Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

net: Unix dnsclient test for CVE-2021-33195 assumes that 1.2.3.4 does not resolve #46504

Closed
siebenmann opened this issue Jun 1, 2021 · 10 comments
Labels
FrozenDueToAge NeedsFix The path to resolution is known, but the work has not been done. Testing An issue that has been verified to require only test changes, not just a test failure.
Milestone

Comments

@siebenmann
Copy link

What version of Go are you using (go version)?

$ go version
go version devel go1.17-24e9707cbf Tue Jun 1 19:59:18 2021 +0000 linux/amd64

Does this issue reproduce with the latest release?

No, but it will once Go 1.16.5 is released because of df6a737

What operating system and processor architecture are you using (go env)?

go env Output
$ go env
GO111MODULE=""
GOARCH="amd64"
GOBIN=""
GOCACHE="/homes/hawklords/cks/.cache/go-build"
GOENV="/homes/hawklords/cks/.config/go/env"
GOEXE=""
GOFLAGS=""
GOHOSTARCH="amd64"
GOHOSTOS="linux"
GOINSECURE=""
GOMODCACHE="/homes/hawklords/cks/go/pkg/mod"
GONOPROXY=""
GONOSUMDB=""
GOOS="linux"
GOPATH="/homes/hawklords/cks/go"
GOPRIVATE=""
GOPROXY="https://proxy.golang.org,direct"
GOROOT="/data/code/go-lang/go"
GOSUMDB="sum.golang.org"
GOTMPDIR=""
GOTOOLDIR="/data/code/go-lang/go/pkg/tool/linux_amd64"
GOVCS=""
GOVERSION="devel go1.17-24e9707cbf Tue Jun 1 19:59:18 2021 +0000"
GCCGO="gccgo"
AR="ar"
CC="gcc"
CXX="g++"
CGO_ENABLED="1"
GOMOD="/dev/null"
CGO_CFLAGS="-g -O2"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-g -O2"
CGO_FFLAGS="-g -O2"
CGO_LDFLAGS="-g -O2"
PKG_CONFIG="pkg-config"
GOGCCFLAGS="-fPIC -m64 -pthread -fmessage-length=0 -fdebug-prefix-map=/tmpfs/go-build1953702300=/tmp/go-build -gno-record-gcc-switches"

What did you do?

On a Unix system with /etc/hosts lookups enabled, add an entry for 1.2.3.4 to /etc/hosts (or have an already present one for whatever reason), then run ./all.bash in the current git tip or in 1.16's branch git tip. The net tests will fail with a runtime error for a nil pointer dereference.

The issue is in net/dnsclient_unix_test.go in TestCVE202133195(). The two calls to verions of LookupAddr() for "1.2.3.4" check for err == nil as one of the conditions for test failure, but they then go on to invoke err.Error() in the t.Errorf() calls, which faults if err is nil. In general, assuming that 1.2.3.4 will never resolve seems potentially dangerous, since it's in allocated IP address space (although it's currently assigned to APNIC's Debogon Project and they may be unlikely to give it a PTR record).

A short term fix for the test would be to make the failure conditions be err != nil && err.Error() != expected. A long-term fix might be to find an IP address that's guaranteed to not be resolvable, although I don't know if any such IPs exist. If 1.2.3.4 actually is supposed to never be resolvable, I think that the test should have a comment to that effect so that people reading it later know that this has been considered. (It also might be useful to make it, say, 1.2.3.5, just so that people who are using 1.2.3.4 for some reason don't trip over this.)

What did you expect to see?

Successful tests.

What did you see instead?

[...]
ok      mime/quotedprintable    0.040s
--- FAIL: TestCVE202133195 (0.00s)
panic: runtime error: invalid memory address or nil pointer dereference [recovered]
        panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x18 pc=0x57a4d1]

goroutine 324 [running]:
panic({0x623ae0, 0x7f6b20})
        /data/code/go-lang/go/src/runtime/panic.go:1147 +0x3a8 fp=0xc000515b58 sp=0xc000515a98 pc=0x436808
testing.tRunner.func1.2({0x623ae0, 0x7f6b20})
        /data/code/go-lang/go/src/testing/testing.go:1192 +0x24e fp=0xc000515c08 sp=0xc000515b58 pc=0x4d4f0e
testing.tRunner.func1()
        /data/code/go-lang/go/src/testing/testing.go:1195 +0x218 fp=0xc000515d18 sp=0xc000515c08 pc=0x4d49b8
runtime.deferCallSave(0xc000515e20, 0xc000515f90)
        /data/code/go-lang/go/src/runtime/panic.go:950 +0x82 fp=0xc000515d28 sp=0xc000515d18 pc=0x436402
runtime.runOpenDeferFrame(0xc0000e4000, 0xc0000e40f0)
        /data/code/go-lang/go/src/runtime/panic.go:889 +0x27b fp=0xc000515da8 sp=0xc000515d28 pc=0x435d9b
panic({0x623ae0, 0x7f6b20})
        /data/code/go-lang/go/src/runtime/panic.go:1038 +0x215 fp=0xc000515e68 sp=0xc000515da8 pc=0x436675
runtime.panicmem(...)
        /data/code/go-lang/go/src/runtime/panic.go:221
runtime.sigpanic()
        /data/code/go-lang/go/src/runtime/signal_unix.go:735 +0x327 fp=0xc000515eb8 sp=0xc000515e68 pc=0x44ce27
net.TestCVE202133195(0xc00042f1e0)
        /data/code/go-lang/go/src/net/dnsclient_unix_test.go:1952 +0xc51 fp=0xc000515f70 sp=0xc000515eb8 pc=0x57a4d1
testing.tRunner(0xc00042f1e0, 0x66bbf8)
        /data/code/go-lang/go/src/testing/testing.go:1242 +0x102 fp=0xc000515fc0 sp=0xc000515f70 pc=0x4d46e2
testing.(*T).Run·dwrap·21()
        /data/code/go-lang/go/src/testing/testing.go:1289 +0x2a fp=0xc000515fe0 sp=0xc000515fc0 pc=0x4d53ea
runtime.goexit()
[... more ...]
@seankhliao
Copy link
Member

Possible candidates from iana special purpose registry

  • 0.0.0.0/8 this network
  • 192.0.2.0/24, 198.51.100.0/24, 203.0.113.0/24 documentation
  • 198.18.0.0/15 benchmarking

@seankhliao
Copy link
Member

cc @rolandshoemaker

@seankhliao seankhliao added the NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. label Jun 2, 2021
@gopherbot
Copy link

Change https://golang.org/cl/324190 mentions this issue: net: don't rely on system hosts in TestCVE202133195

@dmitshur dmitshur added the Testing An issue that has been verified to require only test changes, not just a test failure. label Jun 2, 2021
@dmitshur dmitshur added this to the Go1.17 milestone Jun 2, 2021
@dmitshur dmitshur added NeedsFix The path to resolution is known, but the work has not been done. and removed NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. labels Jun 2, 2021
@neild
Copy link
Contributor

neild commented Jun 2, 2021

@gopherbot please backport to 1.16

@gopherbot
Copy link

Backport issue(s) opened: #46530 (for 1.16).

Remember to create the cherry-pick CL(s) as soon as the patch is submitted to master, according to https://golang.org/wiki/MinorReleases.

@neild
Copy link
Contributor

neild commented Jun 2, 2021

@gopherbot please backport to 1.15

@gopherbot
Copy link

Change https://golang.org/cl/324332 mentions this issue: net: don't rely on system hosts in TestCVE202133195

@gopherbot
Copy link

Change https://golang.org/cl/324333 mentions this issue: [release-branch.go1.15] net: don't rely on system hosts in TestCVE202133195

@cagedmantis
Copy link
Contributor

@gopherbot please backport to Go 1.15.

@cagedmantis
Copy link
Contributor

Backport issue(s) opened: #46531 (for 1.15).

Remember to create the cherry-pick CL(s) as soon as the patch is submitted to master, according to https://golang.org/wiki/MinorReleases.

gopherbot pushed a commit that referenced this issue Jun 2, 2021
…133195

Also don't unnecessarily deref the error return.

Updates #46504
Fixes #46531

Change-Id: I22d14ac76776f8988fa0774bdcb5fcd801ce0185
Reviewed-on: https://go-review.googlesource.com/c/go/+/324190
Trust: David Chase <drchase@google.com>
Trust: Damien Neil <dneil@google.com>
Run-TryBot: David Chase <drchase@google.com>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Damien Neil <dneil@google.com>
(cherry picked from commit dd7ba3b)
Reviewed-on: https://go-review.googlesource.com/c/go/+/324333
Reviewed-by: Ian Lance Taylor <iant@golang.org>
gopherbot pushed a commit that referenced this issue Jun 2, 2021
…133195

Also don't unnecessarily deref the error return.

Updates #46504
Fixes #46530

Change-Id: I22d14ac76776f8988fa0774bdcb5fcd801ce0185
Reviewed-on: https://go-review.googlesource.com/c/go/+/324190
Trust: David Chase <drchase@google.com>
Trust: Damien Neil <dneil@google.com>
Run-TryBot: David Chase <drchase@google.com>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Damien Neil <dneil@google.com>
(cherry picked from commit dd7ba3b)
Reviewed-on: https://go-review.googlesource.com/c/go/+/324332
Run-TryBot: Damien Neil <dneil@google.com>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
@golang golang locked and limited conversation to collaborators Jun 2, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
FrozenDueToAge NeedsFix The path to resolution is known, but the work has not been done. Testing An issue that has been verified to require only test changes, not just a test failure.
Projects
None yet
Development

No branches or pull requests

6 participants