From 2550acfd9d7d35e7203d23bf9e4033981c41272a Mon Sep 17 00:00:00 2001 From: James Tucker Date: Thu, 7 Apr 2022 19:03:18 -0700 Subject: [PATCH] go.mod: bump netstack for clone reset fix (#4379) In tracking down issue #4144 and reading through the netstack code in detail, I discovered that the packet buf Clone path did not reset the packetbuf it was getting from the sync.Pool. The fix was sent upstream https://github.com/google/gvisor/pull/7385, and this bump pulls that in. At this time there is no known path that this fixes, however at the time of upstream submission this reset at least one field that could lead to incorrect packet routing if exercised, a situation that could therefore lead to an information leak. Signed-off-by: James Tucker --- cmd/tailscaled/depaware.txt | 2 +- go.mod | 2 +- go.sum | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/cmd/tailscaled/depaware.txt b/cmd/tailscaled/depaware.txt index 52d2d591b..e4d4e8475 100644 --- a/cmd/tailscaled/depaware.txt +++ b/cmd/tailscaled/depaware.txt @@ -131,7 +131,7 @@ tailscale.com/cmd/tailscaled dependencies: (generated by github.com/tailscale/de gvisor.dev/gvisor/pkg/log from gvisor.dev/gvisor/pkg/context+ gvisor.dev/gvisor/pkg/rand from gvisor.dev/gvisor/pkg/tcpip/network/hash+ gvisor.dev/gvisor/pkg/refs from gvisor.dev/gvisor/pkg/refsvfs2+ - gvisor.dev/gvisor/pkg/refsvfs2 from gvisor.dev/gvisor/pkg/tcpip/stack + gvisor.dev/gvisor/pkg/refsvfs2 from gvisor.dev/gvisor/pkg/tcpip/stack+ 💣 gvisor.dev/gvisor/pkg/sleep from gvisor.dev/gvisor/pkg/tcpip/transport/tcp 💣 gvisor.dev/gvisor/pkg/state from gvisor.dev/gvisor/pkg/atomicbitops+ gvisor.dev/gvisor/pkg/state/wire from gvisor.dev/gvisor/pkg/state diff --git a/go.mod b/go.mod index 47a9cfaaa..f0a3ab3cc 100644 --- a/go.mod +++ b/go.mod @@ -57,7 +57,7 @@ require ( golang.org/x/tools v0.1.11-0.20220316014157-77aa08bb151a golang.zx2c4.com/wireguard v0.0.0-20220317000134-95b48cdb3961 golang.zx2c4.com/wireguard/windows v0.4.10 - gvisor.dev/gvisor v0.0.0-20220318082524-536b85ae1a6a + gvisor.dev/gvisor v0.0.0-20220407223209-21871174d445 honnef.co/go/tools v0.4.0-0.dev.0.20220404092545-59d7a2877f83 inet.af/netaddr v0.0.0-20211027220019-c74959edd3b6 inet.af/peercred v0.0.0-20210906144145-0893ea02156a diff --git a/go.sum b/go.sum index 2b1078646..409b5b8bf 100644 --- a/go.sum +++ b/go.sum @@ -1833,8 +1833,8 @@ gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b h1:h8qDotaEPuJATrMmW04NCwg7v22aHH28wwpauUhK9Oo= gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -gvisor.dev/gvisor v0.0.0-20220318082524-536b85ae1a6a h1:sQAuNyyy59GRxS8npo8nyOr5yM46gB7QzVFiq6yvHdg= -gvisor.dev/gvisor v0.0.0-20220318082524-536b85ae1a6a/go.mod h1:tWwEcFvJavs154OdjFCw78axNrsDlz4Zh8jvPqwcpGI= +gvisor.dev/gvisor v0.0.0-20220407223209-21871174d445 h1:pLNQCtMzh4O6rdhoUeWHuutt4yMft+B9Cgw/bezWchE= +gvisor.dev/gvisor v0.0.0-20220407223209-21871174d445/go.mod h1:tWwEcFvJavs154OdjFCw78axNrsDlz4Zh8jvPqwcpGI= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=