Hi Steve, There is one commented out line present. Is that really needed?
Thanks, Ranjitsinh Rathod On Mon, 4 Apr, 2022, 8:01 am Steve Sakoman, <[email protected]> wrote: > From: Davide Gardenal <[email protected]> > > Patch taken from > > https://github.com/golang/go/commit/4548fcc8dfd933c237f29bba6f90040a85922564 > from the following issue > https://github.com/golang/go/issues/48797 > > Original repo > https://go.googlesource.com/go/+/77f2750f4398990eed972186706f160631d7dae4 > > Signed-off-by: Davide Gardenal <[email protected]> > Signed-off-by: Steve Sakoman <[email protected]> > --- > meta/recipes-devtools/go/go-1.14.inc | 4 + > .../go/go-1.14/CVE-2021-38297.patch | 97 +++++++++++++++++++ > 2 files changed, 101 insertions(+) > create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2021-38297.patch > > diff --git a/meta/recipes-devtools/go/go-1.14.inc > b/meta/recipes-devtools/go/go-1.14.inc > index 9b3c3b30a8..f98757d10d 100644 > --- a/meta/recipes-devtools/go/go-1.14.inc > +++ b/meta/recipes-devtools/go/go-1.14.inc > @@ -19,9 +19,13 @@ SRC_URI += "\ > file://CVE-2021-34558.patch \ > file://CVE-2021-33196.patch \ > file://CVE-2021-33197.patch \ > + file://CVE-2021-38297.patch \ > file://CVE-2022-23806.patch \ > file://CVE-2022-23772.patch \ > " > + > +# file://CVE-2021-38297.patch > + > SRC_URI_append_libc-musl = " > file://0009-ld-replace-glibc-dynamic-linker-with-musl.patch" > SRC_URI[main.sha256sum] = > "7ed13b2209e54a451835997f78035530b331c5b6943cdcd68a3d815fdc009149" > > diff --git a/meta/recipes-devtools/go/go-1.14/CVE-2021-38297.patch > b/meta/recipes-devtools/go/go-1.14/CVE-2021-38297.patch > new file mode 100644 > index 0000000000..24ceabf808 > --- /dev/null > +++ b/meta/recipes-devtools/go/go-1.14/CVE-2021-38297.patch > @@ -0,0 +1,97 @@ > +From 4548fcc8dfd933c237f29bba6f90040a85922564 Mon Sep 17 00:00:00 2001 > +From: Michael Knyszek <[email protected]> > +Date: Thu, 2 Sep 2021 16:51:59 -0400 > +Subject: [PATCH] [release-branch.go1.16] misc/wasm, cmd/link: do not let > + command line args overwrite global data > + > +On Wasm, wasm_exec.js puts command line arguments at the beginning > +of the linear memory (following the "zero page"). Currently there > +is no limit for this, and a very long command line can overwrite > +the program's data section. Prevent this by limiting the command > +line to 4096 bytes, and in the linker ensuring the data section > +starts at a high enough address (8192). > + > +(Arguably our address assignment on Wasm is a bit confusing. This > +is the minimum fix I can come up with.) > + > +Thanks to Ben Lubar for reporting this issue. > + > +Change by Cherry Mui <[email protected]>. > + > +For #48797 > +Fixes #48799 > +Fixes CVE-2021-38297 > + > +Change-Id: I0f50fbb2a5b6d0d047e3c134a88988d9133e4ab3 > +Reviewed-on: > https://team-review.git.corp.google.com/c/golang/go-private/+/1205933 > +Reviewed-by > <https://team-review.git.corp.google.com/c/golang/go-private/+/1205933+Reviewed-by>: > Roland Shoemaker <[email protected]> > +Reviewed-by: Than McIntosh <[email protected]> > +Reviewed-on: https://go-review.googlesource.com/c/go/+/354591 > +Trust: Michael Knyszek <[email protected]> > +Reviewed-by: Heschi Kreinick <[email protected]> > + > +CVE: CVE-2021-38297 > + > +Upstream-Status: Backport: > + > https://github.com/golang/go/commit/4548fcc8dfd933c237f29bba6f90040a85922564 > + > +Inline of ctxt.isWAsm followin this implemetation: > + > https://github.com/golang/go/blob/4548fcc8dfd933c237f29bba6f90040a85922564/src/cmd/link/internal/ld/target.go#L127 > + > +Signed-off-by: Davide Gardenal <[email protected]> > +--- > + misc/wasm/wasm_exec.js | 7 +++++++ > + src/cmd/link/internal/ld/data.go | 11 ++++++++++- > + 2 files changed, 17 insertions(+), 1 deletion(-) > + > +diff --git a/misc/wasm/wasm_exec.js b/misc/wasm/wasm_exec.js > +index 82041e6bb901..a0a264278b1b 100644 > +--- a/misc/wasm/wasm_exec.js > ++++ b/misc/wasm/wasm_exec.js > +@@ -564,6 +564,13 @@ > + offset += 8; > + }); > + > ++ // The linker guarantees global data starts from > at least wasmMinDataAddr. > ++ // Keep in sync with > cmd/link/internal/ld/data.go:wasmMinDataAddr. > ++ const wasmMinDataAddr = 4096 + 4096; > ++ if (offset >= wasmMinDataAddr) { > ++ throw new Error("command line too long"); > ++ } > ++ > + this._inst.exports.run(argc, argv); > + if (this.exited) { > + this._resolveExitPromise(); > +diff --git a/src/cmd/link/internal/ld/data.go > b/src/cmd/link/internal/ld/data.go > +index 52035e96301c..54a1d188cdb9 100644 > +--- a/src/cmd/link/internal/ld/data.go > ++++ b/src/cmd/link/internal/ld/data.go > +@@ -2330,6 +2330,11 @@ func assignAddress(ctxt *Link, sect *sym.Section, > n int, s loader.Sym, va uint64 > + return sect, n, va > + } > + > ++// On Wasm, we reserve 4096 bytes for zero page, then 4096 bytes for > wasm_exec.js > ++// to store command line args. Data sections starts from at least > address 8192. > ++// Keep in sync with wasm_exec.js. > ++const wasmMinDataAddr = 4096 + 4096 > ++ > + // address assigns virtual addresses to all segments and sections and > + // returns all segments in file order. > + func (ctxt *Link) address() []*sym.Segment { > +@@ -2339,10 +2344,14 @@ func (ctxt *Link) address() []*sym.Segment { > + order = append(order, &Segtext) > + Segtext.Rwx = 05 > + Segtext.Vaddr = va > +- for _, s := range Segtext.Sections { > ++ for i, s := range Segtext.Sections { > + va = uint64(Rnd(int64(va), int64(s.Align))) > + s.Vaddr = va > + va += s.Length > ++ > ++ if ctxt.Arch.Family == sys.Wasm && i == 0 && va < > wasmMinDataAddr { > ++ va = wasmMinDataAddr > ++ } > + } > + > + Segtext.Length = va - uint64(*FlagTextAddr) > + > \ No newline at end of file > -- > 2.25.1 > > > > >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#163981): https://lists.openembedded.org/g/openembedded-core/message/163981 Mute This Topic: https://lists.openembedded.org/mt/90233348/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
