go.mod: bump netstack for clone reset fix (#4379)

In tracking down issue #4144 and reading through the netstack code in detail, I discovered that the packet buf Clone path did not reset the packetbuf it was getting from the sync.Pool. The fix was sent upstream https://github.com/google/gvisor/pull/7385, and this bump pulls that in. At this time there is no known path that this fixes, however at the time of upstream submission this reset at least one field that could lead to incorrect packet routing if exercised, a situation that could therefore lead to an information leak. Signed-off-by: James Tucker <james@tailscale.com>
2 years ago · 2550acfd9d
parent f570372b4d
commit 2550acfd9d
3 changed files with 4 additions and 4 deletions
--- a/cmd/tailscaled/depaware.txt
+++ b/cmd/tailscaled/depaware.txt
@ -131,7 +131,7 @@ tailscale.com/cmd/tailscaled dependencies: (generated by github.com/tailscale/de
        gvisor.dev/gvisor/pkg/log                                    from gvisor.dev/gvisor/pkg/context+
        gvisor.dev/gvisor/pkg/rand                                   from gvisor.dev/gvisor/pkg/tcpip/network/hash+
        gvisor.dev/gvisor/pkg/refs                                   from gvisor.dev/gvisor/pkg/refsvfs2+
-        gvisor.dev/gvisor/pkg/refsvfs2                               from gvisor.dev/gvisor/pkg/tcpip/stack
+        gvisor.dev/gvisor/pkg/refsvfs2                               from gvisor.dev/gvisor/pkg/tcpip/stack+
     💣 gvisor.dev/gvisor/pkg/sleep                                  from gvisor.dev/gvisor/pkg/tcpip/transport/tcp
     💣 gvisor.dev/gvisor/pkg/state                                  from gvisor.dev/gvisor/pkg/atomicbitops+
        gvisor.dev/gvisor/pkg/state/wire                             from gvisor.dev/gvisor/pkg/state
--- a/go.mod
+++ b/go.mod
@ -57,7 +57,7 @@ require (
 	golang.org/x/tools v0.1.11-0.20220316014157-77aa08bb151a
 	golang.zx2c4.com/wireguard v0.0.0-20220317000134-95b48cdb3961
 	golang.zx2c4.com/wireguard/windows v0.4.10
-	gvisor.dev/gvisor v0.0.0-20220318082524-536b85ae1a6a
+	gvisor.dev/gvisor v0.0.0-20220407223209-21871174d445
 	honnef.co/go/tools v0.4.0-0.dev.0.20220404092545-59d7a2877f83
 	inet.af/netaddr v0.0.0-20211027220019-c74959edd3b6
 	inet.af/peercred v0.0.0-20210906144145-0893ea02156a
--- a/go.sum
+++ b/go.sum
@ -1833,8 +1833,8 @@ gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C
 gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b h1:h8qDotaEPuJATrMmW04NCwg7v22aHH28wwpauUhK9Oo=
 gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-gvisor.dev/gvisor v0.0.0-20220318082524-536b85ae1a6a h1:sQAuNyyy59GRxS8npo8nyOr5yM46gB7QzVFiq6yvHdg=
-gvisor.dev/gvisor v0.0.0-20220318082524-536b85ae1a6a/go.mod h1:tWwEcFvJavs154OdjFCw78axNrsDlz4Zh8jvPqwcpGI=
+gvisor.dev/gvisor v0.0.0-20220407223209-21871174d445 h1:pLNQCtMzh4O6rdhoUeWHuutt4yMft+B9Cgw/bezWchE=
+gvisor.dev/gvisor v0.0.0-20220407223209-21871174d445/go.mod h1:tWwEcFvJavs154OdjFCw78axNrsDlz4Zh8jvPqwcpGI=
 honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=