You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
…ents
Enforce that linker flags which expect arguments get them, otherwise it
may be possible to smuggle unexpected flags through as the linker can
consume what looks like a flag as an argument to a preceding flag (i.e.
"-Wl,-O -Wl,-R,-bad-flag" is interpreted as "-O=-R -bad-flag"). Also be
somewhat more restrictive in the general format of some flags.
Thanks to Juho Nurminen of Mattermost for reporting this issue.
Updates #60305Fixes#60511
Fixes CVE-2023-29404
Change-Id: Icdffef2c0f644da50261cace6f43742783931cff
Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1876275
Reviewed-by: Ian Lance Taylor <iant@google.com>
Reviewed-by: Damien Neil <dneil@google.com>
(cherry picked from commit 896779503cf754cbdac24b61d4cc953b50fe2dde)
Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1902225
Run-TryBot: Roland Shoemaker <bracewell@google.com>
Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1904342
Reviewed-by: Michael Knyszek <mknyszek@google.com>
Reviewed-on: https://go-review.googlesource.com/c/go/+/501217
Auto-Submit: Michael Knyszek <mknyszek@google.com>
Run-TryBot: David Chase <drchase@google.com>
TryBot-Bypass: Michael Knyszek <mknyszek@google.com>
dr2chase
changed the title
security: fix CVE-2023-29404 [1.19 backport]
cmd/go: improper sanitization of LDFLAGS [CVE-2023-29404] [1.19 backport]
Jun 6, 2023
@rolandshoemaker requested issue #60305 to be considered for backport to the next 1.19 minor release.
The text was updated successfully, but these errors were encountered: