CVE-2021-44717

Origin: backport, https://github.com/golang/go/commit/44a3fb49

Gbp-Pq: Name 0011-CVE-2021-44717.patch

diff --git a/src/syscall/exec_unix.go b/src/syscall/exec_unix.go
index cb08b7084cbf0b2f82e4df8eba4265296fb92a3c..3a8ef0925ef8bb88edd83caca1dbf0a3793ce17a 100644 (file)
--- a/src/syscall/exec_unix.go
+++ b/src/syscall/exec_unix.go
@@ -152,9 +152,6 @@ func forkExec(argv0 string, argv []string, attr *ProcAttr) (pid int, err error)
                sys = &zeroSysProcAttr
        }
 
-       p[0] = -1
-       p[1] = -1
-
        // Convert args to C form.
        argv0p, err := BytePtrFromString(argv0)
        if err != nil {
@@ -204,14 +201,17 @@ func forkExec(argv0 string, argv []string, attr *ProcAttr) (pid int, err error)
 
        // Allocate child status pipe close on exec.
        if err = forkExecPipe(p[:]); err != nil {
-               goto error
+               ForkLock.Unlock()
+               return 0, err
        }
 
        // Kick off child.
        pid, err1 = forkAndExecInChild(argv0p, argvp, envvp, chroot, dir, attr, sys, p[1])
        if err1 != 0 {
-               err = Errno(err1)
-               goto error
+               Close(p[0])
+               Close(p[1])
+               ForkLock.Unlock()
+               return 0, Errno(err1)
        }
        ForkLock.Unlock()
 
@@ -243,14 +243,6 @@ func forkExec(argv0 string, argv []string, attr *ProcAttr) (pid int, err error)
 
        // Read got EOF, so pipe closed on exec, so exec succeeded.
        return pid, nil
-
-error:
-       if p[0] >= 0 {
-               Close(p[0])
-               Close(p[1])
-       }
-       ForkLock.Unlock()
-       return 0, err
 }
 
 // Combination of fork and exec, careful to be thread safe.