Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[release-branch.go1.19] cmd/go: enforce flags with non-optional argum…
…ents Enforce that linker flags which expect arguments get them, otherwise it may be possible to smuggle unexpected flags through as the linker can consume what looks like a flag as an argument to a preceding flag (i.e. "-Wl,-O -Wl,-R,-bad-flag" is interpreted as "-O=-R -bad-flag"). Also be somewhat more restrictive in the general format of some flags. Thanks to Juho Nurminen of Mattermost for reporting this issue. Updates #60305 Fixes #60511 Fixes CVE-2023-29404 Change-Id: Icdffef2c0f644da50261cace6f43742783931cff Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1876275 Reviewed-by: Ian Lance Taylor <iant@google.com> Reviewed-by: Damien Neil <dneil@google.com> (cherry picked from commit 896779503cf754cbdac24b61d4cc953b50fe2dde) Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1902225 Run-TryBot: Roland Shoemaker <bracewell@google.com> Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1904342 Reviewed-by: Michael Knyszek <mknyszek@google.com> Reviewed-on: https://go-review.googlesource.com/c/go/+/501217 Auto-Submit: Michael Knyszek <mknyszek@google.com> Run-TryBot: David Chase <drchase@google.com> TryBot-Bypass: Michael Knyszek <mknyszek@google.com>
- Loading branch information