mirror of
https://git.yoctoproject.org/poky
synced 2026-06-17 10:53:49 +02:00
go: patch CVE-2026-32283
Backport patch from [1] [1] https://go.dev/cl/763767 (From OE-Core rev: bfba1601c099d7b68c4d9fcf07617d8310d4af66) Signed-off-by: Theo Gaige (Schneider Electric) <tgaige.opensource@witekio.com> Reviewed-by: Bruno Vernay <bruno.vernay@se.com> Signed-off-by: Jeremy Rosen <jeremy.rosen@smile.fr> Signed-off-by: Paul Barker <paul@pbarker.dev>
This commit is contained in:
Theo Gaige (Schneider Electric)
committed by
Paul Barker
Paul Barker
parent
4c319bd87f
commit
d10a96fbd0
@@ -43,6 +43,7 @@ SRC_URI += "\
|
||||
file://CVE-2025-68121_p3.patch \
|
||||
file://CVE-2026-27142.patch \
|
||||
file://CVE-2026-32280.patch \
|
||||
file://CVE-2026-32283.patch \
|
||||
"
|
||||
SRC_URI[main.sha256sum] = "012a7e1f37f362c0918c1dfa3334458ac2da1628c4b9cf4d9ca02db986e17d71"
|
||||
|
||||
|
||||
177
meta/recipes-devtools/go/go/CVE-2026-32283.patch
Normal file
177
meta/recipes-devtools/go/go/CVE-2026-32283.patch
Normal file
@@ -0,0 +1,177 @@
|
||||
From f560f55d3f804dcc3002dfe963b37bfa3a67202c Mon Sep 17 00:00:00 2001
|
||||
From: Roland Shoemaker <bracewell@google.com>
|
||||
Date: Mon, 23 Mar 2026 11:54:41 -0700
|
||||
Subject: [PATCH] crypto/tls: prevent deadlock when client sends multiple key
|
||||
update messages
|
||||
|
||||
When we made setReadTrafficSecret send an alert when there are pending
|
||||
handshake messages, we introduced a deadlock when the client sends
|
||||
multiple key update messages that request a response, as handleKeyUpdate
|
||||
will lock the mutex, and defer the unlocking until the end of the
|
||||
function, but setReadTrafficSecret called sendAlert in the failure case,
|
||||
which also tries to lock the mutex.
|
||||
|
||||
Add an argument to setReadTrafficSecret which lets the caller indicate
|
||||
if the mutex is already locked, and if so, call sendAlertLocked instead
|
||||
of sendAlert.
|
||||
|
||||
Thanks to Jakub Ciolek for reporting this issue.
|
||||
|
||||
Fixes #78334
|
||||
Fixes CVE-2026-32283
|
||||
|
||||
Change-Id: Id8e56974233c910e0d66ba96eafbd2ea57832610
|
||||
Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/3881
|
||||
Reviewed-by: Damien Neil <dneil@google.com>
|
||||
Reviewed-by: Nicholas Husin <husin@google.com>
|
||||
Reviewed-on: https://go-review.googlesource.com/c/go/+/763767
|
||||
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
|
||||
Auto-Submit: David Chase <drchase@google.com>
|
||||
Reviewed-by: Russ Cox <rsc@golang.org>
|
||||
Reviewed-by: Jakub Ciolek <jakub@ciolek.dev>
|
||||
|
||||
CVE: CVE-2026-32283
|
||||
Upstream-Status: Backport [https://github.com/golang/go/commit/1ea7966042731bae941511fb2b261b9536ad268f]
|
||||
Signed-off-by: Theo Gaige (Schneider Electric) <tgaige.opensource@witekio.com>
|
||||
---
|
||||
src/crypto/tls/conn.go | 10 +++--
|
||||
src/crypto/tls/handshake_client_tls13.go | 4 +-
|
||||
src/crypto/tls/handshake_server_tls13.go | 4 +-
|
||||
src/crypto/tls/handshake_test.go | 48 ++++++++++++++++++++++++
|
||||
4 files changed, 59 insertions(+), 7 deletions(-)
|
||||
|
||||
diff --git a/src/crypto/tls/conn.go b/src/crypto/tls/conn.go
|
||||
index 08609ce..770d456 100644
|
||||
--- a/src/crypto/tls/conn.go
|
||||
+++ b/src/crypto/tls/conn.go
|
||||
@@ -1345,7 +1345,7 @@ func (c *Conn) handleKeyUpdate(keyUpdate *keyUpdateMsg) error {
|
||||
}
|
||||
|
||||
newSecret := cipherSuite.nextTrafficSecret(c.in.trafficSecret)
|
||||
- if err := c.setReadTrafficSecret(cipherSuite, QUICEncryptionLevelInitial, newSecret); err != nil {
|
||||
+ if err := c.setReadTrafficSecret(cipherSuite, QUICEncryptionLevelInitial, newSecret, keyUpdate.updateRequested); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
@@ -1675,12 +1675,16 @@ func (c *Conn) VerifyHostname(host string) error {
|
||||
// setReadTrafficSecret sets the read traffic secret for the given encryption level. If
|
||||
// being called at the same time as setWriteTrafficSecret, the caller must ensure the call
|
||||
// to setWriteTrafficSecret happens first so any alerts are sent at the write level.
|
||||
-func (c *Conn) setReadTrafficSecret(suite *cipherSuiteTLS13, level QUICEncryptionLevel, secret []byte) error {
|
||||
+func (c *Conn) setReadTrafficSecret(suite *cipherSuiteTLS13, level QUICEncryptionLevel, secret []byte, locked bool) error {
|
||||
// Ensure that there are no buffered handshake messages before changing the
|
||||
// read keys, since that can cause messages to be parsed that were encrypted
|
||||
// using old keys which are no longer appropriate.
|
||||
if c.hand.Len() != 0 {
|
||||
- c.sendAlert(alertUnexpectedMessage)
|
||||
+ if locked {
|
||||
+ c.sendAlertLocked(alertUnexpectedMessage)
|
||||
+ } else {
|
||||
+ c.sendAlert(alertUnexpectedMessage)
|
||||
+ }
|
||||
return errors.New("tls: handshake buffer not empty before setting read traffic secret")
|
||||
}
|
||||
c.in.setTrafficSecret(suite, level, secret)
|
||||
diff --git a/src/crypto/tls/handshake_client_tls13.go b/src/crypto/tls/handshake_client_tls13.go
|
||||
index 68ff92b..2d58b21 100644
|
||||
--- a/src/crypto/tls/handshake_client_tls13.go
|
||||
+++ b/src/crypto/tls/handshake_client_tls13.go
|
||||
@@ -396,7 +396,7 @@ func (hs *clientHandshakeStateTLS13) establishHandshakeKeys() error {
|
||||
c.setWriteTrafficSecret(hs.suite, QUICEncryptionLevelHandshake, clientSecret)
|
||||
serverSecret := hs.suite.deriveSecret(handshakeSecret,
|
||||
serverHandshakeTrafficLabel, hs.transcript)
|
||||
- if err := c.setReadTrafficSecret(hs.suite, QUICEncryptionLevelHandshake, serverSecret); err != nil {
|
||||
+ if err := c.setReadTrafficSecret(hs.suite, QUICEncryptionLevelHandshake, serverSecret, false); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
@@ -607,7 +607,7 @@ func (hs *clientHandshakeStateTLS13) readServerFinished() error {
|
||||
clientApplicationTrafficLabel, hs.transcript)
|
||||
serverSecret := hs.suite.deriveSecret(hs.masterSecret,
|
||||
serverApplicationTrafficLabel, hs.transcript)
|
||||
- if err := c.setReadTrafficSecret(hs.suite, QUICEncryptionLevelApplication, serverSecret); err != nil {
|
||||
+ if err := c.setReadTrafficSecret(hs.suite, QUICEncryptionLevelApplication, serverSecret, false); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
diff --git a/src/crypto/tls/handshake_server_tls13.go b/src/crypto/tls/handshake_server_tls13.go
|
||||
index 1ecee3a..f73b536 100644
|
||||
--- a/src/crypto/tls/handshake_server_tls13.go
|
||||
+++ b/src/crypto/tls/handshake_server_tls13.go
|
||||
@@ -636,7 +636,7 @@ func (hs *serverHandshakeStateTLS13) sendServerParameters() error {
|
||||
c.setWriteTrafficSecret(hs.suite, QUICEncryptionLevelHandshake, serverSecret)
|
||||
clientSecret := hs.suite.deriveSecret(hs.handshakeSecret,
|
||||
clientHandshakeTrafficLabel, hs.transcript)
|
||||
- if err := c.setReadTrafficSecret(hs.suite, QUICEncryptionLevelHandshake, clientSecret); err != nil {
|
||||
+ if err := c.setReadTrafficSecret(hs.suite, QUICEncryptionLevelHandshake, clientSecret, false); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
@@ -1005,7 +1005,7 @@ func (hs *serverHandshakeStateTLS13) readClientFinished() error {
|
||||
return errors.New("tls: invalid client finished hash")
|
||||
}
|
||||
|
||||
- if err := c.setReadTrafficSecret(hs.suite, QUICEncryptionLevelApplication, hs.trafficSecret); err != nil {
|
||||
+ if err := c.setReadTrafficSecret(hs.suite, QUICEncryptionLevelApplication, hs.trafficSecret, false); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
diff --git a/src/crypto/tls/handshake_test.go b/src/crypto/tls/handshake_test.go
|
||||
index 4991a0e..a95d751 100644
|
||||
--- a/src/crypto/tls/handshake_test.go
|
||||
+++ b/src/crypto/tls/handshake_test.go
|
||||
@@ -673,3 +673,51 @@ func concatHandshakeMessages(msgs ...handshakeMessage) ([]byte, error) {
|
||||
outBuf = append(outBuf, marshalled...)
|
||||
return outBuf, nil
|
||||
}
|
||||
+
|
||||
+func TestMultipleKeyUpdate(t *testing.T) {
|
||||
+ for _, requestUpdate := range []bool{true, false} {
|
||||
+ t.Run(fmt.Sprintf("requestUpdate=%t", requestUpdate), func(t *testing.T) {
|
||||
+
|
||||
+ c, s := localPipe(t)
|
||||
+ cfg := testConfig.Clone()
|
||||
+ cfg.MinVersion = VersionTLS13
|
||||
+ cfg.MaxVersion = VersionTLS13
|
||||
+ client := Client(c, testConfig)
|
||||
+ server := Server(s, testConfig)
|
||||
+
|
||||
+ clientHandshakeDone := make(chan struct{})
|
||||
+ go func() {
|
||||
+ if err := client.Handshake(); err != nil {
|
||||
+ }
|
||||
+ close(clientHandshakeDone)
|
||||
+ io.Copy(io.Discard, server)
|
||||
+ }()
|
||||
+
|
||||
+ if err := server.Handshake(); err != nil {
|
||||
+ t.Fatalf("server handshake failed: %v\n", err)
|
||||
+ }
|
||||
+ <-clientHandshakeDone
|
||||
+
|
||||
+ c.SetReadDeadline(time.Now().Add(1 * time.Second))
|
||||
+ s.SetReadDeadline(time.Now().Add(1 * time.Second))
|
||||
+
|
||||
+ kuMsg, err := (&keyUpdateMsg{updateRequested: requestUpdate}).marshal()
|
||||
+ if err != nil {
|
||||
+ t.Fatalf("failed to marshal key update message: %v", err)
|
||||
+ }
|
||||
+
|
||||
+ client.out.Lock()
|
||||
+ if _, err := client.writeRecordLocked(recordTypeHandshake, append(kuMsg, kuMsg...)); err != nil {
|
||||
+ t.Fatalf("failed to write key update messages: %v", err)
|
||||
+ }
|
||||
+ client.out.Unlock()
|
||||
+
|
||||
+ _, err = io.Copy(io.Discard, client)
|
||||
+ if err == nil {
|
||||
+ t.Fatal("expected multiple key update messages to cause an error, got nil")
|
||||
+ } else if !strings.HasSuffix(err.Error(), "tls: unexpected message") {
|
||||
+ t.Fatalf("unexpected error: %v", err)
|
||||
+ }
|
||||
+ })
|
||||
+ }
|
||||
+}
|
||||
--
|
||||
2.43.0
|
||||
|
||||
Reference in New Issue
Block a user