-
Notifications
You must be signed in to change notification settings - Fork 17.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
debug/macho: invalid dynamic symbol table command can cause panic #48990
Comments
Change https://golang.org/cl/355990 mentions this issue: |
@gopherbot please open backport issues |
Backport issue(s) opened: #48991 (for 1.16), #48992 (for 1.17). Remember to create the cherry-pick CL(s) as soon as the patch is submitted to master, according to https://golang.org/wiki/MinorReleases. |
Change https://golang.org/cl/359455 mentions this issue: |
Change https://golang.org/cl/359454 mentions this issue: |
…able command Fail out when loading a file that contains a dynamic symbol table command that indicates a larger number of symbols than exist in the loaded symbol table. Thanks to Burak Çarıkçı - Yunus Yıldırım (CT-Zer0 Crypttech) for reporting this issue. Updates #48990 Fixes #48991 Fixes CVE-2021-41771 Change-Id: Ic3d6e6529241afcc959544b326b21b663262bad5 Reviewed-on: https://go-review.googlesource.com/c/go/+/355990 Reviewed-by: Julie Qiu <julie@golang.org> Reviewed-by: Katie Hockman <katie@golang.org> Reviewed-by: Emmanuel Odeke <emmanuel@orijtech.com> Run-TryBot: Roland Shoemaker <roland@golang.org> TryBot-Result: Go Bot <gobot@golang.org> Trust: Katie Hockman <katie@golang.org> (cherry picked from commit 61536ec) Reviewed-on: https://go-review.googlesource.com/c/go/+/359454 Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
…able command Fail out when loading a file that contains a dynamic symbol table command that indicates a larger number of symbols than exist in the loaded symbol table. Thanks to Burak Çarıkçı - Yunus Yıldırım (CT-Zer0 Crypttech) for reporting this issue. Updates #48990 Fixes #48992 Fixes CVE-2021-41771 Change-Id: Ic3d6e6529241afcc959544b326b21b663262bad5 Reviewed-on: https://go-review.googlesource.com/c/go/+/355990 Reviewed-by: Julie Qiu <julie@golang.org> Reviewed-by: Katie Hockman <katie@golang.org> Reviewed-by: Emmanuel Odeke <emmanuel@orijtech.com> Run-TryBot: Roland Shoemaker <roland@golang.org> TryBot-Result: Go Bot <gobot@golang.org> Trust: Katie Hockman <katie@golang.org> (cherry picked from commit 61536ec) Reviewed-on: https://go-review.googlesource.com/c/go/+/359455 Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
Change https://golang.org/cl/367075 mentions this issue: |
…able command Fail out when loading a file that contains a dynamic symbol table command that indicates a larger number of symbols than exist in the loaded symbol table. Thanks to Burak Çarıkçı - Yunus Yıldırım (CT-Zer0 Crypttech) for reporting this issue. Updates golang#48990 Fixes golang#48991 Fixes CVE-2021-41771 Change-Id: Ic3d6e6529241afcc959544b326b21b663262bad5 Reviewed-on: https://go-review.googlesource.com/c/go/+/355990 Reviewed-by: Julie Qiu <julie@golang.org> Reviewed-by: Katie Hockman <katie@golang.org> Reviewed-by: Emmanuel Odeke <emmanuel@orijtech.com> Run-TryBot: Roland Shoemaker <roland@golang.org> TryBot-Result: Go Bot <gobot@golang.org> Trust: Katie Hockman <katie@golang.org> (cherry picked from commit 61536ec) Reviewed-on: https://go-review.googlesource.com/c/go/+/359454 Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
# AWS EKS Backported To: go-1.15.15-eks Backported On: Thu, 22 Sept 2022 Backported By: budris@amazon.com Backported From: release-branch.go1.16 Upstream Source Commit: golang@d19c5bd EKS Patch Source Commit: danbudris@572d2e8 # Original Information Fail out when loading a file that contains a dynamic symbol table command that indicates a larger number of symbols than exist in the loaded symbol table. Thanks to Burak Çarıkçı - Yunus Yıldırım (CT-Zer0 Crypttech) for reporting this issue. Updates golang#48990 Fixes golang#48991 Fixes CVE-2021-41771 Change-Id: Ic3d6e6529241afcc959544b326b21b663262bad5 Reviewed-on: https://go-review.googlesource.com/c/go/+/355990 Reviewed-by: Julie Qiu <julie@golang.org> Reviewed-by: Katie Hockman <katie@golang.org> Reviewed-by: Emmanuel Odeke <emmanuel@orijtech.com> Run-TryBot: Roland Shoemaker <roland@golang.org> TryBot-Result: Go Bot <gobot@golang.org> Trust: Katie Hockman <katie@golang.org> (cherry picked from commit 61536ec) Reviewed-on: https://go-review.googlesource.com/c/go/+/359454 Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
# AWS EKS Backported To: go-1.15.15-eks Backported On: Thu, 22 Sept 2022 Backported By: budris@amazon.com Backported From: release-branch.go1.16 Upstream Source Commit: golang@d19c5bd EKS Patch Source Commit: danbudris@572d2e8 # Original Information Fail out when loading a file that contains a dynamic symbol table command that indicates a larger number of symbols than exist in the loaded symbol table. Thanks to Burak Çarıkçı - Yunus Yıldırım (CT-Zer0 Crypttech) for reporting this issue. Updates golang#48990 Fixes golang#48991 Fixes CVE-2021-41771 Change-Id: Ic3d6e6529241afcc959544b326b21b663262bad5 Reviewed-on: https://go-review.googlesource.com/c/go/+/355990 Reviewed-by: Julie Qiu <julie@golang.org> Reviewed-by: Katie Hockman <katie@golang.org> Reviewed-by: Emmanuel Odeke <emmanuel@orijtech.com> Run-TryBot: Roland Shoemaker <roland@golang.org> TryBot-Result: Go Bot <gobot@golang.org> Trust: Katie Hockman <katie@golang.org> (cherry picked from commit 61536ec) Reviewed-on: https://go-review.googlesource.com/c/go/+/359454 Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
Calling
File.ImportedSymbols
on a loaded file which contains an invalid dynamic symbol table command can cause a panic, in particular if the encoded number of undefined symbols is larger than the number of symbols in the symbol table.The text was updated successfully, but these errors were encountered: