l18n,conf: isolate GOOS=windows code #10
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Found when looking at `golang.zx2c4.com/wireguard/windows/conf`, that it fails on linux, do to this bit. Signed-off-by: Vincent Batts <[email protected]>
Found when building `golang.zx2c4.com/wireguard/windows/conf` on linux. Pulled the resolve logic from the wgcfg .ToUAPI() Signed-off-by: Vincent Batts <[email protected]>
vbatts
changed the title
zx2c4-bot
force-pushed
the
master
branch
27 times, most recently
from
f490951 to
6315b61
Compare
zx2c4-bot
force-pushed
the
master
branch
13 times, most recently
from
dca9737 to
05d1072
Compare
zx2c4-bot
force-pushed
the
master
branch
7 times, most recently
from
2522c0c to
4776166
Compare
zx2c4-bot
force-pushed
the
master
branch
8 times, most recently
from
cc96c93 to
b1fc806
Compare
zx2c4-bot
pushed a commit
that referenced
this pull request
Mar 19, 2025
The most recent versions that compile with Go 1.20 were picked. The govulncheck report follows with my ">" comments inline. C:\Users\Simon\Projekti\wireguard-windows>govulncheck -show verbose ./... Fetching vulnerabilities from the database... Checking the code against the vulnerabilities... The package pattern matched the following 19 root packages: golang.zx2c4.com/wireguard/windows/conf/dpapi golang.zx2c4.com/wireguard/windows/tunnel/winipcfg golang.zx2c4.com/wireguard/windows/driver golang.zx2c4.com/wireguard/windows/l18n golang.zx2c4.com/wireguard/windows/version golang.zx2c4.com/wireguard/windows/services golang.zx2c4.com/wireguard/windows/conf golang.zx2c4.com/wireguard/windows/elevate golang.zx2c4.com/wireguard/windows/ringlogger golang.zx2c4.com/wireguard/windows/updater/winhttp golang.zx2c4.com/wireguard/windows/updater golang.zx2c4.com/wireguard/windows/manager golang.zx2c4.com/wireguard/windows/tunnel/firewall golang.zx2c4.com/wireguard/windows/tunnel golang.zx2c4.com/wireguard/windows/ui/syntax golang.zx2c4.com/wireguard/windows/ui golang.zx2c4.com/wireguard/windows golang.zx2c4.com/wireguard/windows/driver/memmod golang.zx2c4.com/wireguard/windows/embeddable-dll-service Govulncheck scanned the following 4 modules and the go1.20.14 standard library: golang.zx2c4.com/wireguard/windows golang.org/x/[email protected] golang.org/x/[email protected] golang.org/x/[email protected] === Symbol Results === Vulnerability #1: GO-2024-3106 Stack exhaustion in Decoder.Decode in encoding/gob More info: https://pkg.go.dev/vuln/GO-2024-3106 Standard library Found in: encoding/[email protected] Fixed in: encoding/[email protected] Example traces found: #1: manager/ipc_client.go:420:25: manager.IPCClientUpdateState calls gob.Decoder.Decode > The most complex struct, our IPC is passing around, is conf.Config. It does not contain deeply nested structures, so we should be fine. The config may be huge, but it is not deep. Vulnerability #2: GO-2024-2888 Mishandling of corrupt central directory record in archive/zip More info: https://pkg.go.dev/vuln/GO-2024-2888 Standard library Found in: archive/[email protected] Fixed in: archive/[email protected] Example traces found: #1: ui/tunnelspage.go:309:29: ui.importFiles calls zip.OpenReader > Securing Zip config file exchange is beyond WireGuard scope. === Package Results === Vulnerability #1: GO-2025-3447 Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec More info: https://pkg.go.dev/vuln/GO-2025-3447 Standard library Found in: crypto/internal/[email protected] Fixed in: crypto/internal/[email protected] Platforms: ppc64le > There are no Windows on ppc64le platform we'd support. Vulnerability #2: GO-2024-2887 Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses in net/netip More info: https://pkg.go.dev/vuln/GO-2024-2887 Standard library Found in: net/[email protected] Fixed in: net/[email protected] > Not using any of the affected net/netip functions. === Module Results === Vulnerability #1: GO-2025-3487 Potential denial of service in golang.org/x/crypto More info: https://pkg.go.dev/vuln/GO-2025-3487 Module: golang.org/x/crypto Found in: golang.org/x/[email protected] Fixed in: golang.org/x/[email protected] Vulnerability #2: GO-2025-3420 Sensitive headers incorrectly sent after cross-domain redirect in net/http More info: https://pkg.go.dev/vuln/GO-2025-3420 Standard library Found in: [email protected] Fixed in: [email protected] Vulnerability #3: GO-2025-3373 Usage of IPv6 zone IDs can bypass URI name constraints in crypto/x509 More info: https://pkg.go.dev/vuln/GO-2025-3373 Standard library Found in: [email protected] Fixed in: [email protected] Vulnerability #4: GO-2024-3107 Stack exhaustion in Parse in go/build/constraint More info: https://pkg.go.dev/vuln/GO-2024-3107 Standard library Found in: [email protected] Fixed in: [email protected] Vulnerability #5: GO-2024-3105 Stack exhaustion in all Parse functions in go/parser More info: https://pkg.go.dev/vuln/GO-2024-3105 Standard library Found in: [email protected] Fixed in: [email protected] Vulnerability #6: GO-2024-2963 Denial of service due to improper 100-continue handling in net/http More info: https://pkg.go.dev/vuln/GO-2024-2963 Standard library Found in: [email protected] Fixed in: [email protected] Vulnerability #7: GO-2024-2687 HTTP/2 CONTINUATION flood in net/http More info: https://pkg.go.dev/vuln/GO-2024-2687 Standard library Found in: [email protected] Fixed in: [email protected] Vulnerability #8: GO-2024-2610 Errors returned from JSON marshaling may break template escaping in html/template More info: https://pkg.go.dev/vuln/GO-2024-2610 Standard library Found in: [email protected] Fixed in: [email protected] Vulnerability #9: GO-2024-2609 Comments in display names are incorrectly handled in net/mail More info: https://pkg.go.dev/vuln/GO-2024-2609 Standard library Found in: [email protected] Fixed in: [email protected] Vulnerability #10: GO-2024-2600 Incorrect forwarding of sensitive headers and cookies on HTTP redirect in net/http More info: https://pkg.go.dev/vuln/GO-2024-2600 Standard library Found in: [email protected] Fixed in: [email protected] Vulnerability #11: GO-2024-2599 Memory exhaustion in multipart form parsing in net/textproto and net/http More info: https://pkg.go.dev/vuln/GO-2024-2599 Standard library Found in: [email protected] Fixed in: [email protected] Vulnerability #12: GO-2024-2598 Verify panics on certificates with an unknown public key algorithm in crypto/x509 More info: https://pkg.go.dev/vuln/GO-2024-2598 Standard library Found in: [email protected] Fixed in: [email protected] Your code is affected by 2 vulnerabilities from the Go standard library. This scan also found 2 vulnerabilities in packages you import and 12 vulnerabilities in modules you require, but your code doesn't appear to call these vulnerabilities. Signed-off-by: Simon Rozman <[email protected]>
zx2c4-bot
pushed a commit
that referenced
this pull request
Mar 19, 2025
The most recent versions that compile with Go 1.20 were picked. The govulncheck report follows with my ">" comments inline. C:\Users\Simon\Projekti\wireguard-windows>govulncheck -show verbose ./... Fetching vulnerabilities from the database... Checking the code against the vulnerabilities... The package pattern matched the following 19 root packages: golang.zx2c4.com/wireguard/windows/conf/dpapi golang.zx2c4.com/wireguard/windows/tunnel/winipcfg golang.zx2c4.com/wireguard/windows/driver golang.zx2c4.com/wireguard/windows/l18n golang.zx2c4.com/wireguard/windows/version golang.zx2c4.com/wireguard/windows/services golang.zx2c4.com/wireguard/windows/conf golang.zx2c4.com/wireguard/windows/elevate golang.zx2c4.com/wireguard/windows/ringlogger golang.zx2c4.com/wireguard/windows/updater/winhttp golang.zx2c4.com/wireguard/windows/updater golang.zx2c4.com/wireguard/windows/manager golang.zx2c4.com/wireguard/windows/tunnel/firewall golang.zx2c4.com/wireguard/windows/tunnel golang.zx2c4.com/wireguard/windows/ui/syntax golang.zx2c4.com/wireguard/windows/ui golang.zx2c4.com/wireguard/windows golang.zx2c4.com/wireguard/windows/driver/memmod golang.zx2c4.com/wireguard/windows/embeddable-dll-service Govulncheck scanned the following 4 modules and the go1.20.14 standard library: golang.zx2c4.com/wireguard/windows golang.org/x/[email protected] golang.org/x/[email protected] golang.org/x/[email protected] === Symbol Results === Vulnerability #1: GO-2024-3106 Stack exhaustion in Decoder.Decode in encoding/gob More info: https://pkg.go.dev/vuln/GO-2024-3106 Standard library Found in: encoding/[email protected] Fixed in: encoding/[email protected] Example traces found: #1: manager/ipc_client.go:420:25: manager.IPCClientUpdateState calls gob.Decoder.Decode > The most complex struct, our IPC is passing around, is conf.Config. It does not contain deeply nested structures, so we should be fine. The config may be huge, but it is not deep. Vulnerability #2: GO-2024-2888 Mishandling of corrupt central directory record in archive/zip More info: https://pkg.go.dev/vuln/GO-2024-2888 Standard library Found in: archive/[email protected] Fixed in: archive/[email protected] Example traces found: #1: ui/tunnelspage.go:309:29: ui.importFiles calls zip.OpenReader > Securing Zip config file exchange is beyond WireGuard scope. === Package Results === Vulnerability #1: GO-2025-3447 Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec More info: https://pkg.go.dev/vuln/GO-2025-3447 Standard library Found in: crypto/internal/[email protected] Fixed in: crypto/internal/[email protected] Platforms: ppc64le > There are no Windows on ppc64le platform we'd support. Vulnerability #2: GO-2024-2887 Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses in net/netip More info: https://pkg.go.dev/vuln/GO-2024-2887 Standard library Found in: net/[email protected] Fixed in: net/[email protected] > Not using any of the affected net/netip functions. === Module Results === Vulnerability #1: GO-2025-3487 Potential denial of service in golang.org/x/crypto More info: https://pkg.go.dev/vuln/GO-2025-3487 Module: golang.org/x/crypto Found in: golang.org/x/[email protected] Fixed in: golang.org/x/[email protected] Vulnerability #2: GO-2025-3420 Sensitive headers incorrectly sent after cross-domain redirect in net/http More info: https://pkg.go.dev/vuln/GO-2025-3420 Standard library Found in: [email protected] Fixed in: [email protected] Vulnerability #3: GO-2025-3373 Usage of IPv6 zone IDs can bypass URI name constraints in crypto/x509 More info: https://pkg.go.dev/vuln/GO-2025-3373 Standard library Found in: [email protected] Fixed in: [email protected] Vulnerability #4: GO-2024-3107 Stack exhaustion in Parse in go/build/constraint More info: https://pkg.go.dev/vuln/GO-2024-3107 Standard library Found in: [email protected] Fixed in: [email protected] Vulnerability #5: GO-2024-3105 Stack exhaustion in all Parse functions in go/parser More info: https://pkg.go.dev/vuln/GO-2024-3105 Standard library Found in: [email protected] Fixed in: [email protected] Vulnerability #6: GO-2024-2963 Denial of service due to improper 100-continue handling in net/http More info: https://pkg.go.dev/vuln/GO-2024-2963 Standard library Found in: [email protected] Fixed in: [email protected] Vulnerability #7: GO-2024-2687 HTTP/2 CONTINUATION flood in net/http More info: https://pkg.go.dev/vuln/GO-2024-2687 Standard library Found in: [email protected] Fixed in: [email protected] Vulnerability #8: GO-2024-2610 Errors returned from JSON marshaling may break template escaping in html/template More info: https://pkg.go.dev/vuln/GO-2024-2610 Standard library Found in: [email protected] Fixed in: [email protected] Vulnerability #9: GO-2024-2609 Comments in display names are incorrectly handled in net/mail More info: https://pkg.go.dev/vuln/GO-2024-2609 Standard library Found in: [email protected] Fixed in: [email protected] Vulnerability #10: GO-2024-2600 Incorrect forwarding of sensitive headers and cookies on HTTP redirect in net/http More info: https://pkg.go.dev/vuln/GO-2024-2600 Standard library Found in: [email protected] Fixed in: [email protected] Vulnerability #11: GO-2024-2599 Memory exhaustion in multipart form parsing in net/textproto and net/http More info: https://pkg.go.dev/vuln/GO-2024-2599 Standard library Found in: [email protected] Fixed in: [email protected] Vulnerability #12: GO-2024-2598 Verify panics on certificates with an unknown public key algorithm in crypto/x509 More info: https://pkg.go.dev/vuln/GO-2024-2598 Standard library Found in: [email protected] Fixed in: [email protected] Your code is affected by 2 vulnerabilities from the Go standard library. This scan also found 2 vulnerabilities in packages you import and 12 vulnerabilities in modules you require, but your code doesn't appear to call these vulnerabilities. Signed-off-by: Simon Rozman <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Found when building
golang.zx2c4.com/wireguard/windows/confon linux.(This logic would be nice to have not in a platform specific repo. Maybe in
wireguard-goitself?)Signed-off-by: Vincent Batts [email protected]