-
Notifications
You must be signed in to change notification settings - Fork 63
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
New patch release of Golang: v1.19.13 (#1273)
* Update EKS Go files for version v1.19.13 * cherry pick fixes for cves and update .spec to include * update 2 easy patches and remove the unstable one from spec * remove duplicate patch * update the last cve patch * remove changes that are not related to fix --------- Co-authored-by: <>
- Loading branch information
Showing
5 changed files
with
480 additions
and
6 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
188 changes: 188 additions & 0 deletions
188
projects/golang/go/1.19/patches/0006-go-1.19.13-eks-net-http-limit-chunked-data-ov.patch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,188 @@ | ||
| From 91704a7ae30ed4865183fb8e79160e90e6f6b6ee Mon Sep 17 00:00:00 2001 | ||
| From: Damien Neil <[email protected]> | ||
| Date: Tue, 7 Nov 2023 10:47:56 -0800 | ||
| Subject: [PATCH] net/http: limit chunked data | ||
| overhead | ||
|
|
||
| # AWS EKS | ||
|
|
||
| Backported To: go-1.19.13-eks | ||
| Backported On: Tue, 05 Dec 2023 | ||
| Backported By: [email protected] | ||
| Backported From: release-branch.go1.20 | ||
| Source Commit: https://github.com/golang/go/commit/6446af942e2e2b161c4ec1b60d9703a2b55dc4dd | ||
|
|
||
| # Original Information | ||
|
|
||
| The chunked transfer encoding adds some overhead to | ||
| the content transferred. When writing one byte per | ||
| chunk, for example, there are five bytes of overhead | ||
| per byte of data transferred: "1\r\nX\r\n" to send "X". | ||
|
|
||
| Chunks may include "chunk extensions", | ||
| which we skip over and do not use. | ||
| For example: "1;chunk extension here\r\nX\r\n". | ||
|
|
||
| A malicious sender can use chunk extensions to add | ||
| about 4k of overhead per byte of data. | ||
| (The maximum chunk header line size we will accept.) | ||
|
|
||
| Track the amount of overhead read in chunked data, | ||
| and produce an error if it seems excessive. | ||
|
|
||
| Updates #64433 | ||
| Fixes #64434 | ||
| Fixes CVE-2023-39326 | ||
|
|
||
| Change-Id: I40f8d70eb6f9575fb43f506eb19132ccedafcf39 | ||
| Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/2076135 | ||
| Reviewed-by: Tatiana Bradley <[email protected]> | ||
| Reviewed-by: Roland Shoemaker <[email protected]> | ||
| (cherry picked from commit 3473ae72ee66c60744665a24b2fde143e8964d4f) | ||
| Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/2095407 | ||
| Run-TryBot: Roland Shoemaker <[email protected]> | ||
| TryBot-Result: Security TryBots <[email protected]> | ||
| Reviewed-by: Damien Neil <[email protected]> | ||
| Reviewed-on: https://go-review.googlesource.com/c/go/+/547355 | ||
| Reviewed-by: Dmitri Shuralyov <[email protected]> | ||
| LUCI-TryBot-Result: Go LUCI <[email protected]> | ||
| --- | ||
| src/net/http/internal/chunked.go | 36 +++++++++++++--- | ||
| src/net/http/internal/chunked_test.go | 59 +++++++++++++++++++++++++++ | ||
| 2 files changed, 89 insertions(+), 6 deletions(-) | ||
|
|
||
| diff --git a/src/net/http/internal/chunked.go b/src/net/http/internal/chunked.go | ||
| index 5a174415dc..8b6e94b5d4 100644 | ||
| --- a/src/net/http/internal/chunked.go | ||
| +++ b/src/net/http/internal/chunked.go | ||
| @@ -39,7 +39,8 @@ type chunkedReader struct { | ||
| n uint64 // unread bytes in chunk | ||
| err error | ||
| buf [2]byte | ||
| - checkEnd bool // whether need to check for \r\n chunk footer | ||
| + checkEnd bool // whether need to check for \r\n chunk footer | ||
| + excess int64 // "excessive" chunk overhead, for malicious sender detection | ||
| } | ||
|
|
||
| func (cr *chunkedReader) beginChunk() { | ||
| @@ -49,10 +50,38 @@ func (cr *chunkedReader) beginChunk() { | ||
| if cr.err != nil { | ||
| return | ||
| } | ||
| + cr.excess += int64(len(line)) + 2 // header, plus \r\n after the chunk data | ||
| + line = trimTrailingWhitespace(line) | ||
| + line, cr.err = removeChunkExtension(line) | ||
| + if cr.err != nil { | ||
| + return | ||
| + } | ||
| cr.n, cr.err = parseHexUint(line) | ||
| if cr.err != nil { | ||
| return | ||
| } | ||
| + // A sender who sends one byte per chunk will send 5 bytes of overhead | ||
| + // for every byte of data. ("1\r\nX\r\n" to send "X".) | ||
| + // We want to allow this, since streaming a byte at a time can be legitimate. | ||
| + // | ||
| + // A sender can use chunk extensions to add arbitrary amounts of additional | ||
| + // data per byte read. ("1;very long extension\r\nX\r\n" to send "X".) | ||
| + // We don't want to disallow extensions (although we discard them), | ||
| + // but we also don't want to allow a sender to reduce the signal/noise ratio | ||
| + // arbitrarily. | ||
| + // | ||
| + // We track the amount of excess overhead read, | ||
| + // and produce an error if it grows too large. | ||
| + // | ||
| + // Currently, we say that we're willing to accept 16 bytes of overhead per chunk, | ||
| + // plus twice the amount of real data in the chunk. | ||
| + cr.excess -= 16 + (2 * int64(cr.n)) | ||
| + if cr.excess < 0 { | ||
| + cr.excess = 0 | ||
| + } | ||
| + if cr.excess > 16*1024 { | ||
| + cr.err = errors.New("chunked encoding contains too much non-data") | ||
| + } | ||
| if cr.n == 0 { | ||
| cr.err = io.EOF | ||
| } | ||
| @@ -140,11 +169,6 @@ func readChunkLine(b *bufio.Reader) ([]byte, error) { | ||
| if len(p) >= maxLineLength { | ||
| return nil, ErrLineTooLong | ||
| } | ||
| - p = trimTrailingWhitespace(p) | ||
| - p, err = removeChunkExtension(p) | ||
| - if err != nil { | ||
| - return nil, err | ||
| - } | ||
| return p, nil | ||
| } | ||
|
|
||
| diff --git a/src/net/http/internal/chunked_test.go b/src/net/http/internal/chunked_test.go | ||
| index 5e29a786dd..b99090c1f8 100644 | ||
| --- a/src/net/http/internal/chunked_test.go | ||
| +++ b/src/net/http/internal/chunked_test.go | ||
| @@ -239,3 +239,62 @@ func TestChunkEndReadError(t *testing.T) { | ||
| t.Errorf("expected %v, got %v", readErr, err) | ||
| } | ||
| } | ||
| + | ||
| +func TestChunkReaderTooMuchOverhead(t *testing.T) { | ||
| + // If the sender is sending 100x as many chunk header bytes as chunk data, | ||
| + // we should reject the stream at some point. | ||
| + chunk := []byte("1;") | ||
| + for i := 0; i < 100; i++ { | ||
| + chunk = append(chunk, 'a') // chunk extension | ||
| + } | ||
| + chunk = append(chunk, "\r\nX\r\n"...) | ||
| + const bodylen = 1 << 20 | ||
| + r := NewChunkedReader(&funcReader{f: func(i int) ([]byte, error) { | ||
| + if i < bodylen { | ||
| + return chunk, nil | ||
| + } | ||
| + return []byte("0\r\n"), nil | ||
| + }}) | ||
| + _, err := io.ReadAll(r) | ||
| + if err == nil { | ||
| + t.Fatalf("successfully read body with excessive overhead; want error") | ||
| + } | ||
| +} | ||
| + | ||
| +func TestChunkReaderByteAtATime(t *testing.T) { | ||
| + // Sending one byte per chunk should not trip the excess-overhead detection. | ||
| + const bodylen = 1 << 20 | ||
| + r := NewChunkedReader(&funcReader{f: func(i int) ([]byte, error) { | ||
| + if i < bodylen { | ||
| + return []byte("1\r\nX\r\n"), nil | ||
| + } | ||
| + return []byte("0\r\n"), nil | ||
| + }}) | ||
| + got, err := io.ReadAll(r) | ||
| + if err != nil { | ||
| + t.Errorf("unexpected error: %v", err) | ||
| + } | ||
| + if len(got) != bodylen { | ||
| + t.Errorf("read %v bytes, want %v", len(got), bodylen) | ||
| + } | ||
| +} | ||
| + | ||
| +type funcReader struct { | ||
| + f func(iteration int) ([]byte, error) | ||
| + i int | ||
| + b []byte | ||
| + err error | ||
| +} | ||
| + | ||
| +func (r *funcReader) Read(p []byte) (n int, err error) { | ||
| + if len(r.b) == 0 && r.err == nil { | ||
| + r.b, r.err = r.f(r.i) | ||
| + r.i++ | ||
| + } | ||
| + n = copy(p, r.b) | ||
| + r.b = r.b[n:] | ||
| + if len(r.b) > 0 { | ||
| + return n, nil | ||
| + } | ||
| + return n, r.err | ||
| +} | ||
| -- | ||
| 2.43.0 | ||
|
|
130 changes: 130 additions & 0 deletions
130
projects/golang/go/1.19/patches/0007-go-1.19.13-eks-path-filepath-consider-c-as-a-.patch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,130 @@ | ||
| From 30b82a7f5da68149a2b66059748d69de32fdceae Mon Sep 17 00:00:00 2001 | ||
| From: Damien Neil <[email protected]> | ||
| Date: Thu, 9 Nov 2023 09:53:44 -0800 | ||
| Subject: [PATCH] path/filepath: consider \\?\c: as | ||
| a volume on Windows | ||
|
|
||
| # AWS EKS | ||
|
|
||
| Backported To: go-1.19.13-eks | ||
| Backported On: Tue, 05 Dec 2023 | ||
| Backported By: [email protected] | ||
| Backported From: release-branch.go1.20 | ||
| Source Commit: https://github.com/golang/go/commit/1b59b017db1ac4a63ed08173c00d7f08d47530be | ||
|
|
||
| # Original Information | ||
|
|
||
| While fixing several bugs in path handling on Windows, | ||
| beginning with \\?\. | ||
|
|
||
| Prior to #540277, VolumeName considered the first path component | ||
| after the \\?\ prefix to be part of the volume name. | ||
| After, it considered only the \\? prefix to be the volume name. | ||
|
|
||
| Restore the previous behavior. | ||
|
|
||
| For #64028. | ||
| Fixes #64040. | ||
|
|
||
| Change-Id: I6523789e61776342800bd607fb3f29d496257e68 | ||
| Reviewed-on: https://go-review.googlesource.com/c/go/+/541175 | ||
| LUCI-TryBot-Result: Go LUCI <[email protected]> | ||
| Reviewed-by: Roland Shoemaker <[email protected]> | ||
| (cherry picked from commit eda42f7c60adab26ed1a340414c726c4bf46b1f7) | ||
| Reviewed-on: https://go-review.googlesource.com/c/go/+/541520 | ||
| Auto-Submit: Dmitri Shuralyov <[email protected]> | ||
| TryBot-Result: Gopher Robot <[email protected]> | ||
| Run-TryBot: Dmitri Shuralyov <[email protected]> | ||
| Reviewed-by: Damien Neil <[email protected]> | ||
| Reviewed-by: Dmitri Shuralyov <[email protected]> | ||
| --- | ||
| src/path/filepath/path_test.go | 18 +++++++++++++----- | ||
| src/path/filepath/path_windows.go | 20 +++++++------------- | ||
| 2 files changed, 20 insertions(+), 18 deletions(-) | ||
|
|
||
| diff --git a/src/path/filepath/path_test.go b/src/path/filepath/path_test.go | ||
| index 204b3bb5c8..679c3fa883 100644 | ||
| --- a/src/path/filepath/path_test.go | ||
| +++ b/src/path/filepath/path_test.go | ||
| @@ -99,6 +99,11 @@ var wincleantests = []PathTest{ | ||
| {`.\c:`, `.\c:`}, | ||
| {`.\c:\foo`, `.\c:\foo`}, | ||
| {`.\c:foo`, `.\c:foo`}, | ||
| + {`//abc`, `\\abc`}, | ||
| + {`///abc`, `\\\abc`}, | ||
| + {`//abc//`, `\\abc\\`}, | ||
| + {`\\?\C:\`, `\\?\C:\`}, | ||
| + {`\\?\C:\a`, `\\?\C:\a`}, | ||
|
|
||
| // Don't allow cleaning to move an element with a colon to the start of the path. | ||
| {`a/../c:`, `.\c:`}, | ||
| @@ -1388,10 +1393,13 @@ var volumenametests = []VolumeNameTest{ | ||
| {`//.`, `\\.`}, | ||
| {`//./`, `\\.\`}, | ||
| {`//./NUL`, `\\.\NUL`}, | ||
| - {`//?/`, `\\?`}, | ||
| + {`//?`, `\\?`}, | ||
| + {`//?/`, `\\?\`}, | ||
| + {`//?/NUL`, `\\?\NUL`}, | ||
| + {`/??`, `\??`}, | ||
| + {`/??/`, `\??\`}, | ||
| + {`/??/NUL`, `\??\NUL`}, | ||
| {`//./a/b`, `\\.\a`}, | ||
| - {`//?/`, `\\?`}, | ||
| - {`//?/`, `\\?`}, | ||
| {`//./C:`, `\\.\C:`}, | ||
| {`//./C:/`, `\\.\C:`}, | ||
| {`//./C:/a/b/c`, `\\.\C:`}, | ||
| @@ -1400,8 +1408,8 @@ var volumenametests = []VolumeNameTest{ | ||
| {`//./UNC/host\`, `\\.\UNC\host\`}, | ||
| {`//./UNC`, `\\.\UNC`}, | ||
| {`//./UNC/`, `\\.\UNC\`}, | ||
| - {`\\?\x`, `\\?`}, | ||
| - {`\??\x`, `\??`}, | ||
| + {`\\?\x`, `\\?\x`}, | ||
| + {`\??\x`, `\??\x`}, | ||
| } | ||
|
|
||
| func TestVolumeName(t *testing.T) { | ||
| diff --git a/src/path/filepath/path_windows.go b/src/path/filepath/path_windows.go | ||
| index 134114a39d..4c7daad325 100644 | ||
| --- a/src/path/filepath/path_windows.go | ||
| +++ b/src/path/filepath/path_windows.go | ||
| @@ -112,12 +112,14 @@ func volumeNameLen(path string) int { | ||
| // \\.\unc\a\b\..\c into \\.\unc\a\c. | ||
| return uncLen(path, len(`\\.\UNC\`)) | ||
|
|
||
| - case pathHasPrefixFold(path, `\\.`): | ||
| - // Path starts with \\., and is a Local Device path. | ||
| + case pathHasPrefixFold(path, `\\.`) || | ||
| + pathHasPrefixFold(path, `\\?`) || pathHasPrefixFold(path, `\??`): | ||
| + // Path starts with \\.\, and is a Local Device path; or | ||
| + // path starts with \\?\ or \??\ and is a Root Local Device path. | ||
| // | ||
| - // We currently treat the next component after the \\.\ prefix | ||
| - // as part of the volume name, although there doesn't seem to be | ||
| - // a principled reason to do this. | ||
| + // We treat the next component after the \\.\ prefix as | ||
| + // part of the volume name, which means Clean(`\\?\c:\`) | ||
| + // won't remove the trailing \. (See #64028.) | ||
| if len(path) == 3 { | ||
| return 3 // exactly \\. | ||
| } | ||
| @@ -127,14 +129,6 @@ func volumeNameLen(path string) int { | ||
| } | ||
| return len(path) - len(rest) - 1 | ||
|
|
||
| - case pathHasPrefixFold(path, `\\?`) || pathHasPrefixFold(path, `\??`): | ||
| - // Path starts with \\?\ or \??\, and is a Root Local Device path. | ||
| - // | ||
| - // While Windows usually treats / and \ as equivalent, | ||
| - // /??/ does not seem to be recognized as a Root Local Device path. | ||
| - // We treat it as one anyway here to be safe. | ||
| - return 3 | ||
| - | ||
| case len(path) >= 2 && isSlash(path[1]): | ||
| // Path starts with \\, and is a UNC path. | ||
| return uncLen(path, 2) | ||
| -- | ||
| 2.43.0 | ||
|
|
Oops, something went wrong.