]> Cypherpunks repositories - gostls13.git/commitdiff
projects / gostls13.git / commitdiff
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 8eeb134)
[release-branch.go1.23] os: don't follow symlinks on Windows when O_CREATE|O_EXCL
authorDamien Neil <dneil@google.com>
Tue, 13 May 2025 22:35:19 +0000 (15:35 -0700)
committerMichael Knyszek <mknyszek@google.com>
Thu, 29 May 2025 17:56:13 +0000 (10:56 -0700)
(This cherry-pick includes both CL 672396 and CL 676655.)

Match standard Unix behavior: Symlinks are not followed when
O_CREATE|O_EXCL is passed to open.

Thanks to Junyoung Park and Dong-uk Kim of KAIST Hacking Lab
for discovering this issue.

For #73702
Fixes #73719
Fixes CVE-2025-0913

Change-Id: Ieb46a6780c5e9a6090b09cd34290f04a8e3b0ca5
Reviewed-on: https://go-review.googlesource.com/c/go/+/672396
Auto-Submit: Damien Neil <dneil@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Alan Donovan <adonovan@google.com>
Reviewed-on: https://go-review.googlesource.com/c/go/+/677195
TryBot-Bypass: Michael Knyszek <mknyszek@google.com>
Reviewed-by: Michael Knyszek <mknyszek@google.com>
src/os/os_test.go patch | blob | history
src/syscall/syscall_windows.go patch | blob | history

diff --git a/src/os/os_test.go b/src/os/os_test.go
index f1755dfa9139f840a31899a7c0a53e4d1374c934..24a1d84b16f490a462532f6212b8b1cea57e49d6 100644 (file)
--- a/src/os/os_test.go
+++ b/src/os/os_test.go
@@ -2174,6 +2174,24 @@ func TestAppend(t *testing.T) {
        }
 }
 
+func TestOpenFileCreateExclDanglingSymlink(t *testing.T) {
+       defer chtmpdir(t)()
+       const link = "link"
+       if err := Symlink("does_not_exist", link); err != nil {
+               t.Fatal(err)
+       }
+       f, err := OpenFile(link, O_WRONLY|O_CREATE|O_EXCL, 0o666)
+       if err == nil {
+               f.Close()
+       }
+       if !errors.Is(err, ErrExist) {
+               t.Errorf("OpenFile of a dangling symlink with O_CREATE|O_EXCL = %v, want ErrExist", err)
+       }
+       if _, err := Stat(link); err == nil {
+               t.Errorf("OpenFile of a dangling symlink with O_CREATE|O_EXCL created a file")
+       }
+}
+
 func TestStatDirWithTrailingSlash(t *testing.T) {
        t.Parallel()
 
diff --git a/src/syscall/syscall_windows.go b/src/syscall/syscall_windows.go
index d49ee522c4fe883fd1f27ec05348d6d154b30a96..bbc1a11784be0e504d151612b411c17c19867134 100644 (file)
--- a/src/syscall/syscall_windows.go
+++ b/src/syscall/syscall_windows.go
@@ -406,6 +406,9 @@ func Open(path string, mode int, perm uint32) (fd Handle, err error) {
                        }
                }
        }
+       if createmode == CREATE_NEW {
+               attrs |= FILE_FLAG_OPEN_REPARSE_POINT // don't follow symlinks
+       }
        if createmode == OPEN_EXISTING && access == GENERIC_READ {
                // Necessary for opening directory handles.
                attrs |= FILE_FLAG_BACKUP_SEMANTICS
Go GOST TLS 1.3