cmd/go: pass resolved CC, GCCGO to cgo

This makes sure the go command and cgo agree about
exactly which compiler is being used.

This issue was reported by RyotaK.

Fixes CVE-2021-3115
Fixes #43783

Change-Id: If171c5c8b2523efb5ea2d957e5ad1380a038149c
Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/949416
Reviewed-by: Ian Lance Taylor <[email protected]>
Reviewed-by: Jay Conrod <[email protected]>
Reviewed-on: https://go-review.googlesource.com/c/go/+/284780
Run-TryBot: Roland Shoemaker <[email protected]>
TryBot-Result: Go Bot <[email protected]>
Reviewed-by: Ian Lance Taylor <[email protected]>
Trust: Roland Shoemaker <[email protected]>

Author: rsc

src/cmd/go/internal/work/action.go

@@ -57,6 +57,9 @@ type Builder struct {
 	id           sync.Mutex
 	toolIDCache  map[string]string // tool name -> tool ID
 	buildIDCache map[string]string // file name -> build ID
+
+	cgoEnvOnce  sync.Once
+	cgoEnvCache []string
 }
 
 // NOTE: Much of Action would not need to be exported if not for test.

src/cmd/go/internal/work/exec.go

@@ -1164,10 +1164,8 @@ func (b *Builder) vet(ctx context.Context, a *Action) error {
 		return err
 	}
 
-	env := b.cCompilerEnv()
-	if cfg.BuildToolchainName == "gccgo" {
-		env = append(env, "GCCGO="+BuildToolchain.compiler())
-	}
+	// TODO(rsc): Why do we pass $GCCGO to go vet?
+	env := b.cgoEnv()
 
 	p := a.Package
 	tool := VetTool
@@ -2110,6 +2108,24 @@ func (b *Builder) cCompilerEnv() []string {
 	return []string{"TERM=dumb"}
 }
 
+// cgoEnv returns environment variables to set when running cgo.
+// Some of these pass through to cgo running the C compiler,
+// so it includes cCompilerEnv.
+func (b *Builder) cgoEnv() []string {
+	b.cgoEnvOnce.Do(func() {
+		cc, err := exec.LookPath(b.ccExe()[0])
+		if err != nil || filepath.Base(cc) == cc { // reject relative path
+			cc = "/missing-cc"
+		}
+		gccgo := GccgoBin
+		if filepath.Base(gccgo) == gccgo { // reject relative path
+			gccgo = "/missing-gccgo"
+		}
+		b.cgoEnvCache = append(b.cCompilerEnv(), "CC="+cc, "GCCGO="+gccgo)
+	})
+	return b.cgoEnvCache
+}
+
 // mkdir makes the named directory.
 func (b *Builder) Mkdir(dir string) error {
 	// Make Mkdir(a.Objdir) a no-op instead of an error when a.Objdir == "".
@@ -2710,13 +2726,13 @@ func (b *Builder) cgo(a *Action, cgoExe, objdir string, pcCFLAGS, pcLDFLAGS, cgo
 	// along to the host linker. At this point in the code, cgoLDFLAGS
 	// consists of the original $CGO_LDFLAGS (unchecked) and all the
 	// flags put together from source code (checked).
-	cgoenv := b.cCompilerEnv()
+	cgoenv := b.cgoEnv()
 	if len(cgoLDFLAGS) > 0 {
 		flags := make([]string, len(cgoLDFLAGS))
 		for i, f := range cgoLDFLAGS {
 			flags[i] = strconv.Quote(f)
 		}
-		cgoenv = []string{"CGO_LDFLAGS=" + strings.Join(flags, " ")}
+		cgoenv = append(cgoenv, "CGO_LDFLAGS="+strings.Join(flags, " "))
 	}
 
 	if cfg.BuildToolchainName == "gccgo" {
@@ -2947,7 +2963,7 @@ func (b *Builder) dynimport(a *Action, p *load.Package, objdir, importGo, cgoExe
 	if p.Standard && p.ImportPath == "runtime/cgo" {
 		cgoflags = []string{"-dynlinker"} // record path to dynamic linker
 	}
-	return b.run(a, base.Cwd, p.ImportPath, b.cCompilerEnv(), cfg.BuildToolexec, cgoExe, "-dynpackage", p.Name, "-dynimport", dynobj, "-dynout", importGo, cgoflags)
+	return b.run(a, base.Cwd, p.ImportPath, b.cgoEnv(), cfg.BuildToolexec, cgoExe, "-dynpackage", p.Name, "-dynimport", dynobj, "-dynout", importGo, cgoflags)
 }
 
 // Run SWIG on all SWIG input files.