diff options
author | Hitendra Prajapati <hprajapati@mvista.com> | 2022-06-20 10:46:05 +0530 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2022-06-24 23:57:45 +0100 |
commit | fe6c34c48db8c249d0234c1d6924082abc37df63 (patch) | |
tree | e94a4df846a4bdcc267df55a1f56bfbad50456fc /meta/recipes-devtools/go | |
parent | 2ae3d4362871655e76f82de99cb48666aad40c41 (diff) | |
download | poky-fe6c34c48db8c249d0234c1d6924082abc37df63.tar.gz |
golang: CVE-2021-44717 syscall: don't close fd 0 on ForkExec error
Source: https://github.com/golang/go
MR: 114884
Type: Security Fix
Disposition: Backport from https://github.com/golang/go/commit/44a3fb49
ChangeID: 7b28553d4e23828b20c3357b1cca79ee3ca18058
Description:
CVE-2021-44717 golang: syscall: don't close fd 0 on ForkExec error.
(From OE-Core rev: b835c65845b1445e1bb547c192cb22c2db4c7e6f)
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-devtools/go')
-rw-r--r-- | meta/recipes-devtools/go/go-1.14.inc | 1 | ||||
-rw-r--r-- | meta/recipes-devtools/go/go-1.14/CVE-2021-44717.patch | 83 |
2 files changed, 84 insertions, 0 deletions
diff --git a/meta/recipes-devtools/go/go-1.14.inc b/meta/recipes-devtools/go/go-1.14.inc index 08d547a837..4827c6adfa 100644 --- a/meta/recipes-devtools/go/go-1.14.inc +++ b/meta/recipes-devtools/go/go-1.14.inc | |||
@@ -22,6 +22,7 @@ SRC_URI += "\ | |||
22 | file://CVE-2021-38297.patch \ | 22 | file://CVE-2021-38297.patch \ |
23 | file://CVE-2022-23806.patch \ | 23 | file://CVE-2022-23806.patch \ |
24 | file://CVE-2022-23772.patch \ | 24 | file://CVE-2022-23772.patch \ |
25 | file://CVE-2021-44717.patch \ | ||
25 | " | 26 | " |
26 | 27 | ||
27 | SRC_URI_append_libc-musl = " file://0009-ld-replace-glibc-dynamic-linker-with-musl.patch" | 28 | SRC_URI_append_libc-musl = " file://0009-ld-replace-glibc-dynamic-linker-with-musl.patch" |
diff --git a/meta/recipes-devtools/go/go-1.14/CVE-2021-44717.patch b/meta/recipes-devtools/go/go-1.14/CVE-2021-44717.patch new file mode 100644 index 0000000000..17cac7a5ba --- /dev/null +++ b/meta/recipes-devtools/go/go-1.14/CVE-2021-44717.patch | |||
@@ -0,0 +1,83 @@ | |||
1 | From 9171c664e7af479aa26bc72f2e7cf4e69d8e0a6f Mon Sep 17 00:00:00 2001 | ||
2 | From: Hitendra Prajapati <hprajapati@mvista.com> | ||
3 | Date: Fri, 17 Jun 2022 10:22:47 +0530 | ||
4 | Subject: [PATCH] CVE-2021-44717 | ||
5 | |||
6 | Upstream-Status: Backport [https://github.com/golang/go/commit/44a3fb49] | ||
7 | CVE: CVE-2021-44717 | ||
8 | Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> | ||
9 | |||
10 | syscall: fix ForkLock spurious close(0) on pipe failure | ||
11 | Pipe (and therefore forkLockPipe) does not make any guarantees | ||
12 | about the state of p after a failed Pipe(p). Avoid that assumption | ||
13 | and the too-clever goto, so that we don't accidentally Close a real fd | ||
14 | if the failed pipe leaves p[0] or p[1] set >= 0. | ||
15 | |||
16 | Updates #50057 | ||
17 | Fixes CVE-2021-44717 | ||
18 | |||
19 | Change-Id: Iff8e19a6efbba0c73cc8b13ecfae381c87600bb4 | ||
20 | Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1291270 | ||
21 | Reviewed-by: Ian Lance Taylor <iant@google.com> | ||
22 | Reviewed-on: https://go-review.googlesource.com/c/go/+/370514 | ||
23 | Trust: Filippo Valsorda <filippo@golang.org> | ||
24 | Run-TryBot: Filippo Valsorda <filippo@golang.org> | ||
25 | TryBot-Result: Gopher Robot <gobot@golang.org> | ||
26 | Reviewed-by: Alex Rakoczy <alex@golang.org> | ||
27 | --- | ||
28 | src/syscall/exec_unix.go | 20 ++++++-------------- | ||
29 | 1 file changed, 6 insertions(+), 14 deletions(-) | ||
30 | |||
31 | diff --git a/src/syscall/exec_unix.go b/src/syscall/exec_unix.go | ||
32 | index b3798b6..b73782c 100644 | ||
33 | --- a/src/syscall/exec_unix.go | ||
34 | +++ b/src/syscall/exec_unix.go | ||
35 | @@ -151,9 +151,6 @@ func forkExec(argv0 string, argv []string, attr *ProcAttr) (pid int, err error) | ||
36 | sys = &zeroSysProcAttr | ||
37 | } | ||
38 | |||
39 | - p[0] = -1 | ||
40 | - p[1] = -1 | ||
41 | - | ||
42 | // Convert args to C form. | ||
43 | argv0p, err := BytePtrFromString(argv0) | ||
44 | if err != nil { | ||
45 | @@ -194,14 +191,17 @@ func forkExec(argv0 string, argv []string, attr *ProcAttr) (pid int, err error) | ||
46 | |||
47 | // Allocate child status pipe close on exec. | ||
48 | if err = forkExecPipe(p[:]); err != nil { | ||
49 | - goto error | ||
50 | + ForkLock.Unlock() | ||
51 | + return 0, err | ||
52 | } | ||
53 | |||
54 | // Kick off child. | ||
55 | pid, err1 = forkAndExecInChild(argv0p, argvp, envvp, chroot, dir, attr, sys, p[1]) | ||
56 | if err1 != 0 { | ||
57 | - err = Errno(err1) | ||
58 | - goto error | ||
59 | + Close(p[0]) | ||
60 | + Close(p[1]) | ||
61 | + ForkLock.Unlock() | ||
62 | + return 0, Errno(err1) | ||
63 | } | ||
64 | ForkLock.Unlock() | ||
65 | |||
66 | @@ -228,14 +228,6 @@ func forkExec(argv0 string, argv []string, attr *ProcAttr) (pid int, err error) | ||
67 | |||
68 | // Read got EOF, so pipe closed on exec, so exec succeeded. | ||
69 | return pid, nil | ||
70 | - | ||
71 | -error: | ||
72 | - if p[0] >= 0 { | ||
73 | - Close(p[0]) | ||
74 | - Close(p[1]) | ||
75 | - } | ||
76 | - ForkLock.Unlock() | ||
77 | - return 0, err | ||
78 | } | ||
79 | |||
80 | // Combination of fork and exec, careful to be thread safe. | ||
81 | -- | ||
82 | 2.25.1 | ||
83 | |||