This patch updates libgo to the 1.6.1 release. This is a minor
release that just fixes a couple of bugs with potential security
implications (see
https://github.com/golang/go/issues?utf8=%E2%9C%93&q=is%3Aopen+is%3Aissue+milestone%3AGo1.6.1
for more details). Bootstrapped and ran Go testsuite on
x86_64-pc-linux-gnu. Committed to mainline.
Ian
Index: gcc/go/gofrontend/MERGE
===================================================================
--- gcc/go/gofrontend/MERGE (revision 234923)
+++ gcc/go/gofrontend/MERGE (working copy)
@@ -1,4 +1,4 @@
-8e7b5e777333fa4cd070d96e94ea82e3e1132739
+ff29ea8e4e69eb94958aef4388da09a61b2b52b6
The first line of this file holds the git revision number of the last
merge done from the gofrontend repository.
Index: libgo/MERGE
===================================================================
--- libgo/MERGE (revision 234304)
+++ libgo/MERGE (working copy)
@@ -1,4 +1,4 @@
-7bc40ffb05d8813bf9b41a331b45d37216f9e747
+f5cf5673590a68c55b2330df9dfcdd6fac75b893
The first line of this file holds the git revision number of the
last merge done from the master library sources.
Index: libgo/VERSION
===================================================================
--- libgo/VERSION (revision 234304)
+++ libgo/VERSION (working copy)
@@ -1 +1 @@
-go1.6
\ No newline at end of file
+go1.6.1
\ No newline at end of file
Index: libgo/go/crypto/dsa/dsa.go
===================================================================
--- libgo/go/crypto/dsa/dsa.go (revision 234304)
+++ libgo/go/crypto/dsa/dsa.go (working copy)
@@ -249,6 +249,10 @@ func Sign(rand io.Reader, priv *PrivateK
func Verify(pub *PublicKey, hash []byte, r, s *big.Int) bool {
// FIPS 186-3, section 4.7
+ if pub.P.Sign() == 0 {
+ return false
+ }
+
if r.Sign() < 1 || r.Cmp(pub.Q) >= 0 {
return false
}
Index: libgo/go/crypto/ecdsa/ecdsa.go
===================================================================
--- libgo/go/crypto/ecdsa/ecdsa.go (revision 234304)
+++ libgo/go/crypto/ecdsa/ecdsa.go (working copy)
@@ -23,6 +23,7 @@ import (
"crypto/elliptic"
"crypto/sha512"
"encoding/asn1"
+ "errors"
"io"
"math/big"
)
@@ -140,6 +141,8 @@ func fermatInverse(k, N *big.Int) *big.I
return new(big.Int).Exp(k, nMinus2, N)
}
+var errZeroParam = errors.New("zero parameter")
+
// Sign signs an arbitrary length hash (which should be the result of hashing a
// larger message) using the private key, priv. It returns the signature as a
// pair of integers. The security of the private key depends on the entropy of
@@ -180,7 +183,9 @@ func Sign(rand io.Reader, priv *PrivateK
// See [NSA] 3.4.1
c := priv.PublicKey.Curve
N := c.Params().N
-
+ if N.Sign() == 0 {
+ return nil, nil, errZeroParam
+ }
var k, kInv *big.Int
for {
for {
@@ -193,7 +198,7 @@ func Sign(rand io.Reader, priv *PrivateK
if in, ok := priv.Curve.(invertible); ok {
kInv = in.Inverse(k)
} else {
- kInv = fermatInverse(k, N)
+ kInv = fermatInverse(k, N) // N != 0
}
r, _ = priv.Curve.ScalarBaseMult(k.Bytes())
@@ -207,7 +212,7 @@ func Sign(rand io.Reader, priv *PrivateK
s = new(big.Int).Mul(priv.D, r)
s.Add(s, e)
s.Mul(s, kInv)
- s.Mod(s, N)
+ s.Mod(s, N) // N != 0
if s.Sign() != 0 {
break
}
Index: libgo/go/crypto/rsa/rsa.go
===================================================================
--- libgo/go/crypto/rsa/rsa.go (revision 234304)
+++ libgo/go/crypto/rsa/rsa.go (working copy)
@@ -465,6 +465,9 @@ func decrypt(random io.Reader, priv *Pri
err = ErrDecryption
return
}
+ if priv.N.Sign() == 0 {
+ return nil, ErrDecryption
+ }
var ir *big.Int
if random != nil {
@@ -490,7 +493,7 @@ func decrypt(random io.Reader, priv *Pri
}
}
bigE := big.NewInt(int64(priv.E))
- rpowe := new(big.Int).Exp(r, bigE, priv.N)
+ rpowe := new(big.Int).Exp(r, bigE, priv.N) // N != 0
cCopy := new(big.Int).Set(c)
cCopy.Mul(cCopy, rpowe)
cCopy.Mod(cCopy, priv.N)
Index: libgo/go/go/build/deps_test.go
===================================================================
--- libgo/go/go/build/deps_test.go (revision 234304)
+++ libgo/go/go/build/deps_test.go (working copy)
@@ -132,10 +132,10 @@ var pkgDeps = map[string][]string{
// End of linear dependency definitions.
// Operating system access.
- "syscall": {"L0", "internal/race",
"unicode/utf16"},
+ "syscall": {"L0", "internal/race",
"internal/syscall/windows/sysdll", "unicode/utf16"},
"internal/syscall/unix": {"L0", "syscall"},
- "internal/syscall/windows": {"L0", "syscall"},
- "internal/syscall/windows/registry": {"L0", "syscall", "unicode/utf16"},
+ "internal/syscall/windows": {"L0", "syscall",
"internal/syscall/windows/sysdll"},
+ "internal/syscall/windows/registry": {"L0", "syscall",
"internal/syscall/windows/sysdll", "unicode/utf16"},
"time": {"L0", "syscall", "internal/syscall/windows/registry"},
"os": {"L1", "os", "syscall", "time",
"internal/syscall/windows"},
"path/filepath": {"L2", "os", "syscall"},
Index: libgo/go/internal/syscall/windows/registry/syscall.go
===================================================================
--- libgo/go/internal/syscall/windows/registry/syscall.go (revision
234304)
+++ libgo/go/internal/syscall/windows/registry/syscall.go (working copy)
@@ -8,7 +8,7 @@ package registry
import "syscall"
-//go:generate go run $GOROOT/src/syscall/mksyscall_windows.go -output
zsyscall_windows.go syscall.go
+//go:generate go run $GOROOT/src/syscall/mksyscall_windows.go -output
zsyscall_windows.go -systemdll syscall.go
const (
_REG_OPTION_NON_VOLATILE = 0
Index: libgo/go/internal/syscall/windows/registry/zsyscall_windows.go
===================================================================
--- libgo/go/internal/syscall/windows/registry/zsyscall_windows.go
(revision 234304)
+++ libgo/go/internal/syscall/windows/registry/zsyscall_windows.go
(working copy)
@@ -4,12 +4,13 @@ package registry
import "unsafe"
import "syscall"
+import "internal/syscall/windows/sysdll"
var _ unsafe.Pointer
var (
- modadvapi32 = syscall.NewLazyDLL("advapi32.dll")
- modkernel32 = syscall.NewLazyDLL("kernel32.dll")
+ modadvapi32 = syscall.NewLazyDLL(sysdll.Add("advapi32.dll"))
+ modkernel32 = syscall.NewLazyDLL(sysdll.Add("kernel32.dll"))
procRegCreateKeyExW = modadvapi32.NewProc("RegCreateKeyExW")
procRegDeleteKeyW = modadvapi32.NewProc("RegDeleteKeyW")
Index: libgo/go/internal/syscall/windows/syscall_windows.go
===================================================================
--- libgo/go/internal/syscall/windows/syscall_windows.go (revision
234304)
+++ libgo/go/internal/syscall/windows/syscall_windows.go (working copy)
@@ -6,7 +6,7 @@ package windows
import "syscall"
-//go:generate go run ../../../syscall/mksyscall_windows.go -output
zsyscall_windows.go syscall_windows.go
+//go:generate go run ../../../syscall/mksyscall_windows.go -output
zsyscall_windows.go -systemdll syscall_windows.go
const GAA_FLAG_INCLUDE_PREFIX = 0x00000010
Index: libgo/go/internal/syscall/windows/sysdll/sysdll.go
===================================================================
--- libgo/go/internal/syscall/windows/sysdll/sysdll.go (revision 0)
+++ libgo/go/internal/syscall/windows/sysdll/sysdll.go (working copy)
@@ -0,0 +1,28 @@
+// Copyright 2016 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package sysdll is an internal leaf package that records and reports
+// which Windows DLL names are used by Go itself. These DLLs are then
+// only loaded from the System32 directory. See Issue 14959.
+package sysdll
+
+// IsSystemDLL reports whether the named dll key (a base name, like
+// "foo.dll") is a system DLL which should only be loaded from the
+// Windows SYSTEM32 directory.
+//
+// Filenames are case sensitive, but that doesn't matter because
+// the case registered with Add is also the same case used with
+// LoadDLL later.
+//
+// It has no associated mutex and should only be mutated serially
+// (currently: during init), and not concurrent with DLL loading.
+var IsSystemDLL = map[string]bool{}
+
+// Add notes that dll is a system32 DLL which should only be loaded
+// from the Windows SYSTEM32 directory. It returns its argument back,
+// for ease of use in generated code.
+func Add(dll string) string {
+ IsSystemDLL[dll] = true
+ return dll
+}
Index: libgo/go/internal/syscall/windows/zsyscall_windows.go
===================================================================
--- libgo/go/internal/syscall/windows/zsyscall_windows.go (revision
234304)
+++ libgo/go/internal/syscall/windows/zsyscall_windows.go (working copy)
@@ -4,12 +4,13 @@ package windows
import "unsafe"
import "syscall"
+import "internal/syscall/windows/sysdll"
var _ unsafe.Pointer
var (
- modiphlpapi = syscall.NewLazyDLL("iphlpapi.dll")
- modkernel32 = syscall.NewLazyDLL("kernel32.dll")
+ modiphlpapi = syscall.NewLazyDLL(sysdll.Add("iphlpapi.dll"))
+ modkernel32 = syscall.NewLazyDLL(sysdll.Add("kernel32.dll"))
procGetAdaptersAddresses = modiphlpapi.NewProc("GetAdaptersAddresses")
procGetComputerNameExW = modkernel32.NewProc("GetComputerNameExW")
Index: libgo/go/runtime/export_windows_test.go
===================================================================
--- libgo/go/runtime/export_windows_test.go (revision 234304)
+++ libgo/go/runtime/export_windows_test.go (working copy)
@@ -15,3 +15,7 @@ func NumberOfProcessors() int32 {
stdcall1(_GetSystemInfo, uintptr(unsafe.Pointer(&info)))
return int32(info.dwnumberofprocessors)
}
+
+func LoadLibraryExStatus() (useEx, haveEx, haveFlags bool) {
+ return useLoadLibraryEx, _LoadLibraryExW != nil, _AddDllDirectory != nil
+}
