net: Unix dnsclient test for CVE-2021-33195 assumes that 1.2.3.4 does not resolve

[siebenmann]

What version of Go are you using (go version)?

$ go version
go version devel go1.17-24e9707cbf Tue Jun 1 19:59:18 2021 +0000 linux/amd64

Does this issue reproduce with the latest release?

No, but it will once Go 1.16.5 is released because of df6a737

What operating system and processor architecture are you using (go env)?

go env Output

$ go env
GO111MODULE=""
GOARCH="amd64"
GOBIN=""
GOCACHE="/homes/hawklords/cks/.cache/go-build"
GOENV="/homes/hawklords/cks/.config/go/env"
GOEXE=""
GOFLAGS=""
GOHOSTARCH="amd64"
GOHOSTOS="linux"
GOINSECURE=""
GOMODCACHE="/homes/hawklords/cks/go/pkg/mod"
GONOPROXY=""
GONOSUMDB=""
GOOS="linux"
GOPATH="/homes/hawklords/cks/go"
GOPRIVATE=""
GOPROXY="https://proxy.golang.org,direct"
GOROOT="/data/code/go-lang/go"
GOSUMDB="sum.golang.org"
GOTMPDIR=""
GOTOOLDIR="/data/code/go-lang/go/pkg/tool/linux_amd64"
GOVCS=""
GOVERSION="devel go1.17-24e9707cbf Tue Jun 1 19:59:18 2021 +0000"
GCCGO="gccgo"
AR="ar"
CC="gcc"
CXX="g++"
CGO_ENABLED="1"
GOMOD="/dev/null"
CGO_CFLAGS="-g -O2"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-g -O2"
CGO_FFLAGS="-g -O2"
CGO_LDFLAGS="-g -O2"
PKG_CONFIG="pkg-config"
GOGCCFLAGS="-fPIC -m64 -pthread -fmessage-length=0 -fdebug-prefix-map=/tmpfs/go-build1953702300=/tmp/go-build -gno-record-gcc-switches"

What did you do?

On a Unix system with /etc/hosts lookups enabled, add an entry for 1.2.3.4 to /etc/hosts (or have an already present one for whatever reason), then run ./all.bash in the current git tip or in 1.16's branch git tip. The net tests will fail with a runtime error for a nil pointer dereference.

The issue is in net/dnsclient_unix_test.go in TestCVE202133195(). The two calls to verions of LookupAddr() for "1.2.3.4" check for err == nil as one of the conditions for test failure, but they then go on to invoke err.Error() in the t.Errorf() calls, which faults if err is nil. In general, assuming that 1.2.3.4 will never resolve seems potentially dangerous, since it's in allocated IP address space (although it's currently assigned to APNIC's Debogon Project and they may be unlikely to give it a PTR record).

A short term fix for the test would be to make the failure conditions be err != nil && err.Error() != expected. A long-term fix might be to find an IP address that's guaranteed to not be resolvable, although I don't know if any such IPs exist. If 1.2.3.4 actually is supposed to never be resolvable, I think that the test should have a comment to that effect so that people reading it later know that this has been considered. (It also might be useful to make it, say, 1.2.3.5, just so that people who are using 1.2.3.4 for some reason don't trip over this.)

What did you expect to see?

Successful tests.

What did you see instead?

[...]
ok      mime/quotedprintable    0.040s
--- FAIL: TestCVE202133195 (0.00s)
panic: runtime error: invalid memory address or nil pointer dereference [recovered]
        panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x18 pc=0x57a4d1]

goroutine 324 [running]:
panic({0x623ae0, 0x7f6b20})
        /data/code/go-lang/go/src/runtime/panic.go:1147 +0x3a8 fp=0xc000515b58 sp=0xc000515a98 pc=0x436808
testing.tRunner.func1.2({0x623ae0, 0x7f6b20})
        /data/code/go-lang/go/src/testing/testing.go:1192 +0x24e fp=0xc000515c08 sp=0xc000515b58 pc=0x4d4f0e
testing.tRunner.func1()
        /data/code/go-lang/go/src/testing/testing.go:1195 +0x218 fp=0xc000515d18 sp=0xc000515c08 pc=0x4d49b8
runtime.deferCallSave(0xc000515e20, 0xc000515f90)
        /data/code/go-lang/go/src/runtime/panic.go:950 +0x82 fp=0xc000515d28 sp=0xc000515d18 pc=0x436402
runtime.runOpenDeferFrame(0xc0000e4000, 0xc0000e40f0)
        /data/code/go-lang/go/src/runtime/panic.go:889 +0x27b fp=0xc000515da8 sp=0xc000515d28 pc=0x435d9b
panic({0x623ae0, 0x7f6b20})
        /data/code/go-lang/go/src/runtime/panic.go:1038 +0x215 fp=0xc000515e68 sp=0xc000515da8 pc=0x436675
runtime.panicmem(...)
        /data/code/go-lang/go/src/runtime/panic.go:221
runtime.sigpanic()
        /data/code/go-lang/go/src/runtime/signal_unix.go:735 +0x327 fp=0xc000515eb8 sp=0xc000515e68 pc=0x44ce27
net.TestCVE202133195(0xc00042f1e0)
        /data/code/go-lang/go/src/net/dnsclient_unix_test.go:1952 +0xc51 fp=0xc000515f70 sp=0xc000515eb8 pc=0x57a4d1
testing.tRunner(0xc00042f1e0, 0x66bbf8)
        /data/code/go-lang/go/src/testing/testing.go:1242 +0x102 fp=0xc000515fc0 sp=0xc000515f70 pc=0x4d46e2
testing.(*T).Run·dwrap·21()
        /data/code/go-lang/go/src/testing/testing.go:1289 +0x2a fp=0xc000515fe0 sp=0xc000515fc0 pc=0x4d53ea
runtime.goexit()
[... more ...]

[seankhliao]

Possible candidates from iana special purpose registry

• 0.0.0.0/8 this network
• 192.0.2.0/24, 198.51.100.0/24, 203.0.113.0/24 documentation
• 198.18.0.0/15 benchmarking

[seankhliao]

cc @rolandshoemaker

[gopherbot]

Change https://golang.org/cl/324190 mentions this issue: net: don't rely on system hosts in TestCVE202133195

[neild]

@gopherbot please backport to 1.16

[gopherbot]

Backport issue(s) opened: #46530 (for 1.16).

Remember to create the cherry-pick CL(s) as soon as the patch is submitted to master, according to https://golang.org/wiki/MinorReleases.

[neild]

@gopherbot please backport to 1.15

[gopherbot]

Change https://golang.org/cl/324332 mentions this issue: net: don't rely on system hosts in TestCVE202133195

[gopherbot]

Change https://golang.org/cl/324333 mentions this issue: [release-branch.go1.15] net: don't rely on system hosts in TestCVE202133195