From d3e0b7bbfb2b6ae861c2b7d9b257fc46fcd0b5b2 Mon Sep 17 00:00:00 2001 From: rpm-build Date: Thu, 25 Apr 2024 09:30:21 +0800 Subject: [PATCH] CVE-2022-32149 --- .../vendor/golang.org/x/text/language/parse.go | 5 +++++ .../vendor/golang.org/x/text/language/parse.go | 5 +++++ vendor/golang.org/x/text/language/parse.go | 5 +++++ 3 files changed, 15 insertions(+) diff --git a/dnsname-18822f9a4fb35d1349eb256f4cd2bfd372474d84/vendor/golang.org/x/text/language/parse.go b/dnsname-18822f9a4fb35d1349eb256f4cd2bfd372474d84/vendor/golang.org/x/text/language/parse.go index fca2d30..5265091 100644 --- a/dnsname-18822f9a4fb35d1349eb256f4cd2bfd372474d84/vendor/golang.org/x/text/language/parse.go +++ b/dnsname-18822f9a4fb35d1349eb256f4cd2bfd372474d84/vendor/golang.org/x/text/language/parse.go @@ -764,6 +764,7 @@ func nextExtension(s string, p int) int { } var errInvalidWeight = errors.New("ParseAcceptLanguage: invalid weight") +var errTagListTooLarge = errors.New("tag list exceeds max length") // ParseAcceptLanguage parses the contents of an Accept-Language header as // defined in http://www.ietf.org/rfc/rfc2616.txt and returns a list of Tags and @@ -773,6 +774,10 @@ var errInvalidWeight = errors.New("ParseAcceptLanguage: invalid weight") // Tags with a weight of zero will be dropped. An error will be returned if the // input could not be parsed. func ParseAcceptLanguage(s string) (tag []Tag, q []float32, err error) { + if strings.Count(s, "-") > 1000 { + return nil, nil, errTagListTooLarge + } + var entry string for s != "" { if entry, s = split(s, ','); entry == "" { diff --git a/gvisor-tap-vsock-4ee84d66bd86668f011733d8873989b5862bcd07/vendor/golang.org/x/text/language/parse.go b/gvisor-tap-vsock-4ee84d66bd86668f011733d8873989b5862bcd07/vendor/golang.org/x/text/language/parse.go index 59b0410..b982d9e 100644 --- a/gvisor-tap-vsock-4ee84d66bd86668f011733d8873989b5862bcd07/vendor/golang.org/x/text/language/parse.go +++ b/gvisor-tap-vsock-4ee84d66bd86668f011733d8873989b5862bcd07/vendor/golang.org/x/text/language/parse.go @@ -147,6 +147,7 @@ func update(b *language.Builder, part ...interface{}) (err error) { } var errInvalidWeight = errors.New("ParseAcceptLanguage: invalid weight") +var errTagListTooLarge = errors.New("tag list exceeds max length") // ParseAcceptLanguage parses the contents of an Accept-Language header as // defined in http://www.ietf.org/rfc/rfc2616.txt and returns a list of Tags and @@ -164,6 +165,10 @@ func ParseAcceptLanguage(s string) (tag []Tag, q []float32, err error) { } }() + if strings.Count(s, "-") > 1000 { + return nil, nil, errTagListTooLarge + } + var entry string for s != "" { if entry, s = split(s, ','); entry == "" { diff --git a/vendor/golang.org/x/text/language/parse.go b/vendor/golang.org/x/text/language/parse.go index 59b0410..b982d9e 100644 --- a/vendor/golang.org/x/text/language/parse.go +++ b/vendor/golang.org/x/text/language/parse.go @@ -147,6 +147,7 @@ func update(b *language.Builder, part ...interface{}) (err error) { } var errInvalidWeight = errors.New("ParseAcceptLanguage: invalid weight") +var errTagListTooLarge = errors.New("tag list exceeds max length") // ParseAcceptLanguage parses the contents of an Accept-Language header as // defined in http://www.ietf.org/rfc/rfc2616.txt and returns a list of Tags and @@ -164,6 +165,10 @@ func ParseAcceptLanguage(s string) (tag []Tag, q []float32, err error) { } }() + if strings.Count(s, "-") > 1000 { + return nil, nil, errTagListTooLarge + } + var entry string for s != "" { if entry, s = split(s, ','); entry == "" { -- 2.33.0