From: Go Compiler Team Date: Thu, 20 Apr 2023 14:32:58 +0000 (+0100) Subject: CVE-2021-44717 X-Git-Tag: archive/raspbian/1.11.6-1+rpi1+deb10u7^2~4 X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=23814f114b8c0afb5da5f9bd7d2589be9184cad4;p=golang-1.11.git CVE-2021-44717 Origin: https://github.com/golang/net/commit/44a3fb49d99cc8a4de4925b69650f97bb07faf1d Reviewed-by: Sylvain Beucler Last-Update: 2022-04-18 From 44a3fb49d99cc8a4de4925b69650f97bb07faf1d Mon Sep 17 00:00:00 2001 From: Russ Cox Date: Wed, 8 Dec 2021 18:05:11 -0500 Subject: [PATCH] [release-branch.go1.16] syscall: fix ForkLock spurious close(0) on pipe failure Pipe (and therefore forkLockPipe) does not make any guarantees about the state of p after a failed Pipe(p). Avoid that assumption and the too-clever goto, so that we don't accidentally Close a real fd if the failed pipe leaves p[0] or p[1] set >= 0. Updates #50057 Fixes CVE-2021-44717 Change-Id: Iff8e19a6efbba0c73cc8b13ecfae381c87600bb4 Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1291270 Reviewed-by: Ian Lance Taylor Reviewed-on: https://go-review.googlesource.com/c/go/+/370514 Trust: Filippo Valsorda Run-TryBot: Filippo Valsorda TryBot-Result: Gopher Robot Reviewed-by: Alex Rakoczy Gbp-Pq: Name CVE-2021-44717.patch --- diff --git a/src/syscall/exec_unix.go b/src/syscall/exec_unix.go index 9a950ac..2186f93 100644 --- a/src/syscall/exec_unix.go +++ b/src/syscall/exec_unix.go @@ -144,9 +144,6 @@ func forkExec(argv0 string, argv []string, attr *ProcAttr) (pid int, err error) sys = &zeroSysProcAttr } - p[0] = -1 - p[1] = -1 - // Convert args to C form. argv0p, err := BytePtrFromString(argv0) if err != nil { @@ -187,14 +184,17 @@ func forkExec(argv0 string, argv []string, attr *ProcAttr) (pid int, err error) // Allocate child status pipe close on exec. if err = forkExecPipe(p[:]); err != nil { - goto error + ForkLock.Unlock() + return 0, err } // Kick off child. pid, err1 = forkAndExecInChild(argv0p, argvp, envvp, chroot, dir, attr, sys, p[1]) if err1 != 0 { - err = Errno(err1) - goto error + Close(p[0]) + Close(p[1]) + ForkLock.Unlock() + return 0, Errno(err1) } ForkLock.Unlock() @@ -221,14 +221,6 @@ func forkExec(argv0 string, argv []string, attr *ProcAttr) (pid int, err error) // Read got EOF, so pipe closed on exec, so exec succeeded. return pid, nil - -error: - if p[0] >= 0 { - Close(p[0]) - Close(p[1]) - } - ForkLock.Unlock() - return 0, err } // Combination of fork and exec, careful to be thread safe.