Cypherpunks repositories - gostls13.git/commit

author	Roland Shoemaker <roland@golang.org>
	Thu, 14 Oct 2021 20:02:01 +0000 (13:02 -0700)
committer	Dmitri Shuralyov <dmitshur@golang.org>
	Fri, 29 Oct 2021 19:42:51 +0000 (19:42 +0000)
commit	4a842985bf3f71d93a2b1340d9d6685bebc12b6b
tree	bf50fedfb5670760f018f0f2e20639ff7c55845f	tree
parent	f6f024f1209d99dec79ae2aeb9d50677d627ffd6	commit \| diff

[release-branch.go1.17] debug/macho: fail on invalid dynamic symbol table command

Fail out when loading a file that contains a dynamic symbol table
command that indicates a larger number of symbols than exist in the
loaded symbol table.

Thanks to Burak Çarıkçı - Yunus Yıldırım (CT-Zer0 Crypttech) for
reporting this issue.

Updates #48990
Fixes #48992
Fixes CVE-2021-41771

Change-Id: Ic3d6e6529241afcc959544b326b21b663262bad5
Reviewed-on: https://go-review.googlesource.com/c/go/+/355990
Reviewed-by: Julie Qiu <julie@golang.org>
Reviewed-by: Katie Hockman <katie@golang.org>
Reviewed-by: Emmanuel Odeke <emmanuel@orijtech.com>
Run-TryBot: Roland Shoemaker <roland@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
Trust: Katie Hockman <katie@golang.org>
(cherry picked from commit 61536ec03063b4951163bd09609c86d82631fa27)
Reviewed-on: https://go-review.googlesource.com/c/go/+/359455
Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>

src/debug/macho/file.go		diff \| blob \| history
src/debug/macho/file_test.go		diff \| blob \| history
src/debug/macho/testdata/gcc-amd64-darwin-exec-with-bad-dysym.base64	[new file with mode: 0644]	blob