From f21f175588cfe43361ccadaa1d1ed6246f8166ff Mon Sep 17 00:00:00 2001
From: "Dr. Tobias Quathamer" <toddy@debian.org>
Date: Fri, 31 Jan 2020 22:15:57 +0100
Subject: [PATCH] Fix CVE-2020-7919

Cherry-picked from upstream:
https://github.com/golang/go/commit/b13ce14c4a6aa59b7b041ad2b6eed2d23e15b574

Gbp-Pq: Name 0009-Fix-CVE-2020-7919.patch
---
 src/vendor/golang_org/x/crypto/cryptobyte/asn1.go   | 5 +++--
 src/vendor/golang_org/x/crypto/cryptobyte/string.go | 7 +------
 2 files changed, 4 insertions(+), 8 deletions(-)

diff --git a/src/vendor/golang_org/x/crypto/cryptobyte/asn1.go b/src/vendor/golang_org/x/crypto/cryptobyte/asn1.go
index 08314b4..e7c32e3 100644
--- a/src/vendor/golang_org/x/crypto/cryptobyte/asn1.go
+++ b/src/vendor/golang_org/x/crypto/cryptobyte/asn1.go
@@ -470,7 +470,8 @@ func (s *String) ReadASN1GeneralizedTime(out *time.Time) bool {
 // It reports whether the read was successful.
 func (s *String) ReadASN1BitString(out *encoding_asn1.BitString) bool {
 	var bytes String
-	if !s.ReadASN1(&bytes, asn1.BIT_STRING) || len(bytes) == 0 {
+	if !s.ReadASN1(&bytes, asn1.BIT_STRING) || len(bytes) == 0 ||
+		len(bytes)*8/8 != len(bytes) {
 		return false
 	}
 
@@ -740,7 +741,7 @@ func (s *String) readASN1(out *String, outTag *asn1.Tag, skipHeader bool) bool {
 		length = headerLen + len32
 	}
 
-	if uint32(int(length)) != length || !s.ReadBytes((*[]byte)(out), int(length)) {
+	if int(length) < 0 || !s.ReadBytes((*[]byte)(out), int(length)) {
 		return false
 	}
 	if skipHeader && !out.Skip(int(headerLen)) {
diff --git a/src/vendor/golang_org/x/crypto/cryptobyte/string.go b/src/vendor/golang_org/x/crypto/cryptobyte/string.go
index 39bf98a..589d297 100644
--- a/src/vendor/golang_org/x/crypto/cryptobyte/string.go
+++ b/src/vendor/golang_org/x/crypto/cryptobyte/string.go
@@ -24,7 +24,7 @@ type String []byte
 // read advances a String by n bytes and returns them. If less than n bytes
 // remain, it returns nil.
 func (s *String) read(n int) []byte {
-	if len(*s) < n {
+	if len(*s) < n || n < 0 {
 		return nil
 	}
 	v := (*s)[:n]
@@ -105,11 +105,6 @@ func (s *String) readLengthPrefixed(lenLen int, outChild *String) bool {
 		length = length << 8
 		length = length | uint32(b)
 	}
-	if int(length) < 0 {
-		// This currently cannot overflow because we read uint24 at most, but check
-		// anyway in case that changes in the future.
-		return false
-	}
 	v := s.read(int(length))
 	if v == nil {
 		return false
-- 
2.30.2