Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

crypto/x509: macos 10.14 SIGSEGV in crypto/x509._Cfunc_FetchPEMRoots [1.12 backport] #32282

Closed
gopherbot opened this issue May 28, 2019 · 3 comments
Closed

crypto/x509: macos 10.14 SIGSEGV in crypto/x509._Cfunc_FetchPEMRoots [1.12 backport] #32282

gopherbot opened this issue May 28, 2019 · 3 comments
Labels
CherryPickApproved Used during the release process for point releases FrozenDueToAge
Milestone
Go1.12.6

Comments

@gopherbot
Copy link

@FiloSottile requested issue #28092 to be considered for backport to the next 1.12 minor release.

@gopherbot please open backport issues for https://golang.org/cl/178537.

This fixes a crashing bug with no known workaround for certain macOS environments.

CL 178537 is very minimal and fit for backporting. (The rest of the chain, and CL 178539 in particular, are more speculative and only fix unrecognized roots for which there is a manual workaround, so let's not backport those.)

I feel like we should backport to both 1.11 and 1.12, since without this it's impossible to use 1.11 on certain macOS systems. (Although I guess using the next 1.12 point release could count as a "workaround"?)
@gopherbot gopherbot added the CherryPickCandidate Used during the release process for point releases label May 28, 2019
@gopherbot gopherbot mentioned this issue May 28, 2019
Closed
@gopherbot gopherbot added this to the Go1.12.6 milestone May 28, 2019
@gopherbot
Copy link
Author

Change https://golang.org/cl/179339 mentions this issue: [release-branch.go1.12] crypto/x509: fix value ownership in isSSLPolicy on macOS

@julieqiu
Copy link
Member

Approved since this is a serious problem with no workaround. Please follow the instructions at https://github.com/golang/go/wiki/MinorReleases to create the cherrypick CL.

@julieqiu julieqiu added the CherryPickApproved Used during the release process for point releases label May 30, 2019
@gopherbot gopherbot removed the CherryPickCandidate Used during the release process for point releases label May 30, 2019
@gopherbot
Copy link
Author

Closed by merging 3b05c3c to release-branch.go1.12.

gopherbot pushed a commit that referenced this issue Jun 7, 2019
@FiloSottile @dmitshur
[release-branch.go1.12] crypto/x509: fix value ownership in isSSLPoli…
3b05c3c 
…cy on macOS

CFDictionaryGetValueIfPresent does not take ownership of the value, so
releasing the properties dictionary before passing the value to CFEqual
can crash. Not really clear why this works most of the time.

See https://developer.apple.com/library/archive/documentation/CoreFoundation/Conceptual/CFMemoryMgmt/Concepts/Ownership.html

Fixes #32282
Updates #28092
Updates #30763

Change-Id: I5ee7ca276b753a48abc3aedfb78b8af68b448dd4
Reviewed-on: https://go-review.googlesource.com/c/go/+/178537
Reviewed-by: Adam Langley <agl@golang.org>
(cherry picked from commit a3d4655)
Reviewed-on: https://go-review.googlesource.com/c/go/+/179339
Run-TryBot: Dmitri Shuralyov <dmitshur@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
@golang golang locked and limited conversation to collaborators Jun 6, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
CherryPickApproved Used during the release process for point releases FrozenDueToAge
Projects
None yet
Milestone
Go1.12.6
Development

No branches or pull requests
2 participants
@julieqiu @gopherbot