66 lines
2.0 KiB
Diff
66 lines
2.0 KiB
Diff
From 174d5787fa52ec66aa29ee20a04b47d98d458082 Mon Sep 17 00:00:00 2001
|
|
From: Katie Hockman <katie@golang.org>
|
|
Date: Wed, 19 Jan 2022 16:54:41 -0500
|
|
Subject: [PATCH 6/6] [release-branch.go1.17] math/big: prevent overflow in
|
|
(*Rat).SetString
|
|
|
|
Credit to rsc@ for the original patch.
|
|
|
|
Thanks to the OSS-Fuzz project for discovering this
|
|
issue and to Emmanuel Odeke (@odeke_et) for reporting it.
|
|
|
|
Updates #50699
|
|
Fixes #50701
|
|
Fixes CVE-2022-23772
|
|
|
|
Change-Id: I590395a3d55689625390cf1e58f5f40623b26ee5
|
|
Reviewed-on: https://go-review.googlesource.com/c/go/+/379537
|
|
Trust: Katie Hockman <katie@golang.org>
|
|
Run-TryBot: Katie Hockman <katie@golang.org>
|
|
TryBot-Result: Gopher Robot <gobot@golang.org>
|
|
Reviewed-by: Emmanuel Odeke <emmanuel@orijtech.com>
|
|
Reviewed-by: Roland Shoemaker <roland@golang.org>
|
|
Reviewed-by: Julie Qiu <julie@golang.org>
|
|
(cherry picked from commit ad345c265916bbf6c646865e4642eafce6d39e78)
|
|
Reviewed-on: https://go-review.googlesource.com/c/go/+/381336
|
|
Reviewed-by: Filippo Valsorda <filippo@golang.org>
|
|
|
|
Conflict: NA
|
|
Reference: https://go-review.googlesource.com/c/go/+/381336
|
|
---
|
|
src/math/big/ratconv.go | 5 +++++
|
|
src/math/big/ratconv_test.go | 1 +
|
|
2 files changed, 6 insertions(+)
|
|
|
|
diff --git a/src/math/big/ratconv.go b/src/math/big/ratconv.go
|
|
index ac3c8bd11f8..90053a9c81d 100644
|
|
--- a/src/math/big/ratconv.go
|
|
+++ b/src/math/big/ratconv.go
|
|
@@ -169,6 +169,11 @@ func (z *Rat) SetString(s string) (*Rat, bool) {
|
|
n := exp5
|
|
if n < 0 {
|
|
n = -n
|
|
+ if n < 0 {
|
|
+ // This can occur if -n overflows. -(-1 << 63) would become
|
|
+ // -1 << 63, which is still negative.
|
|
+ return nil, false
|
|
+ }
|
|
}
|
|
if n > 1e6 {
|
|
return nil, false // avoid excessively large exponents
|
|
diff --git a/src/math/big/ratconv_test.go b/src/math/big/ratconv_test.go
|
|
index 15d206cb386..e55e6557189 100644
|
|
--- a/src/math/big/ratconv_test.go
|
|
+++ b/src/math/big/ratconv_test.go
|
|
@@ -104,6 +104,7 @@ var setStringTests = []StringTest{
|
|
{in: "4/3/"},
|
|
{in: "4/3."},
|
|
{in: "4/"},
|
|
+ {in: "13e-9223372036854775808"}, // CVE-2022-23772
|
|
|
|
// valid
|
|
{"0", "0", true},
|
|
--
|
|
2.30.0
|
|
|