]> Cypherpunks repositories - gostls13.git/commit
projects / gostls13.git / commit
summary | shortlog | log | commit | commitdiff | tree
(parent: 8eeb134) | patch
[release-branch.go1.23] os: don't follow symlinks on Windows when O_CREATE|O_EXCL
authorDamien Neil <dneil@google.com>
Tue, 13 May 2025 22:35:19 +0000 (15:35 -0700)
committerMichael Knyszek <mknyszek@google.com>
Thu, 29 May 2025 17:56:13 +0000 (10:56 -0700)
commitc2c89d95516d2a6b51aa1766ed5f76e542ab282c
tree5f9c54f905772b09c6e312f4277fd319065aaa18tree
parent8eeb1340b230321dc3b797e4b9836cc5ef8f316dcommit | diff
[release-branch.go1.23] os: don't follow symlinks on Windows when O_CREATE|O_EXCL

(This cherry-pick includes both CL 672396 and CL 676655.)

Match standard Unix behavior: Symlinks are not followed when
O_CREATE|O_EXCL is passed to open.

Thanks to Junyoung Park and Dong-uk Kim of KAIST Hacking Lab
for discovering this issue.

For #73702
Fixes #73719
Fixes CVE-2025-0913

Change-Id: Ieb46a6780c5e9a6090b09cd34290f04a8e3b0ca5
Reviewed-on: https://go-review.googlesource.com/c/go/+/672396
Auto-Submit: Damien Neil <dneil@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Alan Donovan <adonovan@google.com>
Reviewed-on: https://go-review.googlesource.com/c/go/+/677195
TryBot-Bypass: Michael Knyszek <mknyszek@google.com>
Reviewed-by: Michael Knyszek <mknyszek@google.com>
src/os/os_test.go diff | blob | history
src/syscall/syscall_windows.go diff | blob | history
Go GOST TLS 1.3