go: Fix CVE-2024-34155

Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion. Reference: https://nvd.nist.gov/vuln/detail/CVE-2024-34155 Upstream-patch: https://github.com/golang/go/commit/b232596139dbe96a62edbe3a2a203e856bf556eb (From OE-Core rev: 9d21d527e2448e202030ae7ad38c88e25943a2f3) Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
author: Archana Polampalli <archana.polampalli@windriver.com> 2025-01-08 05:54:19 +0000
committer: Steve Sakoman <steve@sakoman.com> 2025-01-18 06:21:02 -0800
commit: f700dcdc1d7db04c126a42f1d8f9588ad295f09c (patch)
tree: cc9f8c25f13a9df8193d64082e5ed6326caed387
parent: f50532593651dff82bc952288d786c55038c2c86 (diff)
download: poky-f700dcdc1d7db04c126a42f1d8f9588ad295f09c.tar.gz
2 files changed, 72 insertions, 0 deletions
diff --git a/meta/recipes-devtools/go/go-1.17.13.inc b/meta/recipes-devtools/go/go-1.17.13.inc
index 349b0be6be..11bd2afde0 100644
--- a/meta/recipes-devtools/go/go-1.17.13.inc
+++ b/meta/recipes-devtools/go/go-1.17.13.inc
@@ -58,6 +58,7 @@ SRC_URI += "\
    file://CVE-2023-45288.patch \
    file://CVE-2024-24789.patch \
    file://CVE-2024-24791.patch \
+    file://CVE-2024-34155.patch \
 "
 SRC_URI[main.sha256sum] = "a1a48b23afb206f95e7bbaa9b898d965f90826f6f1d1fc0c1d784ada0cd300fd"
diff --git a/meta/recipes-devtools/go/go-1.21/CVE-2024-34155.patch b/meta/recipes-devtools/go/go-1.21/CVE-2024-34155.patch
new file mode 100644
index 0000000000..515d9dcdff
--- /dev/null
+++ b/meta/recipes-devtools/go/go-1.21/CVE-2024-34155.patch
@@ -0,0 +1,71 @@
+From b232596139dbe96a62edbe3a2a203e856bf556eb Mon Sep 17 00:00:00 2001
+From: Roland Shoemaker <bracewell@google.com>
+Date: Mon, 10 Jun 2024 15:34:12 -0700
+Subject: [PATCH] go/parser: track depth in nested element lists
+Prevents stack exhaustion with extremely deeply nested literal values,
+i.e. field values in structs.
+Updates #69138
+Fixes #69142
+Fixes CVE-2024-34155
+Change-Id: I2e8e33b44105cc169d7ed1ae83fb56df0c10f1ee
+Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/1520
+Reviewed-by: Robert Griesemer <gri@google.com>
+Reviewed-by: Damien Neil <dneil@google.com>
+Reviewed-by: Russ Cox <rsc@google.com>
+(cherry picked from commit eb1b038c0d01761694e7a735ef87ac9164c6568e)
+Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/1561
+Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
+Reviewed-on: https://go-review.googlesource.com/c/go/+/611181
+Reviewed-by: Michael Pratt <mpratt@google.com>
+TryBot-Bypass: Dmitri Shuralyov <dmitshur@google.com>
+Auto-Submit: Dmitri Shuralyov <dmitshur@google.com>
+Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
+CVE: CVE-2024-34155
+Upstream-Status: Backport [https://github.com/golang/go/commit/b232596139dbe96a62edbe3a2a203e856bf556eb]
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ src/go/parser/parser.go      | 2 ++
+ src/go/parser/parser_test.go | 9 +++++----
+ 2 files changed, 7 insertions(+), 4 deletions(-)
+diff --git a/src/go/parser/parser.go b/src/go/parser/parser.go
+index 2c42b9f..a728d9a 100644
+--- a/src/go/parser/parser.go
+++ b/src/go/parser/parser.go
+@@ -1481,6 +1481,8 @@ func (p *parser) parseElementList() (list []ast.Expr) {
+ }
+ func (p *parser) parseLiteralValue(typ ast.Expr) ast.Expr {
+       defer decNestLev(incNestLev(p))
+
+        if p.trace {
+                defer un(trace(p, "LiteralValue"))
+        }
+diff --git a/src/go/parser/parser_test.go b/src/go/parser/parser_test.go
+index 993df63..b2cd501 100644
+--- a/src/go/parser/parser_test.go
+++ b/src/go/parser/parser_test.go
+@@ -607,10 +607,11 @@ var parseDepthTests = []struct {
+        {name: "chan2", format: "package main; var x «<-chan »int"},
+        {name: "interface", format: "package main; var x «interface { M() «int» }»", scope: true, scopeMultiplier: 2}, // Scopes: InterfaceType, FuncType
+        {name: "map", format: "package main; var x «map[int]»int"},
+-       {name: "slicelit", format: "package main; var x = «[]any{«»}»", parseMultiplier: 2},             // Parser nodes: UnaryExpr, CompositeLit
+-       {name: "arraylit", format: "package main; var x = «[1]any{«nil»}»", parseMultiplier: 2},         // Parser nodes: UnaryExpr, CompositeLit
+-       {name: "structlit", format: "package main; var x = «struct{x any}{«nil»}»", parseMultiplier: 2}, // Parser nodes: UnaryExpr, CompositeLit
+-       {name: "maplit", format: "package main; var x = «map[int]any{1:«nil»}»", parseMultiplier: 2},    // Parser nodes: CompositeLit, KeyValueExpr
+       {name: "slicelit", format: "package main; var x = []any{«[]any{«»}»}", parseMultiplier: 3},      // Parser nodes: UnaryExpr, CompositeLit
+       {name: "arraylit", format: "package main; var x = «[1]any{«nil»}»", parseMultiplier: 3},         // Parser nodes: UnaryExpr, CompositeLit
+       {name: "structlit", format: "package main; var x = «struct{x any}{«nil»}»", parseMultiplier: 3}, // Parser nodes: UnaryExpr, CompositeLit
+       {name: "maplit", format: "package main; var x = «map[int]any{1:«nil»}»", parseMultiplier: 3},    // Parser nodes: CompositeLit, KeyValueExpr
+       {name: "element", format: "package main; var x = struct{x any}{x: «{«»}»}"},
+        {name: "dot", format: "package main; var x = «x.»x"},
+        {name: "index", format: "package main; var x = x«[1]»"},
+        {name: "slice", format: "package main; var x = x«[1:2]»"},
+--
+2.40.0
author	Archana Polampalli <archana.polampalli@windriver.com>	2025-01-08 05:54:19 +0000
committer	Steve Sakoman <steve@sakoman.com>	2025-01-18 06:21:02 -0800
commit	f700dcdc1d7db04c126a42f1d8f9588ad295f09c (patch)
tree	cc9f8c25f13a9df8193d64082e5ed6326caed387
parent	f50532593651dff82bc952288d786c55038c2c86 (diff)
download	poky-f700dcdc1d7db04c126a42f1d8f9588ad295f09c.tar.gz

diff --git a/meta/recipes-devtools/go/go-1.17.13.inc b/meta/recipes-devtools/go/go-1.17.13.inc index 349b0be6be..11bd2afde0 100644 --- a/meta/recipes-devtools/go/go-1.17.13.inc +++ b/meta/recipes-devtools/go/go-1.17.13.inc
@@ -58,6 +58,7 @@ SRC_URI += "\
58	file://CVE-2023-45288.patch \	58	file://CVE-2023-45288.patch \
59	file://CVE-2024-24789.patch \	59	file://CVE-2024-24789.patch \
60	file://CVE-2024-24791.patch \	60	file://CVE-2024-24791.patch \
		61	file://CVE-2024-34155.patch \
61	"	62	"
62	SRC_URI[main.sha256sum] = "a1a48b23afb206f95e7bbaa9b898d965f90826f6f1d1fc0c1d784ada0cd300fd"	63	SRC_URI[main.sha256sum] = "a1a48b23afb206f95e7bbaa9b898d965f90826f6f1d1fc0c1d784ada0cd300fd"
63		64


diff --git a/meta/recipes-devtools/go/go-1.21/CVE-2024-34155.patch b/meta/recipes-devtools/go/go-1.21/CVE-2024-34155.patch new file mode 100644 index 0000000000..515d9dcdff --- /dev/null +++ b/meta/recipes-devtools/go/go-1.21/CVE-2024-34155.patch
@@ -0,0 +1,71 @@
		1	From b232596139dbe96a62edbe3a2a203e856bf556eb Mon Sep 17 00:00:00 2001
		2	From: Roland Shoemaker <bracewell@google.com>
		3	Date: Mon, 10 Jun 2024 15:34:12 -0700
		4	Subject: [PATCH] go/parser: track depth in nested element lists
		5
		6	Prevents stack exhaustion with extremely deeply nested literal values,
		7	i.e. field values in structs.
		8
		9	Updates #69138
		10	Fixes #69142
		11	Fixes CVE-2024-34155
		12
		13	Change-Id: I2e8e33b44105cc169d7ed1ae83fb56df0c10f1ee
		14	Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/1520
		15	Reviewed-by: Robert Griesemer <gri@google.com>
		16	Reviewed-by: Damien Neil <dneil@google.com>
		17	Reviewed-by: Russ Cox <rsc@google.com>
		18	(cherry picked from commit eb1b038c0d01761694e7a735ef87ac9164c6568e)
		19	Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/1561
		20	Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
		21	Reviewed-on: https://go-review.googlesource.com/c/go/+/611181
		22	Reviewed-by: Michael Pratt <mpratt@google.com>
		23	TryBot-Bypass: Dmitri Shuralyov <dmitshur@google.com>
		24	Auto-Submit: Dmitri Shuralyov <dmitshur@google.com>
		25	Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
		26
		27	CVE: CVE-2024-34155
		28
		29	Upstream-Status: Backport [https://github.com/golang/go/commit/b232596139dbe96a62edbe3a2a203e856bf556eb]
		30
		31	Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
		32	---
		33	src/go/parser/parser.go \| 2 ++
		34	src/go/parser/parser_test.go \| 9 +++++----
		35	2 files changed, 7 insertions(+), 4 deletions(-)
		36
		37	diff --git a/src/go/parser/parser.go b/src/go/parser/parser.go
		38	index 2c42b9f..a728d9a 100644
		39	--- a/src/go/parser/parser.go
		40	+++ b/src/go/parser/parser.go
		41	@@ -1481,6 +1481,8 @@ func (p *parser) parseElementList() (list []ast.Expr) {
		42	}
		43
		44	func (p *parser) parseLiteralValue(typ ast.Expr) ast.Expr {
		45	+ defer decNestLev(incNestLev(p))
		46	+
		47	if p.trace {
		48	defer un(trace(p, "LiteralValue"))
		49	}
		50	diff --git a/src/go/parser/parser_test.go b/src/go/parser/parser_test.go
		51	index 993df63..b2cd501 100644
		52	--- a/src/go/parser/parser_test.go
		53	+++ b/src/go/parser/parser_test.go
		54	@@ -607,10 +607,11 @@ var parseDepthTests = []struct {
		55	{name: "chan2", format: "package main; var x «<-chan »int"},
		56	{name: "interface", format: "package main; var x «interface { M() «int» }»", scope: true, scopeMultiplier: 2}, // Scopes: InterfaceType, FuncType
		57	{name: "map", format: "package main; var x «map[int]»int"},
		58	- {name: "slicelit", format: "package main; var x = «[]any{«»}»", parseMultiplier: 2}, // Parser nodes: UnaryExpr, CompositeLit
		59	- {name: "arraylit", format: "package main; var x = «[1]any{«nil»}»", parseMultiplier: 2}, // Parser nodes: UnaryExpr, CompositeLit
		60	- {name: "structlit", format: "package main; var x = «struct{x any}{«nil»}»", parseMultiplier: 2}, // Parser nodes: UnaryExpr, CompositeLit
		61	- {name: "maplit", format: "package main; var x = «map[int]any{1:«nil»}»", parseMultiplier: 2}, // Parser nodes: CompositeLit, KeyValueExpr
		62	+ {name: "slicelit", format: "package main; var x = []any{«[]any{«»}»}", parseMultiplier: 3}, // Parser nodes: UnaryExpr, CompositeLit
		63	+ {name: "arraylit", format: "package main; var x = «[1]any{«nil»}»", parseMultiplier: 3}, // Parser nodes: UnaryExpr, CompositeLit
		64	+ {name: "structlit", format: "package main; var x = «struct{x any}{«nil»}»", parseMultiplier: 3}, // Parser nodes: UnaryExpr, CompositeLit
		65	+ {name: "maplit", format: "package main; var x = «map[int]any{1:«nil»}»", parseMultiplier: 3}, // Parser nodes: CompositeLit, KeyValueExpr
		66	+ {name: "element", format: "package main; var x = struct{x any}{x: «{«»}»}"},
		67	{name: "dot", format: "package main; var x = «x.»x"},
		68	{name: "index", format: "package main; var x = x«[1]»"},
		69	{name: "slice", format: "package main; var x = x«[1:2]»"},
		70	--
		71	2.40.0