diff --git a/0063-release-branch.go1.16-syscall-fix-ForkLock-spurious-.patch b/0063-release-branch.go1.16-syscall-fix-ForkLock-spurious-.patch new file mode 100644 index 0000000000000000000000000000000000000000..efa0922eda83232e26ef59c3be0733e8b03bec7d --- /dev/null +++ b/0063-release-branch.go1.16-syscall-fix-ForkLock-spurious-.patch @@ -0,0 +1,82 @@ +From 98e370069ffceeeeecb94c0b8e6c60c33994071a Mon Sep 17 00:00:00 2001 +From: Russ Cox +Date: Wed, 8 Dec 2021 18:05:11 -0500 +Subject: [PATCH] [release-branch.go1.16] syscall: fix ForkLock spurious + close(0) on pipe failure + +Pipe (and therefore forkLockPipe) does not make any guarantees +about the state of p after a failed Pipe(p). Avoid that assumption +and the too-clever goto, so that we don't accidentally Close a real fd +if the failed pipe leaves p[0] or p[1] set >= 0. + +Updates #50057 +Fixes CVE-2021-44717 + +Change-Id: Iff8e19a6efbba0c73cc8b13ecfae381c87600bb4 +Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1291270 +Reviewed-by: Ian Lance Taylor +Reviewed-on: https://go-review.googlesource.com/c/go/+/370514 +Trust: Filippo Valsorda +Run-TryBot: Filippo Valsorda +TryBot-Result: Gopher Robot +Reviewed-by: Alex Rakoczy + +Conflict: NA +Conference: https://go-review.googlesource.com/c/go/+/370514 +--- + src/syscall/exec_unix.go | 20 ++++++-------------- + 1 file changed, 6 insertions(+), 14 deletions(-) + +diff --git a/src/syscall/exec_unix.go b/src/syscall/exec_unix.go +index cb08b7084c..3a8ef0925e 100644 +--- a/src/syscall/exec_unix.go ++++ b/src/syscall/exec_unix.go +@@ -152,9 +152,6 @@ func forkExec(argv0 string, argv []string, attr *ProcAttr) (pid int, err error) + sys = &zeroSysProcAttr + } + +- p[0] = -1 +- p[1] = -1 +- + // Convert args to C form. + argv0p, err := BytePtrFromString(argv0) + if err != nil { +@@ -204,14 +201,17 @@ func forkExec(argv0 string, argv []string, attr *ProcAttr) (pid int, err error) + + // Allocate child status pipe close on exec. + if err = forkExecPipe(p[:]); err != nil { +- goto error ++ ForkLock.Unlock() ++ return 0, err + } + + // Kick off child. + pid, err1 = forkAndExecInChild(argv0p, argvp, envvp, chroot, dir, attr, sys, p[1]) + if err1 != 0 { +- err = Errno(err1) +- goto error ++ Close(p[0]) ++ Close(p[1]) ++ ForkLock.Unlock() ++ return 0, Errno(err1) + } + ForkLock.Unlock() + +@@ -243,14 +243,6 @@ func forkExec(argv0 string, argv []string, attr *ProcAttr) (pid int, err error) + + // Read got EOF, so pipe closed on exec, so exec succeeded. + return pid, nil +- +-error: +- if p[0] >= 0 { +- Close(p[0]) +- Close(p[1]) +- } +- ForkLock.Unlock() +- return 0, err + } + + // Combination of fork and exec, careful to be thread safe. +-- +2.30.0 + diff --git a/golang.spec b/golang.spec index 31f4515e0a4a0a38d2d4eec726c90e30aa0f4398..2582ad6f5c2d22659b1c63678dea5d243979f230 100644 --- a/golang.spec +++ b/golang.spec @@ -62,7 +62,7 @@ Name: golang Version: 1.15.7 -Release: 12 +Release: 13 Summary: The Go Programming Language License: BSD and Public Domain URL: https://golang.org/ @@ -208,6 +208,7 @@ Patch6059: 0059-release-branch.go1.16-regexp-syntax-reject-very-deep.patch Patch6060: 0060-cmd-go-internal-modfetch-do-not-short-circuit-canoni.patch Patch6061: 0061-release-branch.go1.17-crypto-elliptic-tolerate-zero-.patch Patch6062: 0062-release-branch.go1.17-encoding-pem-fix-stack-overflo.patch +Patch6063: 0063-release-branch.go1.16-syscall-fix-ForkLock-spurious-.patch Patch9001: 0001-drop-hard-code-cert.patch @@ -443,6 +444,9 @@ fi %files devel -f go-tests.list -f go-misc.list -f go-src.list %changelog +* Thu May 12 2022 hanchao - 1.15.7-13 +- fix CVE-2021-44717 + * Wed May 11 2022 hanchao - 1.15.7-12 - fix CVE-2022-28327 CVE-2022-24675