diff --git a/0003-release-branch.go1.17-syscall-fix-ForkLock-spurious-.patch b/0003-release-branch.go1.17-syscall-fix-ForkLock-spurious-.patch new file mode 100644 index 0000000000000000000000000000000000000000..64aee693f6998b6f9dd75f404673a048b9e74a24 --- /dev/null +++ b/0003-release-branch.go1.17-syscall-fix-ForkLock-spurious-.patch @@ -0,0 +1,79 @@ +From e7aab832069d06d77e04a585803dfdb04453253a Mon Sep 17 00:00:00 2001 +From: Russ Cox +Date: Wed, 8 Dec 2021 18:05:11 -0500 +Subject: [PATCH] [release-branch.go1.17] syscall: fix ForkLock spurious + close(0) on pipe failure + +Pipe (and therefore forkLockPipe) does not make any guarantees +about the state of p after a failed Pipe(p). Avoid that assumption +and the too-clever goto, so that we don't accidentally Close a real fd +if the failed pipe leaves p[0] or p[1] set >= 0. + +Updates #50057 +Fixes CVE-2021-44717 + +Change-Id: Iff8e19a6efbba0c73cc8b13ecfae381c87600bb4 +Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1291270 +Reviewed-by: Ian Lance Taylor +Reviewed-on: https://go-review.googlesource.com/c/go/+/370534 +Trust: Filippo Valsorda +Run-TryBot: Filippo Valsorda +TryBot-Result: Gopher Robot +Reviewed-by: Alex Rakoczy +--- + src/syscall/exec_unix.go | 20 ++++++-------------- + 1 file changed, 6 insertions(+), 14 deletions(-) + +diff --git a/src/syscall/exec_unix.go b/src/syscall/exec_unix.go +index 54b18dccd7..c9c9d1abf3 100644 +--- a/src/syscall/exec_unix.go ++++ b/src/syscall/exec_unix.go +@@ -153,9 +153,6 @@ func forkExec(argv0 string, argv []string, attr *ProcAttr) (pid int, err error) + sys = &zeroSysProcAttr + } + +- p[0] = -1 +- p[1] = -1 +- + // Convert args to C form. + argv0p, err := BytePtrFromString(argv0) + if err != nil { +@@ -205,14 +202,17 @@ func forkExec(argv0 string, argv []string, attr *ProcAttr) (pid int, err error) + + // Allocate child status pipe close on exec. + if err = forkExecPipe(p[:]); err != nil { +- goto error ++ ForkLock.Unlock() ++ return 0, err + } + + // Kick off child. + pid, err1 = forkAndExecInChild(argv0p, argvp, envvp, chroot, dir, attr, sys, p[1]) + if err1 != 0 { +- err = Errno(err1) +- goto error ++ Close(p[0]) ++ Close(p[1]) ++ ForkLock.Unlock() ++ return 0, Errno(err1) + } + ForkLock.Unlock() + +@@ -244,14 +244,6 @@ func forkExec(argv0 string, argv []string, attr *ProcAttr) (pid int, err error) + + // Read got EOF, so pipe closed on exec, so exec succeeded. + return pid, nil +- +-error: +- if p[0] >= 0 { +- Close(p[0]) +- Close(p[1]) +- } +- ForkLock.Unlock() +- return 0, err + } + + // Combination of fork and exec, careful to be thread safe. +-- +2.30.0 + diff --git a/golang.spec b/golang.spec index cb23b1a85fa3aa87d06f6b599fd9baa5e2941bca..597c7e69ed4486f9601a4e89fc68df108510bf15 100644 --- a/golang.spec +++ b/golang.spec @@ -66,7 +66,7 @@ Name: golang Version: 1.17.3 -Release: 2 +Release: 3 Summary: The Go Programming Language License: BSD and Public Domain URL: https://golang.org/ @@ -155,6 +155,7 @@ Requires: openEuler-rpm-config Patch6001: 0001-release-branch.go1.17-crypto-elliptic-tolerate-zero-.patch Patch6002: 0002-release-branch.go1.17-encoding-pem-fix-stack-overflo.patch +Patch6003: 0003-release-branch.go1.17-syscall-fix-ForkLock-spurious-.patch ExclusiveArch: %{golang_arches} @@ -389,6 +390,13 @@ fi %files devel -f go-tests.list -f go-misc.list -f go-src.list %changelog +* Fri May 6 2022 hanchao - 1.17.3-3 +- Type:CVE +- CVE:CVE-2021-44717 +- SUG:NA +- DESC:fix CVE-2021-44717 +- fix CVE-2021-44717 + * Fri May 6 2022 hanchao - 1.17.3-2 - Type:CVE - CVE:CVE-2022-28327,CVE-2022-24675