aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRuss Cox <rsc@golang.org>2021-01-11 09:41:54 -0500
committerRoland Shoemaker <bracewell@google.com>2021-01-16 00:28:53 +0000
commite8e7facfaa47bf21007c0a1c679debba52ec3ea0 (patch)
tree3e94ff770e0ccc9d29d0e4ed78dc247885fb9a4b
parent5c8fd727c41e31273923c32b33d4f25855f4e123 (diff)
downloadgo-e8e7facfaa47bf21007c0a1c679debba52ec3ea0.tar.gz
go-e8e7facfaa47bf21007c0a1c679debba52ec3ea0.zip
[release-branch.go1.15-security] cmd/go: pass resolved CC, GCCGO to cgo
This makes sure the go command and cgo agree about exactly which compiler is being used. This issue was reported by RyotaK. Fixes CVE-2021-3115. Change-Id: If171c5c8b2523efb5ea2d957e5ad1380a038149c Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/949416 Reviewed-by: Ian Lance Taylor <iant@google.com> Reviewed-by: Jay Conrod <jayconrod@google.com> (cherry picked from commit 4cf399ca38587a6e4a3e85b494cd9a9b4cc53378) Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/955293 Reviewed-by: Katie Hockman <katiehockman@google.com>
Diffstat
-rw-r--r--src/cmd/go/internal/work/action.go3
-rw-r--r--src/cmd/go/internal/work/exec.go30
2 files changed, 26 insertions, 7 deletions
diff --git a/src/cmd/go/internal/work/action.go b/src/cmd/go/internal/work/action.go
index 6b5f9e48079..03ca301bdd8 100644
--- a/src/cmd/go/internal/work/action.go
+++ b/src/cmd/go/internal/work/action.go
@@ -56,6 +56,9 @@ type Builder struct {
id sync.Mutex
toolIDCache map[string]string // tool name -> tool ID
buildIDCache map[string]string // file name -> build ID
+
+ cgoEnvOnce sync.Once
+ cgoEnvCache []string
}
// NOTE: Much of Action would not need to be exported if not for test.
diff --git a/src/cmd/go/internal/work/exec.go b/src/cmd/go/internal/work/exec.go
index dc0c4fc3444..3c397345901 100644
--- a/src/cmd/go/internal/work/exec.go
+++ b/src/cmd/go/internal/work/exec.go
@@ -1080,10 +1080,8 @@ func (b *Builder) vet(a *Action) error {
return err
}
- env := b.cCompilerEnv()
- if cfg.BuildToolchainName == "gccgo" {
- env = append(env, "GCCGO="+BuildToolchain.compiler())
- }
+ // TODO(rsc): Why do we pass $GCCGO to go vet?
+ env := b.cgoEnv()
p := a.Package
tool := VetTool
@@ -2014,6 +2012,24 @@ func (b *Builder) cCompilerEnv() []string {
return []string{"TERM=dumb"}
}
+// cgoEnv returns environment variables to set when running cgo.
+// Some of these pass through to cgo running the C compiler,
+// so it includes cCompilerEnv.
+func (b *Builder) cgoEnv() []string {
+ b.cgoEnvOnce.Do(func() {
+ cc, err := exec.LookPath(b.ccExe()[0])
+ if err != nil || filepath.Base(cc) == cc { // reject relative path
+ cc = "/missing-cc"
+ }
+ gccgo := GccgoBin
+ if filepath.Base(gccgo) == gccgo { // reject relative path
+ gccgo = "/missing-gccgo"
+ }
+ b.cgoEnvCache = append(b.cCompilerEnv(), "CC="+cc, "GCCGO="+gccgo)
+ })
+ return b.cgoEnvCache
+}
+
// mkdir makes the named directory.
func (b *Builder) Mkdir(dir string) error {
// Make Mkdir(a.Objdir) a no-op instead of an error when a.Objdir == "".
@@ -2603,13 +2619,13 @@ func (b *Builder) cgo(a *Action, cgoExe, objdir string, pcCFLAGS, pcLDFLAGS, cgo
// along to the host linker. At this point in the code, cgoLDFLAGS
// consists of the original $CGO_LDFLAGS (unchecked) and all the
// flags put together from source code (checked).
- cgoenv := b.cCompilerEnv()
+ cgoenv := b.cgoEnv()
if len(cgoLDFLAGS) > 0 {
flags := make([]string, len(cgoLDFLAGS))
for i, f := range cgoLDFLAGS {
flags[i] = strconv.Quote(f)
}
- cgoenv = []string{"CGO_LDFLAGS=" + strings.Join(flags, " ")}
+ cgoenv = append(cgoenv, "CGO_LDFLAGS="+strings.Join(flags, " "))
}
if cfg.BuildToolchainName == "gccgo" {
@@ -2824,7 +2840,7 @@ func (b *Builder) dynimport(a *Action, p *load.Package, objdir, importGo, cgoExe
if p.Standard && p.ImportPath == "runtime/cgo" {
cgoflags = []string{"-dynlinker"} // record path to dynamic linker
}
- return b.run(a, p.Dir, p.ImportPath, b.cCompilerEnv(), cfg.BuildToolexec, cgoExe, "-dynpackage", p.Name, "-dynimport", dynobj, "-dynout", importGo, cgoflags)
+ return b.run(a, p.Dir, p.ImportPath, b.cgoEnv(), cfg.BuildToolexec, cgoExe, "-dynpackage", p.Name, "-dynimport", dynobj, "-dynout", importGo, cgoflags)
}
// Run SWIG on all SWIG input files.
7apu2bq3rhoylwmucxizk54afw5jyda7pho4j5zdcqpwkufke7zdzwad.onion