Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

net/netip: unexpected behavior from Is methods for IPv4-mapped IPv6 addresses [CVE-2024-24790] #67680

Closed
rolandshoemaker opened this issue May 28, 2024 · 5 comments · Fixed by NixOS/nixpkgs#319485
Assignees
Milestone

Comments

@rolandshoemaker
Copy link
Member

rolandshoemaker commented May 28, 2024

The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for
IPv4-mapped IPv6 addresses, returning false for addresses which would return
true in their traditional IPv4 forms.

Thanks to Enze Wang of Alioth (@zer0yu) and Jianjun Chen of Zhongguancun Lab
(@chenjj) for reporting this issue.

This is CVE-2024-24790.

/cc @golang/security and @golang/release

@rolandshoemaker
Copy link
Member Author

@gopherbot please open backport issues, this is a security issue.

@gopherbot
Copy link
Contributor

Backport issue(s) opened: #67681 (for 1.21), #67682 (for 1.22).

Remember to create the cherry-pick CL(s) as soon as the patch is submitted to master, according to https://go.dev/wiki/MinorReleases.

@dmitshur dmitshur modified the milestones: Go1.24, Go1.23 May 28, 2024
@gopherbot
Copy link
Contributor

Change https://go.dev/cl/590315 mentions this issue: [release-branch.go1.21] net/netip: check if address is v6 mapped in Is methods

@gopherbot
Copy link
Contributor

Change https://go.dev/cl/590296 mentions this issue: [release-branch.go1.22] net/netip: check if address is v6 mapped in Is methods

@gopherbot
Copy link
Contributor

Change https://go.dev/cl/590316 mentions this issue: net/netip: check if address is v6 mapped in Is methods

gopherbot pushed a commit that referenced this issue Jun 4, 2024
…s methods

In all of the Is* methods, check if the address is a v6 mapped v4
address, and unmap it if so.

Thanks to Enze Wang of Alioth (@zer0yu) and Jianjun Chen of Zhongguancun
Lab (@chenjj) for reporting this issue.

Fixes #67680
Fixes #67681
Fixes CVE-2024-24790

Change-Id: I6bd03ca1a5d93a0b59027d861c84060967b265b0
Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/1460
Reviewed-by: Russ Cox <rsc@google.com>
Reviewed-by: Damien Neil <dneil@google.com>
(cherry picked from commit f7f270c1621fdc7ee48e0487b2fac0356947d19b)
Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/1500
Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
Reviewed-on: https://go-review.googlesource.com/c/go/+/590315
Auto-Submit: Michael Knyszek <mknyszek@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: David Chase <drchase@google.com>
gopherbot pushed a commit that referenced this issue Jun 4, 2024
…s methods

In all of the Is* methods, check if the address is a v6 mapped v4
address, and unmap it if so.

Thanks to Enze Wang of Alioth (@zer0yu) and Jianjun Chen of Zhongguancun
Lab (@chenjj) for reporting this issue.

Fixes #67680
Fixes #67682
Fixes CVE-2024-24790

Change-Id: I6bd03ca1a5d93a0b59027d861c84060967b265b0
Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/1460
Reviewed-by: Russ Cox <rsc@google.com>
Reviewed-by: Damien Neil <dneil@google.com>
(cherry picked from commit f7f270c1621fdc7ee48e0487b2fac0356947d19b)
Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/1480
Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
Reviewed-on: https://go-review.googlesource.com/c/go/+/590296
Auto-Submit: Michael Knyszek <mknyszek@google.com>
Reviewed-by: David Chase <drchase@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
@mknyszek mknyszek changed the title security: fix CVE-2024-24790 net/netip: unexpected behavior from Is methods for IPv4-mapped IPv6 addresses [CVE-2024-24790] Jun 4, 2024
kraj pushed a commit to YoeDistro/poky that referenced this issue Jun 23, 2024
Upstream-Status: Backport from golang/go@12d5810

Reference: golang/go#67680

(From OE-Core rev: f05580df2db46ba123c4eac822d16f7a1d621a61)

Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
Status: Done
Development

Successfully merging a pull request may close this issue.

3 participants