diff options
| author | Hitendra Prajapati <hprajapati@mvista.com> | 2022-06-20 10:46:05 +0530 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2022-06-24 23:57:45 +0100 |
| commit | fe6c34c48db8c249d0234c1d6924082abc37df63 (patch) | |
| tree | e94a4df846a4bdcc267df55a1f56bfbad50456fc /meta/recipes-devtools/go | |
| parent | 2ae3d4362871655e76f82de99cb48666aad40c41 (diff) | |
| download | poky-fe6c34c48db8c249d0234c1d6924082abc37df63.tar.gz | |
golang: CVE-2021-44717 syscall: don't close fd 0 on ForkExec error
Source: https://github.com/golang/go
MR: 114884
Type: Security Fix
Disposition: Backport from https://github.com/golang/go/commit/44a3fb49
ChangeID: 7b28553d4e23828b20c3357b1cca79ee3ca18058
Description:
CVE-2021-44717 golang: syscall: don't close fd 0 on ForkExec error.
(From OE-Core rev: b835c65845b1445e1bb547c192cb22c2db4c7e6f)
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-devtools/go')
| -rw-r--r-- | meta/recipes-devtools/go/go-1.14.inc | 1 | ||||
| -rw-r--r-- | meta/recipes-devtools/go/go-1.14/CVE-2021-44717.patch | 83 |
2 files changed, 84 insertions, 0 deletions
diff --git a/meta/recipes-devtools/go/go-1.14.inc b/meta/recipes-devtools/go/go-1.14.inc index 08d547a837..4827c6adfa 100644 --- a/meta/recipes-devtools/go/go-1.14.inc +++ b/meta/recipes-devtools/go/go-1.14.inc | |||
| @@ -22,6 +22,7 @@ SRC_URI += "\ | |||
| 22 | file://CVE-2021-38297.patch \ | 22 | file://CVE-2021-38297.patch \ |
| 23 | file://CVE-2022-23806.patch \ | 23 | file://CVE-2022-23806.patch \ |
| 24 | file://CVE-2022-23772.patch \ | 24 | file://CVE-2022-23772.patch \ |
| 25 | file://CVE-2021-44717.patch \ | ||
| 25 | " | 26 | " |
| 26 | 27 | ||
| 27 | SRC_URI_append_libc-musl = " file://0009-ld-replace-glibc-dynamic-linker-with-musl.patch" | 28 | SRC_URI_append_libc-musl = " file://0009-ld-replace-glibc-dynamic-linker-with-musl.patch" |
diff --git a/meta/recipes-devtools/go/go-1.14/CVE-2021-44717.patch b/meta/recipes-devtools/go/go-1.14/CVE-2021-44717.patch new file mode 100644 index 0000000000..17cac7a5ba --- /dev/null +++ b/meta/recipes-devtools/go/go-1.14/CVE-2021-44717.patch | |||
| @@ -0,0 +1,83 @@ | |||
| 1 | From 9171c664e7af479aa26bc72f2e7cf4e69d8e0a6f Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Hitendra Prajapati <hprajapati@mvista.com> | ||
| 3 | Date: Fri, 17 Jun 2022 10:22:47 +0530 | ||
| 4 | Subject: [PATCH] CVE-2021-44717 | ||
| 5 | |||
| 6 | Upstream-Status: Backport [https://github.com/golang/go/commit/44a3fb49] | ||
| 7 | CVE: CVE-2021-44717 | ||
| 8 | Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> | ||
| 9 | |||
| 10 | syscall: fix ForkLock spurious close(0) on pipe failure | ||
| 11 | Pipe (and therefore forkLockPipe) does not make any guarantees | ||
| 12 | about the state of p after a failed Pipe(p). Avoid that assumption | ||
| 13 | and the too-clever goto, so that we don't accidentally Close a real fd | ||
| 14 | if the failed pipe leaves p[0] or p[1] set >= 0. | ||
| 15 | |||
| 16 | Updates #50057 | ||
| 17 | Fixes CVE-2021-44717 | ||
| 18 | |||
| 19 | Change-Id: Iff8e19a6efbba0c73cc8b13ecfae381c87600bb4 | ||
| 20 | Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1291270 | ||
| 21 | Reviewed-by: Ian Lance Taylor <iant@google.com> | ||
| 22 | Reviewed-on: https://go-review.googlesource.com/c/go/+/370514 | ||
| 23 | Trust: Filippo Valsorda <filippo@golang.org> | ||
| 24 | Run-TryBot: Filippo Valsorda <filippo@golang.org> | ||
| 25 | TryBot-Result: Gopher Robot <gobot@golang.org> | ||
| 26 | Reviewed-by: Alex Rakoczy <alex@golang.org> | ||
| 27 | --- | ||
| 28 | src/syscall/exec_unix.go | 20 ++++++-------------- | ||
| 29 | 1 file changed, 6 insertions(+), 14 deletions(-) | ||
| 30 | |||
| 31 | diff --git a/src/syscall/exec_unix.go b/src/syscall/exec_unix.go | ||
| 32 | index b3798b6..b73782c 100644 | ||
| 33 | --- a/src/syscall/exec_unix.go | ||
| 34 | +++ b/src/syscall/exec_unix.go | ||
| 35 | @@ -151,9 +151,6 @@ func forkExec(argv0 string, argv []string, attr *ProcAttr) (pid int, err error) | ||
| 36 | sys = &zeroSysProcAttr | ||
| 37 | } | ||
| 38 | |||
| 39 | - p[0] = -1 | ||
| 40 | - p[1] = -1 | ||
| 41 | - | ||
| 42 | // Convert args to C form. | ||
| 43 | argv0p, err := BytePtrFromString(argv0) | ||
| 44 | if err != nil { | ||
| 45 | @@ -194,14 +191,17 @@ func forkExec(argv0 string, argv []string, attr *ProcAttr) (pid int, err error) | ||
| 46 | |||
| 47 | // Allocate child status pipe close on exec. | ||
| 48 | if err = forkExecPipe(p[:]); err != nil { | ||
| 49 | - goto error | ||
| 50 | + ForkLock.Unlock() | ||
| 51 | + return 0, err | ||
| 52 | } | ||
| 53 | |||
| 54 | // Kick off child. | ||
| 55 | pid, err1 = forkAndExecInChild(argv0p, argvp, envvp, chroot, dir, attr, sys, p[1]) | ||
| 56 | if err1 != 0 { | ||
| 57 | - err = Errno(err1) | ||
| 58 | - goto error | ||
| 59 | + Close(p[0]) | ||
| 60 | + Close(p[1]) | ||
| 61 | + ForkLock.Unlock() | ||
| 62 | + return 0, Errno(err1) | ||
| 63 | } | ||
| 64 | ForkLock.Unlock() | ||
| 65 | |||
| 66 | @@ -228,14 +228,6 @@ func forkExec(argv0 string, argv []string, attr *ProcAttr) (pid int, err error) | ||
| 67 | |||
| 68 | // Read got EOF, so pipe closed on exec, so exec succeeded. | ||
| 69 | return pid, nil | ||
| 70 | - | ||
| 71 | -error: | ||
| 72 | - if p[0] >= 0 { | ||
| 73 | - Close(p[0]) | ||
| 74 | - Close(p[1]) | ||
| 75 | - } | ||
| 76 | - ForkLock.Unlock() | ||
| 77 | - return 0, err | ||
| 78 | } | ||
| 79 | |||
| 80 | // Combination of fork and exec, careful to be thread safe. | ||
| 81 | -- | ||
| 82 | 2.25.1 | ||
| 83 | |||