From: Ian Lance Taylor <iant@golang.org>
Date: Tue, 3 Nov 2020 05:31:06 +0000 (-0800)
Subject: [release-branch.go1.15-security] cmd/go: in cgoflags, permit -DX1, prohibit -Wp,... 
X-Git-Tag: go1.15.5~2
X-Git-Url: http://www.git.cypherpunks.su/?a=commitdiff_plain;h=ec06b6d6be568ce1591d91a0ea4f14c190d06605;p=gostls13.git

[release-branch.go1.15-security] cmd/go: in cgoflags, permit -DX1, prohibit -Wp,-D,opt

Restrict -D and -U to ASCII C identifiers, but do permit trailing digits.
When using -Wp, prohibit commas in -D values.

Thanks to Imre Rad (https://www.linkedin.com/in/imre-rad-2358749b) for reporting this.

Fixes CVE-2020-28367

Change-Id: Ibfc4dfdd6e6c258e131448e7682610c44eee9492
Reviewed-on: https://go-review.googlesource.com/c/go/+/267277
Trust: Ian Lance Taylor <iant@golang.org>
Run-TryBot: Ian Lance Taylor <iant@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Bryan C. Mills <bcmills@google.com>
Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/899924
Reviewed-by: Filippo Valsorda <valsorda@google.com>
---

diff --git a/src/cmd/go/internal/work/security.go b/src/cmd/go/internal/work/security.go
index 3ee68ac1b4..0d9628241f 100644
--- a/src/cmd/go/internal/work/security.go
+++ b/src/cmd/go/internal/work/security.go
@@ -42,8 +42,8 @@ import (
 var re = lazyregexp.New
 
 var validCompilerFlags = []*lazyregexp.Regexp{
-	re(`-D([A-Za-z_].*)`),
-	re(`-U([A-Za-z_]*)`),
+	re(`-D([A-Za-z_][A-Za-z0-9_]*)(=[^@\-]*)?`),
+	re(`-U([A-Za-z_][A-Za-z0-9_]*)`),
 	re(`-F([^@\-].*)`),
 	re(`-I([^@\-].*)`),
 	re(`-O`),
@@ -51,8 +51,8 @@ var validCompilerFlags = []*lazyregexp.Regexp{
 	re(`-W`),
 	re(`-W([^@,]+)`), // -Wall but not -Wa,-foo.
 	re(`-Wa,-mbig-obj`),
-	re(`-Wp,-D([A-Za-z_].*)`),
-	re(`-Wp,-U([A-Za-z_]*)`),
+	re(`-Wp,-D([A-Za-z_][A-Za-z0-9_]*)(=[^@,\-]*)?`),
+	re(`-Wp,-U([A-Za-z_][A-Za-z0-9_]*)`),
 	re(`-ansi`),
 	re(`-f(no-)?asynchronous-unwind-tables`),
 	re(`-f(no-)?blocks`),
diff --git a/src/cmd/go/internal/work/security_test.go b/src/cmd/go/internal/work/security_test.go
index 11e74f29c6..aec9789185 100644
--- a/src/cmd/go/internal/work/security_test.go
+++ b/src/cmd/go/internal/work/security_test.go
@@ -13,6 +13,7 @@ var goodCompilerFlags = [][]string{
 	{"-DFOO"},
 	{"-Dfoo=bar"},
 	{"-Ufoo"},
+	{"-Ufoo1"},
 	{"-F/Qt"},
 	{"-I/"},
 	{"-I/etc/passwd"},
@@ -24,6 +25,8 @@ var goodCompilerFlags = [][]string{
 	{"-Wall"},
 	{"-Wp,-Dfoo=bar"},
 	{"-Wp,-Ufoo"},
+	{"-Wp,-Dfoo1"},
+	{"-Wp,-Ufoo1"},
 	{"-fobjc-arc"},
 	{"-fno-objc-arc"},
 	{"-fomit-frame-pointer"},
@@ -78,6 +81,8 @@ var badCompilerFlags = [][]string{
 	{"-O@1"},
 	{"-Wa,-foo"},
 	{"-W@foo"},
+	{"-Wp,-DX,-D@X"},
+	{"-Wp,-UX,-U@X"},
 	{"-g@gdb"},
 	{"-g-gdb"},
 	{"-march=@dawn"},