[release-branch.go1.15-security] encoding/xml: prevent infinite loop while decoding - go

diff options

author	Katie Hockman <katie@golang.org>	2021-03-01 09:54:00 -0500
committer	Katie Hockman <katiehockman@google.com>	2021-03-09 17:43:02 +0000
commit	91062c2e4cbbf78a108919f6ed3ded1173937cf3 (patch)
tree	6f04b2f35c33c61d0c73f6143dda8168aa7a7279 /VERSION
parent	fa6752a5370735b8c2404d6de5191f2eea67130f (diff)
download	go-91062c2e4cbbf78a108919f6ed3ded1173937cf3.tar.gz go-91062c2e4cbbf78a108919f6ed3ded1173937cf3.zip

[release-branch.go1.15-security] encoding/xml: prevent infinite loop while decoding

This change properly handles a TokenReader which returns an EOF in the middle of an open XML element. Thanks to Sam Whited for reporting this. Fixes CVE-2021-27918 Change-Id: Id02a3f3def4a1b415fa2d9a8e3b373eb6cb0f433 Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1004594 Reviewed-by: Russ Cox <rsc@google.com> Reviewed-by: Roland Shoemaker <bracewell@google.com> Reviewed-by: Filippo Valsorda <valsorda@google.com> (cherry picked from commit e7ce1f6746223ec7b4caa3b1ece25d9be3864710) Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1014236

Diffstat (limited to 'VERSION')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: