scalar) ++ if x.Cmp(Gx) != 0 || y.Cmp(Gy) != 0 { ++ t.Errorf("unexpected output (%v,%v)", x, y) ++ } ++ x, y = P256().ScalarMult(Gx, Gy, scalar) ++ if x.Cmp(Gx) != 0 || y.Cmp(Gy) != 0 { ++ t.Errorf("unexpected output (%v,%v)", x, y) ++ } ++} +diff --git a/src/crypto/elliptic/p256.go b/src/crypto/elliptic/p256.go +index c23e414156..787e3e7444 100644 +--- a/src/crypto/elliptic/p256.go ++++ b/src/crypto/elliptic/p256.go +@@ -51,7 +51,7 @@ func p256GetScalar(out *[32]byte, in []byte) { + n := new(big.Int).SetBytes(in) + var scalarBytes []byte + +- if n.Cmp(p256Params.N) >= 0 { ++ if n.Cmp(p256Params.N) >= 0 || len(in) > len(out) { + n.Mod(n, p256Params.N) + scalarBytes = n.Bytes() + } else { +-- +2.30.0 + diff --git a/0062-release-branch.go1.17-encoding-pem-fix-stack-overflo.patch b/0062-release-branch.go1.17-encoding-pem-fix-stack-overflo.patch new file mode 100644 index 0000000000000000000000000000000000000000..25fc23002c6e543bf9554a53bc191df0ef8c7039 --- /dev/null +++ b/0062-release-branch.go1.17-encoding-pem-fix-stack-overflo.patch @@ -0,0 +1,291 @@ +From bef7ed470e9a784e1b736c5847aabef2d9ac8094 Mon Sep 17 00:00:00 2001 +From: Julie Qiu +Date: Tue, 1 Mar 2022 10:19:38 -0600 +Subject: [Backport 2/2] [release-branch.go1.17] encoding/pem: fix stack + overflow in Decode + +Previously, Decode called decodeError, a recursive function that was +prone to stack overflows when given a large PEM file containing errors. + +Credit to Juho Nurminen of Mattermost who reported the error. + +Fixes CVE-2022-24675 +Updates #51853 +Fixes #52036 + +Change-Id: Iffe768be53c8ddc0036fea0671d290f8f797692c +Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1391157 +Reviewed-by: Damien Neil +Reviewed-by: Filippo Valsorda +(cherry picked from commit 794ea5e828010e8b68493b2fc6d2963263195a02) +Reviewed-on: https://go-review.googlesource.com/c/go/+/399816 +Run-TryBot: Dmitri Shuralyov +Reviewed-by: Dmitri Shuralyov +Reviewed-by: Cherry Mui +TryBot-Result: Gopher Robot + +Conflict: NA +Reference: https://go-review.googlesource.com/c/go/+/399816 +--- + src/encoding/pem/pem.go | 174 +++++++++++++++-------------------- + src/encoding/pem/pem_test.go | 28 +++++- + 2 files changed, 101 insertions(+), 101 deletions(-) + +diff --git a/src/encoding/pem/pem.go b/src/encoding/pem/pem.go +index a7272da5ad..1bee1c12d2 100644 +--- a/src/encoding/pem/pem.go ++++ b/src/encoding/pem/pem.go +@@ -87,123 +87,97 @@ func Decode(data []byte) (p *Block, rest []byte) { + // pemStart begins with a newline. However, at the very beginning of + // the byte array, we'll accept the start string without it. + rest = data +- if bytes.HasPrefix(data, pemStart[1:]) { +- rest = rest[len(pemStart)-1 : len(data)] +- } else if i := bytes.Index(data, pemStart); i >= 0 { +- rest = rest[i+len(pemStart) : len(data)] +- } else { +- return nil, data +- } +- +- typeLine, rest := getLine(rest) +- if !bytes.HasSuffix(typeLine, pemEndOfLine) { +- return decodeError(data, rest) +- } +- typeLine = typeLine[0 : len(typeLine)-len(pemEndOfLine)] +- +- p = &Block{ +- Headers: make(map[string]string), +- Type: string(typeLine), +- } +- + for { +- // This loop terminates because getLine's second result is +- // always smaller than its argument. +- if len(rest) == 0 { ++ if bytes.HasPrefix(rest, pemStart[1:]) { ++ rest = rest[len(pemStart)-1:] ++ } else if i := bytes.Index(rest, pemStart); i >= 0 { ++ rest = rest[i+len(pemStart) : len(rest)] ++ } else { + return nil, data + } +- line, next := getLine(rest) + +- i := bytes.IndexByte(line, ':') +- if i == -1 { +- break ++ var typeLine []byte ++ typeLine, rest = getLine(rest) ++ if !bytes.HasSuffix(typeLine, pemEndOfLine) { ++ continue + } ++ typeLine = typeLine[0 : len(typeLine)-len(pemEndOfLine)] + +- // TODO(agl): need to cope with values that spread across lines. +- key, val := line[:i], line[i+1:] +- key = bytes.TrimSpace(key) +- val = bytes.TrimSpace(val) +- p.Headers[string(key)] = string(val) +- rest = next +- } ++ p = &Block{ ++ Headers: make(map[string]string), ++ Type: string(typeLine), ++ } + +- var endIndex, endTrailerIndex int ++ for { ++ // This loop terminates because getLine's second result is ++ // always smaller than its argument. ++ if len(rest) == 0 { ++ return nil, data ++ } ++ line, next := getLine(rest) + +- // If there were no headers, the END line might occur +- // immediately, without a leading newline. +- if len(p.Headers) == 0 && bytes.HasPrefix(rest, pemEnd[1:]) { +- endIndex = 0 +- endTrailerIndex = len(pemEnd) - 1 +- } else { +- endIndex = bytes.Index(rest, pemEnd) +- endTrailerIndex = endIndex + len(pemEnd) +- } ++ i := bytes.IndexByte(line, ':') ++ if i == -1 { ++ break ++ } + +- if endIndex < 0 { +- return decodeError(data, rest) +- } ++ // TODO(agl): need to cope with values that spread across lines. ++ key, val := line[:i], line[i+1:] ++ key = bytes.TrimSpace(key) ++ val = bytes.TrimSpace(val) ++ p.Headers[string(key)] = string(val) ++ rest = next ++ } + +- // After the "-----" of the ending line, there should be the same type +- // and then a final five dashes. +- endTrailer := rest[endTrailerIndex:] +- endTrailerLen := len(typeLine) + len(pemEndOfLine) +- if len(endTrailer) < endTrailerLen { +- return decodeError(data, rest) +- } ++ var endIndex, endTrailerIndex int + +- restOfEndLine := endTrailer[endTrailerLen:] +- endTrailer = endTrailer[:endTrailerLen] +- if !bytes.HasPrefix(endTrailer, typeLine) || +- !bytes.HasSuffix(endTrailer, pemEndOfLine) { +- return decodeError(data, rest) +- } ++ // If there were no headers, the END line might occur ++ // immediately, without a leading newline. ++ if len(p.Headers) == 0 && bytes.HasPrefix(rest, pemEnd[1:]) { ++ endIndex = 0 ++ endTrailerIndex = len(pemEnd) - 1 ++ } else { ++ endIndex = bytes.Index(rest, pemEnd) ++ endTrailerIndex = endIndex + len(pemEnd) ++ } + +- // The line must end with only whitespace. +- if s, _ := getLine(restOfEndLine); len(s) != 0 { +- return decodeError(data, rest) +- } ++ if endIndex < 0 { ++ continue ++ } + +- base64Data := removeSpacesAndTabs(rest[:endIndex]) +- p.Bytes = make([]byte, base64.StdEncoding.DecodedLen(len(base64Data))) +- n, err := base64.StdEncoding.Decode(p.Bytes, base64Data) +- if err != nil { +- return decodeError(data, rest) +- } +- p.Bytes = p.Bytes[:n] ++ // After the "-----" of the ending line, there should be the same type ++ // and then a final five dashes. ++ endTrailer := rest[endTrailerIndex:] ++ endTrailerLen := len(typeLine) + len(pemEndOfLine) ++ if len(endTrailer) < endTrailerLen { ++ continue ++ } ++ ++ restOfEndLine := endTrailer[endTrailerLen:] ++ endTrailer = endTrailer[:endTrailerLen] ++ if !bytes.HasPrefix(endTrailer, typeLine) || ++ !bytes.HasSuffix(endTrailer, pemEndOfLine) { ++ continue ++ } + +- // the -1 is because we might have only matched pemEnd without the +- // leading newline if the PEM block was empty. +- _, rest = getLine(rest[endIndex+len(pemEnd)-1:]) ++ // The line must end with only whitespace. ++ if s, _ := getLine(restOfEndLine); len(s) != 0 { ++ continue ++ } + +- return +-} ++ base64Data := removeSpacesAndTabs(rest[:endIndex]) ++ p.Bytes = make([]byte, base64.StdEncoding.DecodedLen(len(base64Data))) ++ n, err := base64.StdEncoding.Decode(p.Bytes, base64Data) ++ if err != nil { ++ continue ++ } ++ p.Bytes = p.Bytes[:n] + +-func decodeError(data, rest []byte) (*Block, []byte) { +- // If we get here then we have rejected a likely looking, but +- // ultimately invalid PEM block. We need to start over from a new +- // position. We have consumed the preamble line and will have consumed +- // any lines which could be header lines. However, a valid preamble +- // line is not a valid header line, therefore we cannot have consumed +- // the preamble line for the any subsequent block. Thus, we will always +- // find any valid block, no matter what bytes precede it. +- // +- // For example, if the input is +- // +- // -----BEGIN MALFORMED BLOCK----- +- // junk that may look like header lines +- // or data lines, but no END line +- // +- // -----BEGIN ACTUAL BLOCK----- +- // realdata +- // -----END ACTUAL BLOCK----- +- // +- // we've failed to parse using the first BEGIN line +- // and now will try again, using the second BEGIN line. +- p, rest := Decode(rest) +- if p == nil { +- rest = data ++ // the -1 is because we might have only matched pemEnd without the ++ // leading newline if the PEM block was empty. ++ _, rest = getLine(rest[endIndex+len(pemEnd)-1:]) ++ return p, rest + } +- return p, rest + } + + const pemLineLength = 64 +diff --git a/src/encoding/pem/pem_test.go b/src/encoding/pem/pem_test.go +index 8515b46498..44855812b0 100644 +--- a/src/encoding/pem/pem_test.go ++++ b/src/encoding/pem/pem_test.go +@@ -107,6 +107,12 @@ const pemMissingEndingSpace = ` + dGVzdA== + -----ENDBAR-----` + ++const pemMissingEndLine = ` ++-----BEGIN FOO----- ++Header: 1` ++ ++var pemRepeatingBegin = strings.Repeat("-----BEGIN \n", 10) ++ + var badPEMTests = []struct { + name string + input string +@@ -131,14 +137,34 @@ var badPEMTests = []struct { + "missing ending space", + pemMissingEndingSpace, + }, ++ { ++ "repeating begin", ++ pemRepeatingBegin, ++ }, ++ { ++ "missing end line", ++ pemMissingEndLine, ++ }, + } + + func TestBadDecode(t *testing.T) { + for _, test := range badPEMTests { +- result, _ := Decode([]byte(test.input)) ++ result, rest := Decode([]byte(test.input)) + if result != nil { + t.Errorf("unexpected success while parsing %q", test.name) + } ++ if string(rest) != test.input { ++ t.Errorf("unexpected rest: %q; want = %q", rest, test.input) ++ } ++ } ++} ++ ++func TestCVE202224675(t *testing.T) { ++ // Prior to CVE-2022-24675, this input would cause a stack overflow. ++ input := []byte(strings.Repeat("-----BEGIN \n", 10000000)) ++ result, rest := Decode(input) ++ if result != nil || !reflect.DeepEqual(rest, input) { ++ t.Errorf("Encode of %#v decoded as %#v", input, rest) + } + } + +-- +2.30.0 + diff --git a/golang.spec b/golang.spec index 84b2b0933ead3c7e3dc3474cad7ca7550123166d..c0814d8063eb95451bacd65baf8ed478ecbd4d07 100644 --- a/golang.spec +++ b/golang.spec @@ -62,7 +62,7 @@ Name: golang Version: 1.15.7 -Release: 11 +Release: 12 Summary: The Go Programming Language License: BSD and Public Domain URL: https://golang.org/ @@ -206,6 +206,9 @@ Patch6057: 0057-release-branch.go1.16-math-big-prevent-overflow-in-R.patch Patch6058: 0058-release-branch.go1.16-crypto-elliptic-make-IsOnCurve.patch Patch6059: 0059-release-branch.go1.16-regexp-syntax-reject-very-deep.patch Patch6060: 0060-cmd-go-internal-modfetch-do-not-short-circuit-canoni.patch +Patch6061: 0061-release-branch.go1.17-crypto-elliptic-tolerate-zero-.patch +Patch6062: 0062-release-branch.go1.17-encoding-pem-fix-stack-overflo.patch + Patch9001: 0001-drop-hard-code-cert.patch Patch9002: 0002-fix-patch-cmd-go-internal-modfetch-do-not-sho.patch @@ -440,6 +443,9 @@ fi %files devel -f go-tests.list -f go-misc.list -f go-src.list %changelog +* Wed May 11 2022 hanchao - 1.15.7-12 +- fix CVE-2022-28327 CVE-2022-24675 + * Thu Mar 24 2022 hanchao - 1.15.7-11 - fix CVE-2022-23773