From: Russ Cox <rsc@golang.org>
Date: Wed, 8 Dec 2021 23:05:11 +0000 (-0500)
Subject: CVE-2021-44717
X-Git-Tag: archive/raspbian/1.15.15-1_deb11u4+rpi1^2~5
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=6970ba5049fea9e8ec37a8f463990b7169c5065e;p=golang-1.15.git

CVE-2021-44717

Origin: backport, https://github.com/golang/go/commit/44a3fb49

Gbp-Pq: Name 0011-CVE-2021-44717.patch
---

diff --git a/src/syscall/exec_unix.go b/src/syscall/exec_unix.go
index cb08b708..3a8ef092 100644
--- a/src/syscall/exec_unix.go
+++ b/src/syscall/exec_unix.go
@@ -152,9 +152,6 @@ func forkExec(argv0 string, argv []string, attr *ProcAttr) (pid int, err error)
 		sys = &zeroSysProcAttr
 	}
 
-	p[0] = -1
-	p[1] = -1
-
 	// Convert args to C form.
 	argv0p, err := BytePtrFromString(argv0)
 	if err != nil {
@@ -204,14 +201,17 @@ func forkExec(argv0 string, argv []string, attr *ProcAttr) (pid int, err error)
 
 	// Allocate child status pipe close on exec.
 	if err = forkExecPipe(p[:]); err != nil {
-		goto error
+		ForkLock.Unlock()
+		return 0, err
 	}
 
 	// Kick off child.
 	pid, err1 = forkAndExecInChild(argv0p, argvp, envvp, chroot, dir, attr, sys, p[1])
 	if err1 != 0 {
-		err = Errno(err1)
-		goto error
+		Close(p[0])
+		Close(p[1])
+		ForkLock.Unlock()
+		return 0, Errno(err1)
 	}
 	ForkLock.Unlock()
 
@@ -243,14 +243,6 @@ func forkExec(argv0 string, argv []string, attr *ProcAttr) (pid int, err error)
 
 	// Read got EOF, so pipe closed on exec, so exec succeeded.
 	return pid, nil
-
-error:
-	if p[0] >= 0 {
-		Close(p[0])
-		Close(p[1])
-	}
-	ForkLock.Unlock()
-	return 0, err
 }
 
 // Combination of fork and exec, careful to be thread safe.