]> Cypherpunks repositories - gostls13.git/commit
projects / gostls13.git / commit
summary | shortlog | log | commit | commitdiff | tree
(parent: a31c931) | patch
[release-branch.go1.24] os: don't follow symlinks on Windows when O_CREATE|O_EXCL
authorDamien Neil <dneil@google.com>
Tue, 13 May 2025 22:35:19 +0000 (15:35 -0700)
committerMichael Knyszek <mknyszek@google.com>
Thu, 29 May 2025 17:56:18 +0000 (10:56 -0700)
commit9f9cf28f8fe67e6c17123cae2d89f116504f2be1
treed7accd066afd7919cae517ab580561ba769a4472tree
parenta31c931adf4cba81b8e7f8bd9772b81699955749commit | diff
[release-branch.go1.24] os: don't follow symlinks on Windows when O_CREATE|O_EXCL

(This cherry-pick includes both CL 672396 and CL 676655.)

Match standard Unix behavior: Symlinks are not followed when
O_CREATE|O_EXCL is passed to open.

Thanks to Junyoung Park and Dong-uk Kim of KAIST Hacking Lab
for discovering this issue.

For #73702
Fixed #73720
Fixes CVE-2025-0913

Change-Id: Ieb46a6780c5e9a6090b09cd34290f04a8e3b0ca5
Reviewed-on: https://go-review.googlesource.com/c/go/+/672396
Auto-Submit: Damien Neil <dneil@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Alan Donovan <adonovan@google.com>
Reviewed-on: https://go-review.googlesource.com/c/go/+/677215
Reviewed-by: Michael Knyszek <mknyszek@google.com>
TryBot-Bypass: Michael Knyszek <mknyszek@google.com>
src/internal/syscall/windows/at_windows.go diff | blob | history
src/os/os_test.go diff | blob | history
src/syscall/syscall_windows.go diff | blob | history
Go GOST TLS 1.3