From patchwork Sat Feb 26 20:55:34 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Minjae Kim X-Patchwork-Id: 14167 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org From: "Minjae Kim" Subject: [dunfell][PATCH 1/2] go: fix CVE-2022-23806 Date: Sat, 26 Feb 2022 20:55:34 +0000 Message-Id: <20220226205535.86919-1-flowergom@gmail.com> MIME-Version: 1.0 List-id: To: openembedded-core@lists.openembedded.org Cc: Minjae Kim crypto/elliptic: fix IsOnCurve for big.Int values that are not valid coordinates Some big.Int values that are not valid field elements (negative or overflowing) might cause Curve.IsOnCurve to incorrectly return true. Operating on those values may cause a panic or an invalid curve operation. Note that Unmarshal will never return such values. Upstream-Status: Backport [https://go.dev/issue/50974] CVE: CVE-2022-23806 Signed-off-by:Minjae Kim --- meta/recipes-devtools/go/go-1.14.inc | 1 + .../go/go-1.14/CVE-2022-23806.patch | 142 ++++++++++++++++++ 2 files changed, 143 insertions(+) create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2022-23806.patch diff --git a/meta/recipes-devtools/go/go-1.14.inc b/meta/recipes-devtools/go/go-1.14.inc index abc6f42184..fcb316e09e 100644 --- a/meta/recipes-devtools/go/go-1.14.inc +++ b/meta/recipes-devtools/go/go-1.14.inc @@ -19,6 +19,7 @@ SRC_URI += "\ file://CVE-2021-34558.patch \ file://CVE-2021-33196.patch \ file://CVE-2021-33197.patch \ + file://CVE-2022-23806.patch \ " SRC_URI_append_libc-musl = " file://0009-ld-replace-glibc-dynamic-linker-with-musl.patch" SRC_URI[main.sha256sum] = "7ed13b2209e54a451835997f78035530b331c5b6943cdcd68a3d815fdc009149" diff --git a/meta/recipes-devtools/go/go-1.14/CVE-2022-23806.patch b/meta/recipes-devtools/go/go-1.14/CVE-2022-23806.patch new file mode 100644 index 0000000000..772acdcbf6 --- /dev/null +++ b/meta/recipes-devtools/go/go-1.14/CVE-2022-23806.patch @@ -0,0 +1,142 @@ +From 5b376a209d1c61e10847e062d78c4b1aa90dff0c Mon Sep 17 00:00:00 2001 +From: Filippo Valsorda +Date: Sat, 26 Feb 2022 10:40:57 +0000 +Subject: [PATCH] crypto/elliptic: make IsOnCurve return false for invalid + + field elements + +Updates #50974 +Fixes #50977 +Fixes CVE-2022-23806 + +Signed-off-by: Minjae Kim + +--- + src/crypto/elliptic/elliptic.go | 6 +++ + src/crypto/elliptic/elliptic_test.go | 81 ++++++++++++++++++++++++++++ + src/crypto/elliptic/p224.go | 6 +++ + 3 files changed, 93 insertions(+) + +diff --git a/src/crypto/elliptic/elliptic.go b/src/crypto/elliptic/elliptic.go +index e2f71cd..bd574a4 100644 +--- a/src/crypto/elliptic/elliptic.go ++++ b/src/crypto/elliptic/elliptic.go +@@ -53,6 +53,12 @@ func (curve *CurveParams) Params() *CurveParams { + } + + func (curve *CurveParams) IsOnCurve(x, y *big.Int) bool { ++ ++ if x.Sign() < 0 || x.Cmp(curve.P) >= 0 || ++ y.Sign() < 0 || y.Cmp(curve.P) >= 0 { ++ return false ++ } ++ + // y² = x³ - 3x + b + y2 := new(big.Int).Mul(y, y) + y2.Mod(y2, curve.P) +diff --git a/src/crypto/elliptic/elliptic_test.go b/src/crypto/elliptic/elliptic_test.go +index 09c5483..b13a620 100644 +--- a/src/crypto/elliptic/elliptic_test.go ++++ b/src/crypto/elliptic/elliptic_test.go +@@ -628,3 +628,84 @@ func TestUnmarshalToLargeCoordinates(t *testing.T) { + t.Errorf("Unmarshal accepts invalid Y coordinate") + } + } ++ ++func testAllCurves(t *testing.T, f func(*testing.T, Curve)) { ++ tests := []struct { ++ name string ++ curve Curve ++ }{ ++ {"P256", P256()}, ++ {"P256/Params", P256().Params()}, ++ {"P224", P224()}, ++ {"P224/Params", P224().Params()}, ++ {"P384", P384()}, ++ {"P384/Params", P384().Params()}, ++ {"P521", P521()}, ++ {"P521/Params", P521().Params()}, ++ } ++ if testing.Short() { ++ tests = tests[:1] ++ } ++ for _, test := range tests { ++ curve := test.curve ++ t.Run(test.name, func(t *testing.T) { ++ t.Parallel() ++ f(t, curve) ++ }) ++ } ++} ++ ++// TestInvalidCoordinates tests big.Int values that are not valid field elements ++// (negative or bigger than P). They are expected to return false from ++// IsOnCurve, all other behavior is undefined. ++func TestInvalidCoordinates(t *testing.T) { ++ testAllCurves(t, testInvalidCoordinates) ++} ++ ++func testInvalidCoordinates(t *testing.T, curve Curve) { ++ checkIsOnCurveFalse := func(name string, x, y *big.Int) { ++ if curve.IsOnCurve(x, y) { ++ t.Errorf("IsOnCurve(%s) unexpectedly returned true", name) ++ } ++ } ++ ++ p := curve.Params().P ++ _, x, y, _ := GenerateKey(curve, rand.Reader) ++ xx, yy := new(big.Int), new(big.Int) ++ ++ // Check if the sign is getting dropped. ++ xx.Neg(x) ++ checkIsOnCurveFalse("-x, y", xx, y) ++ yy.Neg(y) ++ checkIsOnCurveFalse("x, -y", x, yy) ++ ++ // Check if negative values are reduced modulo P. ++ xx.Sub(x, p) ++ checkIsOnCurveFalse("x-P, y", xx, y) ++ yy.Sub(y, p) ++ checkIsOnCurveFalse("x, y-P", x, yy) ++ ++ // Check if positive values are reduced modulo P. ++ xx.Add(x, p) ++ checkIsOnCurveFalse("x+P, y", xx, y) ++ yy.Add(y, p) ++ checkIsOnCurveFalse("x, y+P", x, yy) ++ ++ // Check if the overflow is dropped. ++ xx.Add(x, new(big.Int).Lsh(big.NewInt(1), 535)) ++ checkIsOnCurveFalse("x+2⁵³⁵, y", xx, y) ++ yy.Add(y, new(big.Int).Lsh(big.NewInt(1), 535)) ++ checkIsOnCurveFalse("x, y+2⁵³⁵", x, yy) ++ ++ // Check if P is treated like zero (if possible). ++ // y^2 = x^3 - 3x + B ++ // y = mod_sqrt(x^3 - 3x + B) ++ // y = mod_sqrt(B) if x = 0 ++ // If there is no modsqrt, there is no point with x = 0, can't test x = P. ++ if yy := new(big.Int).ModSqrt(curve.Params().B, p); yy != nil { ++ if !curve.IsOnCurve(big.NewInt(0), yy) { ++ t.Fatal("(0, mod_sqrt(B)) is not on the curve?") ++ } ++ checkIsOnCurveFalse("P, y", p, yy) ++ } ++} +diff --git a/src/crypto/elliptic/p224.go b/src/crypto/elliptic/p224.go +index 8c76021..f1bfd7e 100644 +--- a/src/crypto/elliptic/p224.go ++++ b/src/crypto/elliptic/p224.go +@@ -48,6 +48,12 @@ func (curve p224Curve) Params() *CurveParams { + } + + func (curve p224Curve) IsOnCurve(bigX, bigY *big.Int) bool { ++ ++ if bigX.Sign() < 0 || bigX.Cmp(curve.P) >= 0 || ++ bigY.Sign() < 0 || bigY.Cmp(curve.P) >= 0 { ++ return false ++ } ++ + var x, y p224FieldElement + p224FromBig(&x, bigX) + p224FromBig(&y, bigY) From patchwork Sat Feb 26 20:55:35 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Minjae Kim X-Patchwork-Id: 4355 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id C3E5AC433EF for ; Sat, 26 Feb 2022 20:55:54 +0000 (UTC) Received: from mail-ej1-f46.google.com (mail-ej1-f46.google.com [209.85.218.46]) by mx.groups.io with SMTP id smtpd.web10.2921.1645908947656451197 for ; Sat, 26 Feb 2022 12:55:48 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20210112 header.b=lCLIAfID; spf=pass (domain: gmail.com, ip: 209.85.218.46, mailfrom: flowergom@gmail.com) Received: by mail-ej1-f46.google.com with SMTP id a23so17448328eju.3 for ; Sat, 26 Feb 2022 12:55:47 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=unKZasss9+AnKXtuHJfHP3IIacsw9toSwBHD9SZGiNA=; b=lCLIAfIDw2dDeIdRGvcIKfeTMm2PIJNQJxx0BkaM2cl+sU6bjEydUrZh32ruoGTxZA WRH1msQGyAcTeRa7iIgCgW4+bJnZwqBLRDux46vf7YtBCGznCQ7KCdKEVL1YUZnmlJZQ ddDgWuZoT8Ttf8c5BgkRwcLni5AFfqpKHFM/iYozv1ySI7i/+DyBTuFnEgLsu/oIl2W3 XBe34CJP2mN3gccYhwM8H/v2HUEhun94/19SaSqgsQJ8wmlp7S7jgUU6hJCA/kYpOjTh 61ck/8P1684AvEzUEgUApqxPJRI8NjTi7L40SIWnIvaeEbddCfkAUl/A80JKPmkQZDCj zULA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=unKZasss9+AnKXtuHJfHP3IIacsw9toSwBHD9SZGiNA=; b=6opLusrTpEm6iEBVXrN0d1gnQ6DVlq8z/n+bClNOnuec/qCGZM3kEmg/a3anaPB3TL Vm3XmU18knLhy3zAP3Vmy+eAZIT+xjF29Ub71ddfZPjjpToJ3B1wXOAptEn5iItEFvIc +dsJ0P8KhaPc9TZvSLtJWCN6sIJIYpuyg0bIXD5L+Gl+hrIpH1lVZ5zJIt9wFMRNj3Kn bXNVYVQyReiVSnvgXJ+Yrn8EHNvTHrJ0R+llEfbOuffrEFqB48+9HG9QVUql19x3AwgE h9JWcPnPk4ndCZ6TBu9sIGnTBby7uq4fwg4IkdNKOblBqIOafQSmrfvPCh0GIJpoFVgd 3NHA== X-Gm-Message-State: AOAM531yIzAh0d7XK9o98Xos+7Eh7nVSyBguNTXhkvUPyouqVZxT5ahJ lGmzsGUFB9tYX3ThleEzvpHU0K/hJoLAEs1/pI0= X-Google-Smtp-Source: ABdhPJygpeCA5cGwm0Ft1nmGNvS3FWKtgwjQIpWS2wIZuwoLvOmWRETiFKe1Ef0Kd7QN+hVUDq6EKQ== X-Received: by 2002:a17:906:b845:b0:6cf:37d1:f246 with SMTP id ga5-20020a170906b84500b006cf37d1f246mr10713575ejb.280.1645908945942; Sat, 26 Feb 2022 12:55:45 -0800 (PST) Received: from localhost.localdomain (p54ae16f8.dip0.t-ipconnect.de. [84.174.22.248]) by smtp.gmail.com with ESMTPSA id c7-20020a50f607000000b00412a6892405sm3332421edn.35.2022.02.26.12.55.45 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 26 Feb 2022 12:55:45 -0800 (PST) From: Minjae Kim To: openembedded-core@lists.openembedded.org Cc: Minjae Kim Subject: [dunfell][PATCH 2/2] go: fix CVE-2022-23772 Date: Sat, 26 Feb 2022 20:55:35 +0000 Message-Id: <20220226205535.86919-2-flowergom@gmail.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20220226205535.86919-1-flowergom@gmail.com> References: <20220226205535.86919-1-flowergom@gmail.com> List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sat, 26 Feb 2022 20:55:54 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/162431 math/big: prevent large memory consumption in Rat.SetString An attacker can cause unbounded memory growth in a program using (*Rat).SetString due to an unhandled overflow. Upstream-Status: Backport [https://go.dev/issue/50699] CVE: CVE-2022-23772 Signed-off-by:Minjae Kim --- meta/recipes-devtools/go/go-1.14.inc | 1 + .../go/go-1.14/CVE-2022-23772.patch | 50 +++++++++++++++++++ 2 files changed, 51 insertions(+) create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2022-23772.patch diff --git a/meta/recipes-devtools/go/go-1.14.inc b/meta/recipes-devtools/go/go-1.14.inc index fcb316e09e..9b3c3b30a8 100644 --- a/meta/recipes-devtools/go/go-1.14.inc +++ b/meta/recipes-devtools/go/go-1.14.inc @@ -20,6 +20,7 @@ SRC_URI += "\ file://CVE-2021-33196.patch \ file://CVE-2021-33197.patch \ file://CVE-2022-23806.patch \ + file://CVE-2022-23772.patch \ " SRC_URI_append_libc-musl = " file://0009-ld-replace-glibc-dynamic-linker-with-musl.patch" SRC_URI[main.sha256sum] = "7ed13b2209e54a451835997f78035530b331c5b6943cdcd68a3d815fdc009149" diff --git a/meta/recipes-devtools/go/go-1.14/CVE-2022-23772.patch b/meta/recipes-devtools/go/go-1.14/CVE-2022-23772.patch new file mode 100644 index 0000000000..f0daee3624 --- /dev/null +++ b/meta/recipes-devtools/go/go-1.14/CVE-2022-23772.patch @@ -0,0 +1,50 @@ +From 70882eedccac803ddcf1c3215e0ae8fd59847e39 Mon Sep 17 00:00:00 2001 +From: Katie Hockman +Date: Sat, 26 Feb 2022 20:03:38 +0000 +Subject: [PATCH] [release-branch.go1.16] math/big: prevent overflow in + (*Rat).SetString + +Credit to rsc@ for the original patch. + +Thanks to the OSS-Fuzz project for discovering this +issue and to Emmanuel Odeke (@odeke_et) for reporting it. + +Updates #50699 +Fixes #50700 +Fixes CVE-2022-23772 +--- + src/math/big/ratconv.go | 5 +++++ + src/math/big/ratconv_test.go | 1 + + 2 files changed, 6 insertions(+) + +diff --git a/src/math/big/ratconv.go b/src/math/big/ratconv.go +index 941139e..e8cbdbe 100644 +--- a/src/math/big/ratconv.go ++++ b/src/math/big/ratconv.go +@@ -168,6 +168,11 @@ func (z *Rat) SetString(s string) (*Rat, bool) { + n := exp5 + if n < 0 { + n = -n ++ if n < 0 { ++ // This can occur if -n overflows. -(-1 << 63) would become ++ // -1 << 63, which is still negative. ++ return nil, false ++ } + } + pow5 := z.b.abs.expNN(natFive, nat(nil).setWord(Word(n)), nil) // use underlying array of z.b.abs + if exp5 > 0 { +diff --git a/src/math/big/ratconv_test.go b/src/math/big/ratconv_test.go +index ba0d1ba..b820df4 100644 +--- a/src/math/big/ratconv_test.go ++++ b/src/math/big/ratconv_test.go +@@ -104,6 +104,7 @@ var setStringTests = []StringTest{ + {in: "4/3/"}, + {in: "4/3."}, + {in: "4/"}, ++ {in: "13e-9223372036854775808"}, // CVE-2022-23772 + + // valid + {"0", "0", true}, +-- +2.17.1 +