Google Git
Sign in
go / net / 27ecd3f315a1ab08756208a6e6b2ef756d75ec63
commit27ecd3f315a1ab08756208a6e6b2ef756d75ec63[log] [tgz]
authorArthur Fabre <afabre@cloudflare.com>Fri Jun 07 15:59:01 2019 +0100
committerMatt Layher <mdlayher@gmail.com>Fri Jun 07 17:17:31 2019 +0000
tree67b433a70d0cd49a98951675dbcc585e5522ffb1
parent1492cefac77f61bc789c00f41ead8f8d7307cd21 [diff]
bpf: fix VM out of bounds LoadMemShift check

The bpf VM did not correctly check the bounds of LoadMemShift
instructions, as it used a size of 0 instead of the correct 1.

A LoadMemShift instruction 1 past the end of the input resulted in a
runtime panic:

    panic(0x5c1d40, 0x7cec00)
            /usr/local/go/src/runtime/panic.go:522 +0x1b5
    golang.org/x/net/bpf.loadMemShift(...)
            /home/afabre/go/pkg/mod/golang.org/x/net@v0.0.0-20190603091049-60506f45cf65/bpf/vm_instructions.go:137
    golang.org/x/net/bpf.(*VM).Run(0xc00000ec40, 0xc0000173c8, 0x2, 0x8, 0x2, 0xc0000173c8, 0x0)
            /home/afabre/go/pkg/mod/golang.org/x/net@v0.0.0-20190603091049-60506f45cf65/bpf/vm.go:131 +0xb0a

Fix this, and rework the out of bounds tests for load instructions to:

* Use an offset one past the end of the input, to catch this

* Use a filter that returns 1, to catch cases were the out of bounds
load does not cause a panic, but does not cause the VM to return 0.

Change-Id: I1e68886915207a34f59765805f907f36dc031f70
Reviewed-on: https://go-review.googlesource.com/c/net/+/180979
Run-TryBot: Matt Layher <mdlayher@gmail.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Matt Layher <mdlayher@gmail.com>
2 files changed
tree: 67b433a70d0cd49a98951675dbcc585e5522ffb1
  1. bpf/
  2. context/
  3. dict/
  4. dns/
  5. html/
  6. http/
  7. http2/
  8. icmp/
  9. idna/
  10. internal/
  11. ipv4/
  12. ipv6/
  13. lif/
  14. nettest/
  15. netutil/
  16. proxy/
  17. publicsuffix/
  18. route/
  19. trace/
  20. webdav/
  21. websocket/
  22. xsrftoken/
  23. .gitattributes
  24. .gitignore
  25. AUTHORS
  26. codereview.cfg
  27. CONTRIBUTING.md
  28. CONTRIBUTORS
  29. go.mod
  30. go.sum
  31. LICENSE
  32. PATENTS
  33. README.md
README.md

Go Networking

This repository holds supplementary Go networking libraries.

Download/Install

The easiest way to install is to run go get -u golang.org/x/net. You can also manually git clone the repository to $GOPATH/src/golang.org/x/net.

Report Issues / Send Patches

This repository uses Gerrit for code changes. To learn how to submit changes to this repository, see https://golang.org/doc/contribute.html. The main issue tracker for the net repository is located at https://github.com/golang/go/issues. Prefix your issue with “x/net:” in the subject line, so it is easy to find.