[go/release-branch.go1.25] [release-branch.go1.25] net: avoid double-free of cgo pointer when handling large DNS response
0 views
Skip to first unread message
Michael Pratt (Gerrit)
Apr 29, 2026, 4:02:13 PM (21 hours ago) Apr 29
to Michael Pratt, Damien Neil, goph...@pubsubhelper.golang.org, golang-...@googlegroups.com, golang...@luci-project-accounts.iam.gserviceaccount.com, Nicholas Husin, Nicholas Husin, Ian Lance Taylor, Gopher Robot, golang-co...@googlegroups.com
Michael Pratt submitted the change![]( "Open in Gerrit")
Unreviewed changes
1 is the latest approved patch-set.
No files were changed between the latest approved patch-set and the submitted one.
Change information
Commit message:
[release-branch.go1.25] net: avoid double-free of cgo pointer when handling large DNS response
No test, unfortunately: I've had no luck triggering this without
the ability to override the local recursive resolver.
Thanks to hamayanhamayan for reporting this issue.
Fixes CVE-2026-33811
Fixes #78812
For #78803
Change-Id: I9e51410337316c20e4b9fd5b86657f436a6a6964
Reviewed-on: https://go-review.googlesource.com/c/go/+/767860
Reviewed-by: Nicholas Husin <n...@golang.org>
LUCI-TryBot-Result: golang...@luci-project-accounts.iam.gserviceaccount.com <golang...@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Nicholas Husin <hu...@google.com>
(cherry picked from commit ab2c7eb1c43011dda118282c1e757d8c27cd7d4f)
Reviewed-on: https://go-review.googlesource.com/c/go/+/767541
Files:
- M src/net/cgo_unix.go
Change size: XS
Delta: 1 file changed, 4 insertions(+), 1 deletion(-)
Branch: refs/heads/release-branch.go1.25
Submit Requirements:
Code-Review: +1 by Nicholas Husin, +2 by Nicholas Husin
TryBots-Pass: LUCI-TryBot-Result+1 by golang...@luci-project-accounts.iam.gserviceaccount.com
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |
Michael Pratt (Gerrit)
Apr 29, 2026, 4:02:19 PM (21 hours ago) Apr 29
to Michael Pratt, Damien Neil, goph...@pubsubhelper.golang.org, golang-...@googlegroups.com, golang...@luci-project-accounts.iam.gserviceaccount.com, Nicholas Husin, Nicholas Husin, Ian Lance Taylor, Gopher Robot, golang-co...@googlegroups.com
Michael Pratt submitted the change![]( "Open in Gerrit")
Unreviewed changes
1 is the latest approved patch-set.
No files were changed between the latest approved patch-set and the submitted one.
Change information
Commit message:
[release-branch.go1.26] net: avoid double-free of cgo pointer when handling large DNS response
No test, unfortunately: I've had no luck triggering this without
the ability to override the local recursive resolver.
Thanks to hamayanhamayan for reporting this issue.
Fixes CVE-2026-33811
Fixes #78813
For #78803
Change-Id: I9e51410337316c20e4b9fd5b86657f436a6a6964
Reviewed-on: https://go-review.googlesource.com/c/go/+/767860
Reviewed-by: Nicholas Husin <n...@golang.org>
LUCI-TryBot-Result: golang...@luci-project-accounts.iam.gserviceaccount.com <golang...@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Nicholas Husin <hu...@google.com>
(cherry picked from commit ab2c7eb1c43011dda118282c1e757d8c27cd7d4f)
Reviewed-on: https://go-review.googlesource.com/c/go/+/767542
Files:
- M src/net/cgo_unix.go
Change size: XS
Delta: 1 file changed, 4 insertions(+), 1 deletion(-)
Branch: refs/heads/release-branch.go1.26
Submit Requirements:
Code-Review: +2 by Nicholas Husin, +1 by Nicholas Husin
TryBots-Pass: LUCI-TryBot-Result+1 by golang...@luci-project-accounts.iam.gserviceaccount.com
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |
Reply all
Reply to author
Forward
0 new messages