diff options
Diffstat (limited to 'poky/meta/recipes-devtools/go/go-1.14/CVE-2021-31525.patch')
-rw-r--r-- | poky/meta/recipes-devtools/go/go-1.14/CVE-2021-31525.patch | 38 |
1 files changed, 38 insertions, 0 deletions
diff --git a/poky/meta/recipes-devtools/go/go-1.14/CVE-2021-31525.patch b/poky/meta/recipes-devtools/go/go-1.14/CVE-2021-31525.patch new file mode 100644 index 0000000000..afe4b0d2b8 --- /dev/null +++ b/poky/meta/recipes-devtools/go/go-1.14/CVE-2021-31525.patch @@ -0,0 +1,38 @@ +From efb465ada003d23353a91ef930be408eb575dba6 Mon Sep 17 00:00:00 2001 +From: Hitendra Prajapati <hprajapati@mvista.com> +Date: Thu, 16 Jun 2022 17:40:12 +0530 +Subject: [PATCH] CVE-2021-31525 + +Upstream-Status: Backport [https://github.com/argoheyard/lang-net/commit/701957006ef151feb43f86aa99c8a1f474f69282] +CVE: CVE-2021-31525 +Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> + +--- + src/vendor/golang.org/x/net/http/httpguts/httplex.go | 10 ++++++---- + 1 file changed, 6 insertions(+), 4 deletions(-) + +diff --git a/src/vendor/golang.org/x/net/http/httpguts/httplex.go b/src/vendor/golang.org/x/net/http/httpguts/httplex.go +index e7de24e..c79aa73 100644 +--- a/src/vendor/golang.org/x/net/http/httpguts/httplex.go ++++ b/src/vendor/golang.org/x/net/http/httpguts/httplex.go +@@ -137,11 +137,13 @@ func trimOWS(x string) string { + // contains token amongst its comma-separated tokens, ASCII + // case-insensitively. + func headerValueContainsToken(v string, token string) bool { +- v = trimOWS(v) +- if comma := strings.IndexByte(v, ','); comma != -1 { +- return tokenEqual(trimOWS(v[:comma]), token) || headerValueContainsToken(v[comma+1:], token) ++ for comma := strings.IndexByte(v, ','); comma != -1; comma = strings.IndexByte(v, ',') { ++ if tokenEqual(trimOWS(v[:comma]), token) { ++ return true ++ } ++ v = v[comma+1:] + } +- return tokenEqual(v, token) ++ return tokenEqual(trimOWS(v), token) + } + + // lowerASCII returns the ASCII lowercase version of b. +-- +2.25.1 + |