mirror of
https://git.yoctoproject.org/poky
synced 2026-04-13 05:02:24 +02:00
golang: fix CVE-2022-28327
Upstream-Status: Backport [7139e8b024]
CVE: CVE-2022-28327
(From OE-Core rev: aab2a343be4b0b21dcaf22a7fbf77007d48c08d6)
Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Ralph Siemsen
committed by
Richard Purdie
Richard Purdie
parent
40df9e039a
commit
cf0e66cf7a
@@ -48,6 +48,7 @@ SRC_URI += "\
|
||||
file://CVE-2021-44716.patch \
|
||||
file://CVE-2022-24921.patch \
|
||||
file://CVE-2022-28131.patch \
|
||||
file://CVE-2022-28327.patch \
|
||||
"
|
||||
|
||||
SRC_URI_append_libc-musl = " file://0009-ld-replace-glibc-dynamic-linker-with-musl.patch"
|
||||
|
||||
36
meta/recipes-devtools/go/go-1.14/CVE-2022-28327.patch
Normal file
36
meta/recipes-devtools/go/go-1.14/CVE-2022-28327.patch
Normal file
@@ -0,0 +1,36 @@
|
||||
From 34d9ab78568d63d8097911237897b188bdaba9c2 Mon Sep 17 00:00:00 2001
|
||||
From: Filippo Valsorda <filippo@golang.org>
|
||||
Date: Thu, 31 Mar 2022 12:31:58 -0400
|
||||
Subject: [PATCH] crypto/elliptic: tolerate zero-padded scalars in generic
|
||||
P-256
|
||||
|
||||
Upstream-Status: Backport [https://github.com/golang/go/commit/7139e8b024604ab168b51b99c6e8168257a5bf58]
|
||||
CVE: CVE-2022-28327
|
||||
Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org>
|
||||
|
||||
|
||||
Updates #52075
|
||||
Fixes #52076
|
||||
Fixes CVE-2022-28327
|
||||
|
||||
Change-Id: I595a7514c9a0aa1b9c76aedfc2307e1124271f27
|
||||
Reviewed-on: https://go-review.googlesource.com/c/go/+/397136
|
||||
Trust: Filippo Valsorda <filippo@golang.org>
|
||||
Reviewed-by: Julie Qiu <julie@golang.org>
|
||||
---
|
||||
src/crypto/elliptic/p256.go | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/crypto/elliptic/p256.go b/src/crypto/elliptic/p256.go
|
||||
index c23e414..787e3e7 100644
|
||||
--- a/src/crypto/elliptic/p256.go
|
||||
+++ b/src/crypto/elliptic/p256.go
|
||||
@@ -51,7 +51,7 @@ func p256GetScalar(out *[32]byte, in []byte) {
|
||||
n := new(big.Int).SetBytes(in)
|
||||
var scalarBytes []byte
|
||||
|
||||
- if n.Cmp(p256Params.N) >= 0 {
|
||||
+ if n.Cmp(p256Params.N) >= 0 || len(in) > len(out) {
|
||||
n.Mod(n, p256Params.N)
|
||||
scalarBytes = n.Bytes()
|
||||
} else {
|
||||
Reference in New Issue
Block a user