mirror of
https://git.yoctoproject.org/poky
synced 2026-06-17 10:53:49 +02:00
go: patch CVE-2026-33811
Backport patch from [1] [1] https://go.dev/cl/767860 (From OE-Core rev: e4137b29d7b3218ceef9973d57c179e5e2771a68) Signed-off-by: Theo Gaige (Schneider Electric) <tgaige.opensource@witekio.com> Reviewed-by: Bruno Vernay <bruno.vernay@se.com> Signed-off-by: Jeremy Rosen <jeremy.rosen@smile.fr> Signed-off-by: Paul Barker <paul@pbarker.dev>
This commit is contained in:
Theo Gaige (Schneider Electric)
committed by
Paul Barker
Paul Barker
parent
b7967ae307
commit
d5108e0975
@@ -45,6 +45,7 @@ SRC_URI += "\
|
||||
file://CVE-2026-32280.patch \
|
||||
file://CVE-2026-32283.patch \
|
||||
file://CVE-2026-32289.patch \
|
||||
file://CVE-2026-33811.patch \
|
||||
"
|
||||
SRC_URI[main.sha256sum] = "012a7e1f37f362c0918c1dfa3334458ac2da1628c4b9cf4d9ca02db986e17d71"
|
||||
|
||||
|
||||
46
meta/recipes-devtools/go/go/CVE-2026-33811.patch
Normal file
46
meta/recipes-devtools/go/go/CVE-2026-33811.patch
Normal file
@@ -0,0 +1,46 @@
|
||||
From 9082277a0a78af39190c1f23b622f02b89e46196 Mon Sep 17 00:00:00 2001
|
||||
From: Damien Neil <dneil@google.com>
|
||||
Date: Thu, 26 Mar 2026 12:17:06 -0700
|
||||
Subject: [PATCH] net: avoid double-free of cgo pointer when handling large DNS
|
||||
response
|
||||
|
||||
No test, unfortunately: I've had no luck triggering this without
|
||||
the ability to override the local recursive resolver.
|
||||
|
||||
Thanks to hamayanhamayan for reporting this issue.
|
||||
|
||||
Fixes CVE-2026-33811
|
||||
Fixes #78803
|
||||
|
||||
Change-Id: I9e51410337316c20e4b9fd5b86657f436a6a6964
|
||||
Reviewed-on: https://go-review.googlesource.com/c/go/+/767860
|
||||
Reviewed-by: Nicholas Husin <nsh@golang.org>
|
||||
LUCI-TryBot-Result: golang-scoped@luci-project-accounts.iam.gserviceaccount.com <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
|
||||
Reviewed-by: Nicholas Husin <husin@google.com>
|
||||
|
||||
CVE: CVE-2026-33811
|
||||
Upstream-Status: Backport [https://github.com/golang/go/commit/ab2c7eb1c43011dda118282c1e757d8c27cd7d4f]
|
||||
Signed-off-by: Theo Gaige (Schneider Electric) <tgaige.opensource@witekio.com>
|
||||
---
|
||||
src/net/cgo_unix.go | 5 ++++-
|
||||
1 file changed, 4 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/net/cgo_unix.go b/src/net/cgo_unix.go
|
||||
index 7ed5daad73..bd694859ab 100644
|
||||
--- a/src/net/cgo_unix.go
|
||||
+++ b/src/net/cgo_unix.go
|
||||
@@ -343,7 +343,10 @@ func cgoResSearch(hostname string, rtype, class int) ([]dnsmessage.Resource, err
|
||||
// useful in the response, even though there *is* a response.
|
||||
bufSize := maxDNSPacketSize
|
||||
buf := (*_C_uchar)(_C_malloc(uintptr(bufSize)))
|
||||
- defer _C_free(unsafe.Pointer(buf))
|
||||
+ defer func() {
|
||||
+ // Free in a closure which captures buf to pick up a reallocated buffer from below.
|
||||
+ _C_free(unsafe.Pointer(buf))
|
||||
+ }()
|
||||
|
||||
s, err := syscall.BytePtrFromString(hostname)
|
||||
if err != nil {
|
||||
--
|
||||
2.43.0
|
||||
|
||||
Reference in New Issue
Block a user