fix CVE-2021-44717

Conflict: NA Score: CVE-2021-44717:4.5 Reference: https://go-review.googlesource.com/c/go/+/370514 Reason: fix CVE-2021-44717 Signed-off-by: hanchao <hanchao47@huawei.com>
2022-05-16 15:03:09 +08:00 · 2022-05-16 15:03:09 +08:00 · ad5e33b97b
commit ad5e33b97b
parent 90fce58fce
2 changed files with 87 additions and 1 deletions
--- a/0063-release-branch.go1.16-syscall-fix-ForkLock-spurious-.patch
+++ b/0063-release-branch.go1.16-syscall-fix-ForkLock-spurious-.patch
@ -0,0 +1,82 @@
 From 98e370069ffceeeeecb94c0b8e6c60c33994071a Mon Sep 17 00:00:00 2001
 From: Russ Cox <rsc@golang.org>
 Date: Wed, 8 Dec 2021 18:05:11 -0500
 Subject: [PATCH] [release-branch.go1.16] syscall: fix ForkLock spurious
 close(0) on pipe failure
 Pipe (and therefore forkLockPipe) does not make any guarantees
 about the state of p after a failed Pipe(p). Avoid that assumption
 and the too-clever goto, so that we don't accidentally Close a real fd
 if the failed pipe leaves p[0] or p[1] set >= 0.
 Updates #50057
 Fixes CVE-2021-44717
 Change-Id: Iff8e19a6efbba0c73cc8b13ecfae381c87600bb4
 Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1291270
 Reviewed-by: Ian Lance Taylor <iant@google.com>
 Reviewed-on: https://go-review.googlesource.com/c/go/+/370514
 Trust: Filippo Valsorda <filippo@golang.org>
 Run-TryBot: Filippo Valsorda <filippo@golang.org>
 TryBot-Result: Gopher Robot <gobot@golang.org>
 Reviewed-by: Alex Rakoczy <alex@golang.org>
 Conflict: NA
 Conference: https://go-review.googlesource.com/c/go/+/370514
 ---
 src/syscall/exec_unix.go | 20 ++++++--------------
 1 file changed, 6 insertions(+), 14 deletions(-)
 diff --git a/src/syscall/exec_unix.go b/src/syscall/exec_unix.go
 index cb08b7084c..3a8ef0925e 100644
 --- a/src/syscall/exec_unix.go
 +++ b/src/syscall/exec_unix.go
@@ -152,9 +152,6 @@ func forkExec(argv0 string, argv []string, attr *ProcAttr) (pid int, err error)
 		sys = &zeroSysProcAttr
 	}
 -	p[0] = -1
 -	p[1] = -1
 -
 	// Convert args to C form.
 	argv0p, err := BytePtrFromString(argv0)
 	if err != nil {
@@ -204,14 +201,17 @@ func forkExec(argv0 string, argv []string, attr *ProcAttr) (pid int, err error)
 	// Allocate child status pipe close on exec.
 	if err = forkExecPipe(p[:]); err != nil {
 -		goto error
 +		ForkLock.Unlock()
 +		return 0, err
 	}
 	// Kick off child.
 	pid, err1 = forkAndExecInChild(argv0p, argvp, envvp, chroot, dir, attr, sys, p[1])
 	if err1 != 0 {
 -		err = Errno(err1)
 -		goto error
 +		Close(p[0])
 +		Close(p[1])
 +		ForkLock.Unlock()
 +		return 0, Errno(err1)
 	}
 	ForkLock.Unlock()
@@ -243,14 +243,6 @@ func forkExec(argv0 string, argv []string, attr *ProcAttr) (pid int, err error)
 	// Read got EOF, so pipe closed on exec, so exec succeeded.
 	return pid, nil
 -
 -error:
 -	if p[0] >= 0 {
 -		Close(p[0])
 -		Close(p[1])
 -	}
 -	ForkLock.Unlock()
 -	return 0, err
 }
 // Combination of fork and exec, careful to be thread safe.
 -- 
 2.30.0
--- a/golang.spec
+++ b/golang.spec
@ -62,7 +62,7 @@
 Name:           golang
 Version:        1.15.7
-Release:        12
+Release:        13
 Summary:        The Go Programming Language
 License:        BSD and Public Domain
 URL:            https://golang.org/
@ -208,6 +208,7 @@ Patch6059:       0059-release-branch.go1.16-regexp-syntax-reject-very-deep.patch
 Patch6060:       0060-cmd-go-internal-modfetch-do-not-short-circuit-canoni.patch
 Patch6061:       0061-release-branch.go1.17-crypto-elliptic-tolerate-zero-.patch
 Patch6062:       0062-release-branch.go1.17-encoding-pem-fix-stack-overflo.patch
 Patch6063:       0063-release-branch.go1.16-syscall-fix-ForkLock-spurious-.patch
 Patch9001:       0001-drop-hard-code-cert.patch
@ -443,6 +444,9 @@ fi
 %files devel -f go-tests.list -f go-misc.list -f go-src.list
 %changelog
 * Thu May 12 2022 hanchao<hanchao47@huawei.com> - 1.15.7-13
 - fix CVE-2021-44717
 * Wed May 11 2022 hanchao<hanchao47@huawei.com> - 1.15.7-12
 - fix CVE-2022-28327 CVE-2022-24675