登录 注册
开源 企业版 高校版 私有云 Gitee AI NEW
扫描微信二维码支付
取消
支付完成
Watch
不关注 关注所有动态 仅关注版本发行动态 关注但不提醒动态
1 Star 0 Fork 76

hc/golang

forked from src-openEuler/golang 
代码 Issues 0 Pull Requests 0 Wiki 统计 流水线
服务
加入 Gitee
与超过 1200万 开发者一起发现、参与优秀开源项目,私有仓库也完全免费 :)
免费加入
该仓库未声明开源许可证文件(LICENSE),使用请关注具体项目描述及其代码上游依赖。
项目仓库所选许可证以仓库主分支所使用许可证为准
克隆/下载
backport-0011-Backport-archive-zip-treat-truncated-EOCDR-comment-a.patch 2.10 KB
一键复制 编辑 原始数据 按行查看 历史
hc 提交于 2024-06-23 00:53 . [Backport]fix CVE-2023-39326,CVE-2024-24789
12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758
From c69c5c62775d84aa56a43bedaa4fcacbb73d403d Mon Sep 17 00:00:00 2001

From: Damien Neil <[email protected]>

Date: Tue, 14 May 2024 14:39:10 -0700

Subject: [PATCH] [Backport] archive/zip: treat truncated EOCDR comment as an

 error



CVE: CVE-2024-24789

Reference: https://go-review.googlesource.com/c/go/+/588796



When scanning for an end of central directory record,

treat an EOCDR signature with a record containing a truncated

comment as an error. Previously, we would skip over the invalid

record and look for another one. Other implementations do not

do this (they either consider this a hard error, or just ignore

the truncated comment). This parser misalignment allowed

presenting entirely different archive contents to Go programs

and other zip decoders.



For #66869

Fixes #67554

Fixes CVE-2024-24789



Change-Id: I94e5cb028534bb5704588b8af27f1e22ea49c7c6

Reviewed-on: https://go-review.googlesource.com/c/go/+/585397

Reviewed-by: Joseph Tsai <[email protected]>

Reviewed-by: Dmitri Shuralyov <[email protected]>

LUCI-TryBot-Result: Go LUCI <[email protected]>

(cherry picked from commit 33d725e5758bf1fea62e6c77fc70b57a828a49f5)

Reviewed-on: https://go-review.googlesource.com/c/go/+/588796

Reviewed-by: Matthew Dempsky <[email protected]>

Signed-off-by: Ma Chang Wang [email protected]

---

 src/archive/zip/reader.go | 8 ++++++--

 1 file changed, 6 insertions(+), 2 deletions(-)



diff --git a/src/archive/zip/reader.go b/src/archive/zip/reader.go

index 1fde1decc4..20356bde0e 100644

--- a/src/archive/zip/reader.go

+++ b/src/archive/zip/reader.go

@@ -699,9 +699,13 @@ func findSignatureInBlock(b []byte) int {

 		if b[i] == 'P' && b[i+1] == 'K' && b[i+2] == 0x05 && b[i+3] == 0x06 {

 			// n is length of comment

 			n := int(b[i+directoryEndLen-2]) | int(b[i+directoryEndLen-1])<<8

-			if n+directoryEndLen+i <= len(b) {

-				return i

+			if n+directoryEndLen+i > len(b) {

+				// Truncated comment.

+				// Some parsers (such as Info-ZIP) ignore the truncated comment

+				// rather than treating it as a hard error.

+				return -1

 			}

+			return i

 		}

 	}

 	return -1

-- 

2.33.0
马建仓 AI 助手
尝试更多
代码解读
代码找茬
代码优化
1
https://gitee.com/hcnbxx/golang.git
[email protected]:hcnbxx/golang.git
hcnbxx
golang
golang
master
点此查找更多帮助

搜索帮助

Git 命令在线学习 如何在 Gitee 导入 GitHub 仓库
Git 仓库基础操作
企业版和社区版功能对比
SSH 公钥设置
如何处理代码冲突
仓库体积过大,如何减小?
如何找回被删除的仓库数据
Gitee 产品配额说明
GitHub仓库快速导入Gitee及同步更新
什么是 Release(发行版)
将 PHP 项目自动发布到 packagist.org
仓库举报
回到顶部