Re: [oe-core][dunfell][PATCH] go: backport patch fix for CVE-2021-38297

[Steve Sakoman]

On Wed, Mar 30, 2022 at 6:16 AM Steve Sakoman via
lists.openembedded.org <steve=sakoman....@lists.openembedded.org>
wrote:
>
> Unfortunately this patch doesn't seem to apply:
>
> Applying: go: backport patch fix for CVE-2021-38297
> Using index info to reconstruct a base tree...
> M meta/recipes-devtools/go/go-1.14.inc
> .git/rebase-apply/patch:73: space before tab in indent.
>   offset += 8;
> .git/rebase-apply/patch:74: space before tab in indent.
>   });
> .git/rebase-apply/patch:75: trailing whitespace.
>
> .git/rebase-apply/patch:83: space before tab in indent.
>   this._inst.exports.run(argc, argv);
> .git/rebase-apply/patch:84: space before tab in indent.
>   if (this.exited) {
> warning: squelched 13 whitespace errors
> warning: 18 lines add whitespace errors.
> Falling back to patching base and 3-way merge...
> Auto-merging meta/recipes-devtools/go/go-1.14.inc
> CONFLICT (content): Merge conflict in meta/recipes-devtools/go/go-1.14.inc
> error: Failed to merge in the changes.
> Patch failed at 0001 go: backport patch fix for CVE-2021-38297
> hint: Use 'git am --show-current-patch' to see the failed patch
> When you have resolved this problem, run "git am --continue".
> If you prefer to skip this patch, run "git am --skip" instead.
> To restore the original branch and stop patching, run "git am --abort".
>
> It appears that you haven't based your patch on the current dunfell
> head -- you seem to be missing a couple of go CVE patches from last
> month!

And once I fixed the above issue the build failed:

ERROR: go-native-1.14.15-r0 do_compile: Execution of
'/home/steve/builds/poky-contrib/build/tmp/work/x86_64-linux/go-native/1.14.15-r0/temp/run.do_compile.2927597'
failed with exit code 2
ERROR: Logfile of failure stored in:
/home/steve/builds/poky-contrib/build/tmp/work/x86_64-linux/go-native/1.14.15-r0/temp/log.do_compile.2927597
Log data follows:
| DEBUG: Executing shell function do_compile
| Building Go cmd/dist using
/home/steve/builds/poky-contrib/build/tmp/work/x86_64-linux/go-native/1.14.15-r0/go1.4/go.
(go1.4-bootstrap-20170531 linux/amd64)
| Building Go toolchain1 using
/home/steve/builds/poky-contrib/build/tmp/work/x86_64-linux/go-native/1.14.15-r0/go1.4/go.
| # bootstrap/cmd/link/internal/ld
| 
/home/steve/builds/poky-contrib/build/tmp/work/x86_64-linux/go-native/1.14.15-r0/go/src/cmd/link/internal/ld/data.go:2194[/home/steve/builds/poky-contrib/build/tmp/work/x86_64-linux/go-native/1.14.15-r0/go/pkg/bootstrap/src/bootstrap/cmd/link/internal/ld/data.go:2198]:
ctxt.IsWasm undefined (type *Link has no field or method IsWasm)
| go tool dist: FAILED:
/home/steve/builds/poky-contrib/build/tmp/work/x86_64-linux/go-native/1.14.15-r0/go1.4/go/bin/go
install -gcflags=-l -tags=math_big_pure_go compiler_bootstrap
bootstrap/cmd/...: exit status 2
| WARNING: 
/home/steve/builds/poky-contrib/build/tmp/work/x86_64-linux/go-native/1.14.15-r0/temp/run.do_compile.2927597:1
exit 2 from './make.bash --no-banner'
| ERROR: Execution of
'/home/steve/builds/poky-contrib/build/tmp/work/x86_64-linux/go-native/1.14.15-r0/temp/run.do_compile.2927597'
failed with exit code 2
ERROR: Task 
(/home/steve/builds/poky-contrib/meta/recipes-devtools/go/go-native_1.14.bb:do_compile)
failed with exit code '1'
NOTE: Tasks Summary: Attempted 548 tasks of which 527 didn't need to
be rerun and 1 failed.

So it definitely looks like a v2 is required!


> Steve
>
> On Wed, Mar 30, 2022 at 5:50 AM Davide Gardenal
> <davidegarde2...@gmail.com> wrote:
> >
> > Patch taken from
> > https://github.com/golang/go/commit/4548fcc8dfd933c237f29bba6f90040a85922564
> > from the following issue
> > https://github.com/golang/go/issues/48797
> >
> > Original repo
> > https://go.googlesource.com/go/+/77f2750f4398990eed972186706f160631d7dae4
> >
> > Signed-off-by: Davide Gardenal <davide.garde...@huawei.com>
> > ---
> >  meta/recipes-devtools/go/go-1.14.inc          |  1 +
> >  .../go/go-1.14/CVE-2021-38297.patch           | 94 +++++++++++++++++++
> >  2 files changed, 95 insertions(+)
> >  create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2021-38297.patch
> >
> > diff --git a/meta/recipes-devtools/go/go-1.14.inc 
> > b/meta/recipes-devtools/go/go-1.14.inc
> > index abc6f42184..947f1798ee 100644
> > --- a/meta/recipes-devtools/go/go-1.14.inc
> > +++ b/meta/recipes-devtools/go/go-1.14.inc
> > @@ -19,6 +19,7 @@ SRC_URI += "\
> >      file://CVE-2021-34558.patch \
> >      file://CVE-2021-33196.patch \
> >      file://CVE-2021-33197.patch \
> > +    file://CVE-2021-38297.patch \
> >  "
> >  SRC_URI_append_libc-musl = " 
> > file://0009-ld-replace-glibc-dynamic-linker-with-musl.patch"
> >  SRC_URI[main.sha256sum] = 
> > "7ed13b2209e54a451835997f78035530b331c5b6943cdcd68a3d815fdc009149"
> > diff --git a/meta/recipes-devtools/go/go-1.14/CVE-2021-38297.patch 
> > b/meta/recipes-devtools/go/go-1.14/CVE-2021-38297.patch
> > new file mode 100644
> > index 0000000000..0b5d0b591e
> > --- /dev/null
> > +++ b/meta/recipes-devtools/go/go-1.14/CVE-2021-38297.patch
> > @@ -0,0 +1,94 @@
> > +From 4548fcc8dfd933c237f29bba6f90040a85922564 Mon Sep 17 00:00:00 2001
> > +From: Michael Knyszek <mknys...@google.com>
> > +Date: Thu, 2 Sep 2021 16:51:59 -0400
> > +Subject: [PATCH] [release-branch.go1.16] misc/wasm, cmd/link: do not let
> > + command line args overwrite global data
> > +
> > +On Wasm, wasm_exec.js puts command line arguments at the beginning
> > +of the linear memory (following the "zero page"). Currently there
> > +is no limit for this, and a very long command line can overwrite
> > +the program's data section. Prevent this by limiting the command
> > +line to 4096 bytes, and in the linker ensuring the data section
> > +starts at a high enough address (8192).
> > +
> > +(Arguably our address assignment on Wasm is a bit confusing. This
> > +is the minimum fix I can come up with.)
> > +
> > +Thanks to Ben Lubar for reporting this issue.
> > +
> > +Change by Cherry Mui <cherr...@google.com>.
> > +
> > +For #48797
> > +Fixes #48799
> > +Fixes CVE-2021-38297
> > +
> > +Change-Id: I0f50fbb2a5b6d0d047e3c134a88988d9133e4ab3
> > +Reviewed-on: 
> > https://team-review.git.corp.google.com/c/golang/go-private/+/1205933
> > +Reviewed-by: Roland Shoemaker <bracew...@google.com>
> > +Reviewed-by: Than McIntosh <th...@google.com>
> > +Reviewed-on: https://go-review.googlesource.com/c/go/+/354591
> > +Trust: Michael Knyszek <mknys...@google.com>
> > +Reviewed-by: Heschi Kreinick <hes...@google.com>
> > +
> > +CVE: CVE-2021-38297
> > +
> > +Upstream-Status: Backport:
> > +https://github.com/golang/go/commit/4548fcc8dfd933c237f29bba6f90040a85922564
> > +
> > +Signed-off-by: Davide Gardenal <davide.garde...@huawei.com>
> > +---
> > + misc/wasm/wasm_exec.js           |  7 +++++++
> > + src/cmd/link/internal/ld/data.go | 11 ++++++++++-
> > + 2 files changed, 17 insertions(+), 1 deletion(-)
> > +
> > +diff --git a/misc/wasm/wasm_exec.js b/misc/wasm/wasm_exec.js
> > +index 82041e6bb901..a0a264278b1b 100644
> > +--- a/misc/wasm/wasm_exec.js
> > ++++ b/misc/wasm/wasm_exec.js
> > +@@ -564,6 +564,13 @@
> > +                               offset += 8;
> > +                       });
> > +
> > ++                      // The linker guarantees global data starts from at 
> > least wasmMinDataAddr.
> > ++                      // Keep in sync with 
> > cmd/link/internal/ld/data.go:wasmMinDataAddr.
> > ++                      const wasmMinDataAddr = 4096 + 4096;
> > ++                      if (offset >= wasmMinDataAddr) {
> > ++                              throw new Error("command line too long");
> > ++                      }
> > ++
> > +                       this._inst.exports.run(argc, argv);
> > +                       if (this.exited) {
> > +                               this._resolveExitPromise();
> > +diff --git a/src/cmd/link/internal/ld/data.go 
> > b/src/cmd/link/internal/ld/data.go
> > +index 52035e96301c..54a1d188cdb9 100644
> > +--- a/src/cmd/link/internal/ld/data.go
> > ++++ b/src/cmd/link/internal/ld/data.go
> > +@@ -2330,6 +2330,11 @@ func assignAddress(ctxt *Link, sect *sym.Section, n 
> > int, s loader.Sym, va uint64
> > +       return sect, n, va
> > + }
> > +
> > ++// On Wasm, we reserve 4096 bytes for zero page, then 4096 bytes for 
> > wasm_exec.js
> > ++// to store command line args. Data sections starts from at least address 
> > 8192.
> > ++// Keep in sync with wasm_exec.js.
> > ++const wasmMinDataAddr = 4096 + 4096
> > ++
> > + // address assigns virtual addresses to all segments and sections and
> > + // returns all segments in file order.
> > + func (ctxt *Link) address() []*sym.Segment {
> > +@@ -2339,10 +2344,14 @@ func (ctxt *Link) address() []*sym.Segment {
> > +       order = append(order, &Segtext)
> > +       Segtext.Rwx = 05
> > +       Segtext.Vaddr = va
> > +-      for _, s := range Segtext.Sections {
> > ++      for i, s := range Segtext.Sections {
> > +               va = uint64(Rnd(int64(va), int64(s.Align)))
> > +               s.Vaddr = va
> > +               va += s.Length
> > ++
> > ++              if ctxt.IsWasm() && i == 0 && va < wasmMinDataAddr {
> > ++                      va = wasmMinDataAddr
> > ++              }
> > +       }
> > +
> > +       Segtext.Length = va - uint64(*FlagTextAddr)
> > +
> > \ No newline at end of file
> > --
> > 2.32.0
> >
> >
> >
> >
>
> 
>

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#163791): 
https://lists.openembedded.org/g/openembedded-core/message/163791
Mute This Topic: https://lists.openembedded.org/mt/90134464/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-