Google Git
Sign in
go / sys / 03aa0b5f6827af9a6017ded74142961777f49e64
commit03aa0b5f6827af9a6017ded74142961777f49e64[log] [tgz]
authorJason A. Donenfeld <Jason@zx2c4.com>Mon Dec 13 22:07:04 2021 +0100
committerJason Donenfeld <Jason@zx2c4.com>Mon Dec 13 22:30:07 2021 +0000
tree5659d3e46559f4872c7f23f7c3801726150ec9a6
parentaf8b64212486582a9c87128a5289fc4ad7b9c922 [diff]
windows: allocate attribute list with LocalAlloc, not individual items

We didn't want to wind up with Go pointers mangled by win32, so we were
previously copying the contents into a LocalAlloc'd blob, and then
adding that to the attribute list. The problem is that recent changes to
the API broke this design convention, to the point where it expects 0x18
byte objects to be added using size 0x8. This seems like an unfortunate
oversight from Microsoft, but there's nothing we can do about it. So we
can work around it by instead LocalAlloc'ing the actual container, and
then using the exact pointer value that's passed into Update.

This commit also adds a test that both makes sure that these functions
actually work, and provokes a UaF that's successfully caught, were you
to comment out the line of this commit that reads `al.pointers =
append(al.pointers, value)`.

Fixes golang/go#50134.

Change-Id: Ib73346d2d6ca3db601cd236596cefb564d9dc8f1
Reviewed-on: https://go-review.googlesource.com/c/sys/+/371276
Trust: Jason Donenfeld <Jason@zx2c4.com>
Run-TryBot: Jason Donenfeld <Jason@zx2c4.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Patrik Nyblom <pnyb@google.com>
Trust: Patrik Nyblom <pnyb@google.com>
Run-TryBot: Patrik Nyblom <pnyb@google.com>
3 files changed
tree: 5659d3e46559f4872c7f23f7c3801726150ec9a6
  1. cpu/
  2. execabs/
  3. internal/
  4. plan9/
  5. unix/
  6. windows/
  7. .gitattributes
  8. .gitignore
  9. AUTHORS
  10. codereview.cfg
  11. CONTRIBUTING.md
  12. CONTRIBUTORS
  13. go.mod
  14. LICENSE
  15. PATENTS
  16. README.md
README.md

sys

Go Reference

This repository holds supplemental Go packages for low-level interactions with the operating system.

Download/Install

The easiest way to install is to run go get -u golang.org/x/sys. You can also manually git clone the repository to $GOPATH/src/golang.org/x/sys.

Report Issues / Send Patches

This repository uses Gerrit for code changes. To learn how to submit changes to this repository, see https://golang.org/doc/contribute.html.

The main issue tracker for the sys repository is located at https://github.com/golang/go/issues. Prefix your issue with “x/sys:” in the subject line, so it is easy to find.