From: "Theo Gaige (Schneider Electric)" <[email protected]>
Backport patch from [1] [1] https://go.dev/cl/767860 Signed-off-by: Theo Gaige (Schneider Electric) <[email protected]> Reviewed-by: Bruno Vernay <[email protected]> --- meta/recipes-devtools/go/go-1.22.12.inc | 1 + .../go/go/CVE-2026-33811.patch | 46 +++++++++++++++++++ 2 files changed, 47 insertions(+) create mode 100644 meta/recipes-devtools/go/go/CVE-2026-33811.patch diff --git a/meta/recipes-devtools/go/go-1.22.12.inc b/meta/recipes-devtools/go/go-1.22.12.inc index 288cd5c95f..9a7695e754 100644 --- a/meta/recipes-devtools/go/go-1.22.12.inc +++ b/meta/recipes-devtools/go/go-1.22.12.inc @@ -45,6 +45,7 @@ SRC_URI += "\ file://CVE-2026-32280.patch \ file://CVE-2026-32283.patch \ file://CVE-2026-32289.patch \ + file://CVE-2026-33811.patch \ " SRC_URI[main.sha256sum] = "012a7e1f37f362c0918c1dfa3334458ac2da1628c4b9cf4d9ca02db986e17d71" diff --git a/meta/recipes-devtools/go/go/CVE-2026-33811.patch b/meta/recipes-devtools/go/go/CVE-2026-33811.patch new file mode 100644 index 0000000000..216b33ed8b --- /dev/null +++ b/meta/recipes-devtools/go/go/CVE-2026-33811.patch @@ -0,0 +1,46 @@ +From 9082277a0a78af39190c1f23b622f02b89e46196 Mon Sep 17 00:00:00 2001 +From: Damien Neil <[email protected]> +Date: Thu, 26 Mar 2026 12:17:06 -0700 +Subject: [PATCH] net: avoid double-free of cgo pointer when handling large DNS + response + +No test, unfortunately: I've had no luck triggering this without +the ability to override the local recursive resolver. + +Thanks to hamayanhamayan for reporting this issue. + +Fixes CVE-2026-33811 +Fixes #78803 + +Change-Id: I9e51410337316c20e4b9fd5b86657f436a6a6964 +Reviewed-on: https://go-review.googlesource.com/c/go/+/767860 +Reviewed-by: Nicholas Husin <[email protected]> +LUCI-TryBot-Result: [email protected] <[email protected]> +Reviewed-by: Nicholas Husin <[email protected]> + +CVE: CVE-2026-33811 +Upstream-Status: Backport [https://github.com/golang/go/commit/ab2c7eb1c43011dda118282c1e757d8c27cd7d4f] +Signed-off-by: Theo Gaige (Schneider Electric) <[email protected]> +--- + src/net/cgo_unix.go | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/src/net/cgo_unix.go b/src/net/cgo_unix.go +index 7ed5daad73..bd694859ab 100644 +--- a/src/net/cgo_unix.go ++++ b/src/net/cgo_unix.go +@@ -343,7 +343,10 @@ func cgoResSearch(hostname string, rtype, class int) ([]dnsmessage.Resource, err + // useful in the response, even though there *is* a response. + bufSize := maxDNSPacketSize + buf := (*_C_uchar)(_C_malloc(uintptr(bufSize))) +- defer _C_free(unsafe.Pointer(buf)) ++ defer func() { ++ // Free in a closure which captures buf to pick up a reallocated buffer from below. ++ _C_free(unsafe.Pointer(buf)) ++ }() + + s, err := syscall.BytePtrFromString(hostname) + if err != nil { +-- +2.43.0 + -- 2.43.0
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#237491): https://lists.openembedded.org/g/openembedded-core/message/237491 Mute This Topic: https://lists.openembedded.org/mt/119422295/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
