diff options
author | Julie Qiu <julie@golang.org> | 2022-03-01 10:19:38 -0600 |
---|---|---|
committer | Dmitri Shuralyov <dmitshur@golang.org> | 2022-04-12 14:42:58 +0000 |
commit | 2116d60993e90d3f9b963c979f4bf1d116af03ff (patch) | |
tree | e85f6d8b6c528d14a2b27e12f8ce4e3992792057 /VERSION | |
parent | 7139e8b024604ab168b51b99c6e8168257a5bf58 (diff) | |
download | go-2116d60993e90d3f9b963c979f4bf1d116af03ff.tar.gz go-2116d60993e90d3f9b963c979f4bf1d116af03ff.zip |
[release-branch.go1.17] encoding/pem: fix stack overflow in Decode
Previously, Decode called decodeError, a recursive function that was
prone to stack overflows when given a large PEM file containing errors.
Credit to Juho Nurminen of Mattermost who reported the error.
Fixes CVE-2022-24675
Updates #51853
Fixes #52036
Change-Id: Iffe768be53c8ddc0036fea0671d290f8f797692c
Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1391157
Reviewed-by: Damien Neil <dneil@google.com>
Reviewed-by: Filippo Valsorda <valsorda@google.com>
(cherry picked from commit 794ea5e828010e8b68493b2fc6d2963263195a02)
Reviewed-on: https://go-review.googlesource.com/c/go/+/399816
Run-TryBot: Dmitri Shuralyov <dmitshur@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: Cherry Mui <cherryyz@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Diffstat (limited to 'VERSION')
0 files changed, 0 insertions, 0 deletions