You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Please answer these questions before submitting your issue. Thanks!
What version of Go are you using (go version)?
go-1.6
What operating system and processor architecture are you using (go env)?
GOARCH="amd64"
GOBIN=""
GOEXE=""
GOHOSTARCH="amd64"
GOHOSTOS="linux"
GOOS="linux"
GOPATH="/home/user/gopath"
GORACE=""
GOROOT="/usr/lib/go-1.6"
GOTOOLDIR="/usr/lib/go-1.6/pkg/tool/linux_amd64"
GO15VENDOREXPERIMENT="1"
CC="gcc"
GOGCCFLAGS="-fPIC -m64 -pthread -fmessage-length=0"
CXX="g++"
CGO_ENABLED="1"
What did you do?
If possible, provide a recipe for reproducing the error.
A complete runnable program is good.
A link on play.golang.org is best.
I've written a complete description of how I exercise golang's syscall module's netlink message parsing bug here: subgraph/go-nfnetlink#1
The problem is that the slice boundaries are not checked to make sure they do not extend past the end of the slice, here:
quentinmit
changed the title
syscall's ParseNetlinkMessage does not check boundaries before slice reference
syscall: ParseNetlinkMessage does not check boundaries before slice reference
Aug 26, 2016
Please answer these questions before submitting your issue. Thanks!
go version
)?go-1.6
go env
)?GOARCH="amd64"
GOBIN=""
GOEXE=""
GOHOSTARCH="amd64"
GOHOSTOS="linux"
GOOS="linux"
GOPATH="/home/user/gopath"
GORACE=""
GOROOT="/usr/lib/go-1.6"
GOTOOLDIR="/usr/lib/go-1.6/pkg/tool/linux_amd64"
GO15VENDOREXPERIMENT="1"
CC="gcc"
GOGCCFLAGS="-fPIC -m64 -pthread -fmessage-length=0"
CXX="g++"
CGO_ENABLED="1"
If possible, provide a recipe for reproducing the error.
A complete runnable program is good.
A link on play.golang.org is best.
I've written a complete description of how I exercise golang's syscall module's netlink message parsing bug here:
subgraph/go-nfnetlink#1
The problem is that the slice boundaries are not checked to make sure they do not extend past the end of the slice, here:
go/src/syscall/netlink_linux.go
Line 125 in 31ad583
Bounds checking and a proper error, returned.
I saw buggy network parsing code.
The text was updated successfully, but these errors were encountered: