[release-branch.go1.17] compress/gzip: fix stack exhaustion bug in Reader.Read - go

diff options

author	Tatiana Bradley <tatiana@golang.org>	2022-05-06 11:25:06 -0400
committer	Michael Knyszek <mknyszek@google.com>	2022-07-12 15:20:33 +0000
commit	0117dee7dccbbd7803d88f65a2ce8bd686219ad3 (patch)
tree	3959ba93c39cb57ff0af16b6b045f8bc45aa9dae /CONTRIBUTORS
parent	ba8788ebcead55e99e631c6a1157ad7b35535d11 (diff)
download	go-0117dee7dccbbd7803d88f65a2ce8bd686219ad3.tar.gz go-0117dee7dccbbd7803d88f65a2ce8bd686219ad3.zip

[release-branch.go1.17] compress/gzip: fix stack exhaustion bug in Reader.Read

Replace recursion with iteration in Reader.Read to avoid stack exhaustion when there are a large number of files. Fixes CVE-2022-30631 Fixes #53717 Updates #53168 Change-Id: I47d8afe3f2d40b0213ab61431df9b221794dbfe0 Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1455673 Reviewed-by: Roland Shoemaker <bracewell@google.com> Reviewed-by: Julie Qiu <julieqiu@google.com> (cherry picked from commit cf498969c8a0bae9d7a24b98fc1f66c824a4775d) Reviewed-on: https://go-review.googlesource.com/c/go/+/417071 Reviewed-by: Heschi Kreinick <heschi@google.com> Run-TryBot: Michael Knyszek <mknyszek@google.com> TryBot-Result: Gopher Robot <gobot@golang.org>

Diffstat (limited to 'CONTRIBUTORS')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: