diff options
author | Hitendra Prajapati <hprajapati@mvista.com> | 2022-06-20 10:46:05 +0530 |
---|---|---|
committer | Steve Sakoman <steve@sakoman.com> | 2022-06-20 05:12:46 -1000 |
commit | b835c65845b1445e1bb547c192cb22c2db4c7e6f (patch) | |
tree | 4789145b5f3e70441eb050962a7a75a776348900 /meta/recipes-devtools/go | |
parent | 841a8fb5b6351f79a4d756232a544d1a6480c562 (diff) | |
download | openembedded-core-contrib-b835c65845b1445e1bb547c192cb22c2db4c7e6f.tar.gz |
golang: CVE-2021-44717 syscall: don't close fd 0 on ForkExec error
Source: https://github.com/golang/go
MR: 114884
Type: Security Fix
Disposition: Backport from https://github.com/golang/go/commit/44a3fb49
ChangeID: 7b28553d4e23828b20c3357b1cca79ee3ca18058
Description:
CVE-2021-44717 golang: syscall: don't close fd 0 on ForkExec error.
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Diffstat (limited to 'meta/recipes-devtools/go')
-rw-r--r-- | meta/recipes-devtools/go/go-1.14.inc | 1 | ||||
-rw-r--r-- | meta/recipes-devtools/go/go-1.14/CVE-2021-44717.patch | 83 |
2 files changed, 84 insertions, 0 deletions
diff --git a/meta/recipes-devtools/go/go-1.14.inc b/meta/recipes-devtools/go/go-1.14.inc index 08d547a837..4827c6adfa 100644 --- a/meta/recipes-devtools/go/go-1.14.inc +++ b/meta/recipes-devtools/go/go-1.14.inc @@ -22,6 +22,7 @@ SRC_URI += "\ file://CVE-2021-38297.patch \ file://CVE-2022-23806.patch \ file://CVE-2022-23772.patch \ + file://CVE-2021-44717.patch \ " SRC_URI_append_libc-musl = " file://0009-ld-replace-glibc-dynamic-linker-with-musl.patch" diff --git a/meta/recipes-devtools/go/go-1.14/CVE-2021-44717.patch b/meta/recipes-devtools/go/go-1.14/CVE-2021-44717.patch new file mode 100644 index 0000000000..17cac7a5ba --- /dev/null +++ b/meta/recipes-devtools/go/go-1.14/CVE-2021-44717.patch @@ -0,0 +1,83 @@ +From 9171c664e7af479aa26bc72f2e7cf4e69d8e0a6f Mon Sep 17 00:00:00 2001 +From: Hitendra Prajapati <hprajapati@mvista.com> +Date: Fri, 17 Jun 2022 10:22:47 +0530 +Subject: [PATCH] CVE-2021-44717 + +Upstream-Status: Backport [https://github.com/golang/go/commit/44a3fb49] +CVE: CVE-2021-44717 +Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> + +syscall: fix ForkLock spurious close(0) on pipe failure +Pipe (and therefore forkLockPipe) does not make any guarantees +about the state of p after a failed Pipe(p). Avoid that assumption +and the too-clever goto, so that we don't accidentally Close a real fd +if the failed pipe leaves p[0] or p[1] set >= 0. + +Updates #50057 +Fixes CVE-2021-44717 + +Change-Id: Iff8e19a6efbba0c73cc8b13ecfae381c87600bb4 +Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1291270 +Reviewed-by: Ian Lance Taylor <iant@google.com> +Reviewed-on: https://go-review.googlesource.com/c/go/+/370514 +Trust: Filippo Valsorda <filippo@golang.org> +Run-TryBot: Filippo Valsorda <filippo@golang.org> +TryBot-Result: Gopher Robot <gobot@golang.org> +Reviewed-by: Alex Rakoczy <alex@golang.org> +--- + src/syscall/exec_unix.go | 20 ++++++-------------- + 1 file changed, 6 insertions(+), 14 deletions(-) + +diff --git a/src/syscall/exec_unix.go b/src/syscall/exec_unix.go +index b3798b6..b73782c 100644 +--- a/src/syscall/exec_unix.go ++++ b/src/syscall/exec_unix.go +@@ -151,9 +151,6 @@ func forkExec(argv0 string, argv []string, attr *ProcAttr) (pid int, err error) + sys = &zeroSysProcAttr + } + +- p[0] = -1 +- p[1] = -1 +- + // Convert args to C form. + argv0p, err := BytePtrFromString(argv0) + if err != nil { +@@ -194,14 +191,17 @@ func forkExec(argv0 string, argv []string, attr *ProcAttr) (pid int, err error) + + // Allocate child status pipe close on exec. + if err = forkExecPipe(p[:]); err != nil { +- goto error ++ ForkLock.Unlock() ++ return 0, err + } + + // Kick off child. + pid, err1 = forkAndExecInChild(argv0p, argvp, envvp, chroot, dir, attr, sys, p[1]) + if err1 != 0 { +- err = Errno(err1) +- goto error ++ Close(p[0]) ++ Close(p[1]) ++ ForkLock.Unlock() ++ return 0, Errno(err1) + } + ForkLock.Unlock() + +@@ -228,14 +228,6 @@ func forkExec(argv0 string, argv []string, attr *ProcAttr) (pid int, err error) + + // Read got EOF, so pipe closed on exec, so exec succeeded. + return pid, nil +- +-error: +- if p[0] >= 0 { +- Close(p[0]) +- Close(p[1]) +- } +- ForkLock.Unlock() +- return 0, err + } + + // Combination of fork and exec, careful to be thread safe. +-- +2.25.1 + |