go: Fix CVE-2024-34155

Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion. Reference: https://nvd.nist.gov/vuln/detail/CVE-2024-34155 Upstream-patch: b232596139 (From OE-Core rev: 9d21d527e2448e202030ae7ad38c88e25943a2f3) Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
2026-04-19 06:32:13 +02:00 · 2025-01-08 05:54:19 +00:00
parent f505325936
commit f700dcdc1d
2 changed files with 72 additions and 0 deletions
--- a/meta/recipes-devtools/go/go-1.17.13.inc
+++ b/meta/recipes-devtools/go/go-1.17.13.inc
@@ -58,6 +58,7 @@ SRC_URI += "\
    file://CVE-2023-45288.patch \
    file://CVE-2024-24789.patch \
    file://CVE-2024-24791.patch \
+    file://CVE-2024-34155.patch \
 "
 SRC_URI[main.sha256sum] = "a1a48b23afb206f95e7bbaa9b898d965f90826f6f1d1fc0c1d784ada0cd300fd"

--- a/meta/recipes-devtools/go/go-1.21/CVE-2024-34155.patch
+++ b/meta/recipes-devtools/go/go-1.21/CVE-2024-34155.patch
@@ -0,0 +1,71 @@
+From b232596139dbe96a62edbe3a2a203e856bf556eb Mon Sep 17 00:00:00 2001
+From: Roland Shoemaker <bracewell@google.com>
+Date: Mon, 10 Jun 2024 15:34:12 -0700
+Subject: [PATCH] go/parser: track depth in nested element lists
+
+Prevents stack exhaustion with extremely deeply nested literal values,
+i.e. field values in structs.
+
+Updates #69138
+Fixes #69142
+Fixes CVE-2024-34155
+
+Change-Id: I2e8e33b44105cc169d7ed1ae83fb56df0c10f1ee
+Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/1520
+Reviewed-by: Robert Griesemer <gri@google.com>
+Reviewed-by: Damien Neil <dneil@google.com>
+Reviewed-by: Russ Cox <rsc@google.com>
+(cherry picked from commit eb1b038c0d01761694e7a735ef87ac9164c6568e)
+Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/1561
+Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
+Reviewed-on: https://go-review.googlesource.com/c/go/+/611181
+Reviewed-by: Michael Pratt <mpratt@google.com>
+TryBot-Bypass: Dmitri Shuralyov <dmitshur@google.com>
+Auto-Submit: Dmitri Shuralyov <dmitshur@google.com>
+Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
+
+CVE: CVE-2024-34155
+
+Upstream-Status: Backport [https://github.com/golang/go/commit/b232596139dbe96a62edbe3a2a203e856bf556eb]
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ src/go/parser/parser.go      | 2 ++
+ src/go/parser/parser_test.go | 9 +++++----
+ 2 files changed, 7 insertions(+), 4 deletions(-)
+
+diff --git a/src/go/parser/parser.go b/src/go/parser/parser.go
+index 2c42b9f..a728d9a 100644
+--- a/src/go/parser/parser.go
+++ b/src/go/parser/parser.go
+@@ -1481,6 +1481,8 @@ func (p *parser) parseElementList() (list []ast.Expr) {
+ }
+
+ func (p *parser) parseLiteralValue(typ ast.Expr) ast.Expr {
+	defer decNestLev(incNestLev(p))
+
+	if p.trace {
+		defer un(trace(p, "LiteralValue"))
+	}
+diff --git a/src/go/parser/parser_test.go b/src/go/parser/parser_test.go
+index 993df63..b2cd501 100644
+--- a/src/go/parser/parser_test.go
+++ b/src/go/parser/parser_test.go
+@@ -607,10 +607,11 @@ var parseDepthTests = []struct {
+	{name: "chan2", format: "package main; var x «<-chan »int"},
+	{name: "interface", format: "package main; var x «interface { M() «int» }»", scope: true, scopeMultiplier: 2}, // Scopes: InterfaceType, FuncType
+	{name: "map", format: "package main; var x «map[int]»int"},
+-	{name: "slicelit", format: "package main; var x = «[]any{«»}»", parseMultiplier: 2},             // Parser nodes: UnaryExpr, CompositeLit
+-	{name: "arraylit", format: "package main; var x = «[1]any{«nil»}»", parseMultiplier: 2},         // Parser nodes: UnaryExpr, CompositeLit
+-	{name: "structlit", format: "package main; var x = «struct{x any}{«nil»}»", parseMultiplier: 2}, // Parser nodes: UnaryExpr, CompositeLit
+-	{name: "maplit", format: "package main; var x = «map[int]any{1:«nil»}»", parseMultiplier: 2},    // Parser nodes: CompositeLit, KeyValueExpr
+	{name: "slicelit", format: "package main; var x = []any{«[]any{«»}»}", parseMultiplier: 3},      // Parser nodes: UnaryExpr, CompositeLit
+	{name: "arraylit", format: "package main; var x = «[1]any{«nil»}»", parseMultiplier: 3},         // Parser nodes: UnaryExpr, CompositeLit
+	{name: "structlit", format: "package main; var x = «struct{x any}{«nil»}»", parseMultiplier: 3}, // Parser nodes: UnaryExpr, CompositeLit
+	{name: "maplit", format: "package main; var x = «map[int]any{1:«nil»}»", parseMultiplier: 3},    // Parser nodes: CompositeLit, KeyValueExpr
+	{name: "element", format: "package main; var x = struct{x any}{x: «{«»}»}"},
+	{name: "dot", format: "package main; var x = «x.»x"},
+	{name: "index", format: "package main; var x = x«[1]»"},
+	{name: "slice", format: "package main; var x = x«[1:2]»"},
+--
+2.40.0