[release-branch.go1.17] encoding/pem: fix stack overflow in Decode - go

diff options

author	Julie Qiu <julie@golang.org>	2022-03-01 10:19:38 -0600
committer	Dmitri Shuralyov <dmitshur@golang.org>	2022-04-12 14:42:58 +0000
commit	2116d60993e90d3f9b963c979f4bf1d116af03ff (patch)
tree	e85f6d8b6c528d14a2b27e12f8ce4e3992792057 /VERSION
parent	7139e8b024604ab168b51b99c6e8168257a5bf58 (diff)
download	go-2116d60993e90d3f9b963c979f4bf1d116af03ff.tar.gz go-2116d60993e90d3f9b963c979f4bf1d116af03ff.zip

[release-branch.go1.17] encoding/pem: fix stack overflow in Decode

Previously, Decode called decodeError, a recursive function that was prone to stack overflows when given a large PEM file containing errors. Credit to Juho Nurminen of Mattermost who reported the error. Fixes CVE-2022-24675 Updates #51853 Fixes #52036 Change-Id: Iffe768be53c8ddc0036fea0671d290f8f797692c Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1391157 Reviewed-by: Damien Neil <dneil@google.com> Reviewed-by: Filippo Valsorda <valsorda@google.com> (cherry picked from commit 794ea5e828010e8b68493b2fc6d2963263195a02) Reviewed-on: https://go-review.googlesource.com/c/go/+/399816 Run-TryBot: Dmitri Shuralyov <dmitshur@golang.org> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> Reviewed-by: Cherry Mui <cherryyz@google.com> TryBot-Result: Gopher Robot <gobot@golang.org>

Diffstat (limited to 'VERSION')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: