qbit/go
1
0
Fork 0
mirror of https://github.com/golang/go synced 2024-11-23 15:00:03 -07:00
Code Releases Activity
The Go programming language
39,494 Commits 58 Branches 402 Tags 522 MiB
Go 89.6%
Assembly 5.2%
HTML 4.8%
C 0.2%
Shell 0.1%
9b6e9f0c8c
Go to file
Jason A. Donenfeld 9b6e9f0c8c runtime: safely load DLLs 
While many other call sites have been moved to using the proper
higher-level system loading, these areas were left out. This prevents
DLL directory injection attacks. This includes both the runtime load
calls (using LoadLibrary prior) and the implicitly linked ones via
cgo_import_dynamic, which we move to our LoadLibraryEx. The goal is to
only loosely load kernel32.dll and strictly load all others.

Meanwhile we make sure that we never fallback to insecure loading on
older or unpatched systems.

This is CVE-2019-9634.

Fixes #14959
Fixes #28978
Fixes #30642

Change-Id: I401a13ed8db248ab1bb5039bf2d31915cac72b93
Reviewed-on: https://go-review.googlesource.com/c/go/+/165798
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Alex Brainman <alex.brainman@gmail.com>
2019-03-10 05:40:13 +00:00
.github .github: don't render author-facing text in ISSUE_TEMPLATE 2018-11-02 04:47:34 +00:00
api text/scanner: don't liberally consume (invalid) floats or underbars 2019-02-20 20:23:28 +00:00
doc doc: add missing paragraph break in Effective Go 2019-03-07 04:46:03 +00:00
lib/time time: read 64-bit data if available 2019-02-26 23:10:35 +00:00
misc misc/android: enable many more tests on GOOS=android 2019-03-08 23:32:03 +00:00
src runtime: safely load DLLs 2019-03-10 05:40:13 +00:00
test sync: allow inlining the RWMutex.RUnlock fast path 2019-03-09 16:34:17 +00:00
.gitattributes
.gitignore .gitignore: ignore src/cmd/dist/dist 2017-10-28 21:55:49 +00:00
AUTHORS A+C: change email address for Elias Naur 2019-01-23 15:05:26 +00:00
CONTRIBUTING.md all: restore changes from faulty merge/revert 2018-02-12 20:13:59 +00:00
CONTRIBUTORS CONTRIBUTORS: second round of updates for Go 1.12 2019-01-30 18:01:19 +00:00
favicon.ico website: recreate 16px and 32px favicon 2016-08-25 15:43:32 +00:00
LICENSE
PATENTS
README.md README: linkify some paths 2018-06-06 18:07:01 +00:00
robots.txt

README.md

The Go Programming Language

Go is an open source programming language that makes it easy to build simple, reliable, and efficient software.

Gopher image Gopher image by Renee French, licensed under Creative Commons 3.0 Attributions license.

Our canonical Git repository is located at https://go.googlesource.com/go. There is a mirror of the repository at https://github.com/golang/go.

Unless otherwise noted, the Go source files are distributed under the BSD-style license found in the LICENSE file.

Download and Install

Binary Distributions

Official binary distributions are available at https://golang.org/dl/.

After downloading a binary release, visit https://golang.org/doc/install or load doc/install.html in your web browser for installation instructions.

Install From Source

If a binary distribution is not available for your combination of operating system and architecture, visit https://golang.org/doc/install/source or load doc/install-source.html in your web browser for source installation instructions.

Contributing

Go is the work of thousands of contributors. We appreciate your help!

To contribute, please read the contribution guidelines: https://golang.org/doc/contribute.html

Note that the Go project uses the issue tracker for bug reports and proposals only. See https://golang.org/wiki/Questions for a list of places to ask questions about the Go language.