Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

syscall & x/sys/windows: buffer overflow in GetQueuedCompletionStatus [1.15 backport] #44592

Closed
gopherbot opened this issue Feb 24, 2021 · 4 comments
Closed

syscall & x/sys/windows: buffer overflow in GetQueuedCompletionStatus [1.15 backport] #44592

gopherbot opened this issue Feb 24, 2021 · 4 comments
Labels
CherryPickApproved Used during the release process for point releases FrozenDueToAge
Milestone
Go1.15.10

Comments

@gopherbot
Copy link

@zx2c4 requested issue #44538 to be considered for backport to the next 1.15 minor release.

@gopherbot please backport this because it causes memory corruption.
@gopherbot gopherbot added the CherryPickCandidate Used during the release process for point releases label Feb 24, 2021
@gopherbot gopherbot mentioned this issue Feb 24, 2021
Closed
@gopherbot gopherbot added this to the Go1.15.9 milestone Feb 24, 2021
@zx2c4
Copy link
Contributor

zx2c4 commented Feb 24, 2021

https://go-review.googlesource.com/c/go/+/296151

@gopherbot
Copy link
Author

Change https://golang.org/cl/296151 mentions this issue: [release-branch.go1.15] syscall: do not overflow key memory in GetQueuedCompletionStatus

@cagedmantis
Copy link
Contributor

Approved. This is a serious issue.

@cagedmantis cagedmantis added the CherryPickApproved Used during the release process for point releases label Feb 25, 2021
@gopherbot gopherbot removed the CherryPickCandidate Used during the release process for point releases label Feb 25, 2021
@gopherbot
Copy link
Author

Closed by merging 4fda89d to release-branch.go1.15.

gopherbot pushed a commit that referenced this issue Mar 1, 2021
@zx2c4 @dmitshur
[release-branch.go1.15] syscall: do not overflow key memory in GetQue…
4fda89d 
…uedCompletionStatus

The third argument to GetQueuedCompletionStatus is a pointer to a
uintptr, not a uint32. Users of this functions have therefore been
corrupting their memory every time they used it. Either that memory
corruption was silent (dangerous), or their programs didn't work so they
chose a different API to use.

This fixes the problem by passing through an intermediate buffer.

Updates #44538.
Fixes #44592.

Change-Id: Icacd71f705b36e41e52bd8c4d74898559a27522f
Reviewed-on: https://go-review.googlesource.com/c/go/+/296151
Trust: Jason A. Donenfeld <Jason@zx2c4.com>
Run-TryBot: Jason A. Donenfeld <Jason@zx2c4.com>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Bryan C. Mills <bcmills@google.com>
@toothrot toothrot modified the milestones: Go1.15.9, Go1.15.10 Mar 10, 2021
@golang golang locked and limited conversation to collaborators Mar 10, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
CherryPickApproved Used during the release process for point releases FrozenDueToAge
Projects
None yet
Milestone
Go1.15.10
Development

No branches or pull requests
4 participants
@toothrot @zx2c4 @cagedmantis @gopherbot