git.ipfire.org Git - thirdparty/openembedded/openembedded-core.git/commit

author	Vivek Kumbhar <vkumbhar@mvista.com>
	Fri, 28 Apr 2023 14:44:30 +0000 (20:14 +0530)
committer	Steve Sakoman <steve@sakoman.com>
	Fri, 28 Apr 2023 16:07:30 +0000 (06:07 -1000)
commit	daa6aa9c7198a07322f1828a9db457fec86191cf
tree	29357d6ed60967e7528842b7d69f6662e1ed5acd	tree
parent	08ffa2437967a642a4c8e35e2158bb369454764a	commit \| diff

go: fix CVE-2023-24534 denial of service from excessive memory allocation

A parsed MIME header is a map[string][]string. In the common case,
a header contains many one-element []string slices. To avoid
allocating a separate slice for each key, ReadMIMEHeader looks
ahead in the input to predict the number of keys that will be
parsed, and allocates a single []string of that length.
The individual slices are then allocated out of the larger one.

The prediction of the number of header keys was done by counting
newlines in the input buffer, which does not take into account
header continuation lines (where a header key/value spans multiple
lines) or the end of the header block and the start of the body.
This could lead to a substantial amount of overallocation, for
example when the body consists of nothing but a large block of
newlines.

Fix header key count prediction to take into account the end of
the headers (indicated by a blank line) and continuation lines
(starting with whitespace).

Thanks to Jakob Ackermann (@das7pad) for reporting this issue.

Fixes CVE-2023-24534
For #58975
Fixes #59267

Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>

meta/recipes-devtools/go/go-1.14.inc		diff \| blob \| blame \| history
meta/recipes-devtools/go/go-1.14/CVE-2023-24534.patch	[new file with mode: 0644]	blob