WSL-Helper: Certs: Make a copy of foreign memory

We enumerate system certificates on Windows asynchronously and return the results (as *x509.Certificate objects) in a channel. It turns out that those certificates can refer to memory passed in via ParseCertificate(), so we ended up using a certificate that referred to freed memory. Avoid the issue by explicitly making a copy of that slice. Signed-off-by: Mark Yen <mark.yen@suse.com>
rancher-sandbox · Jan 11, 2024 · b0f50ab · b0f50ab
1 parent de85021
commit b0f50ab
Showing 1 changed file with 7 additions and 1 deletion.
diff --git a/src/go/wsl-helper/pkg/certificates/certificates_windows.go b/src/go/wsl-helper/pkg/certificates/certificates_windows.go
@@ -74,7 +74,13 @@ func GetSystemCertificates(storeName string) (<-chan Entry, error) {
 				}
 				break
 			}
-			cert, err := x509.ParseCertificate(unsafe.Slice(certCtx.EncodedCert, certCtx.Length))
+			// Make a copy of the encoded cert, because the parsed cert may have
+			// references to the memory (that isn't owned by the GC) and we'll return
+			// it in a channel, so HeapFree() might get called on it before it's used.
+			// See #6295 / #6307.
+			certData := make([]byte, certCtx.Length)
+			copy(certData, unsafe.Slice(certCtx.EncodedCert, certCtx.Length))
+			cert, err := x509.ParseCertificate(certData)
 			if err != nil {
 				// Skip invalid certs
 				logrus.Tracef("Skipping invalid certificate %q in %q: %s", getCertName(certCtx), storeName, err)