[release-branch.go1.15] net: verify results from Lookup* are valid domain names - go

diff options

author	Roland Shoemaker <roland@golang.org>	2021-05-27 10:40:06 -0700
committer	Roland Shoemaker <roland@golang.org>	2021-05-27 20:29:16 +0000
commit	31d60cda1f58b7558fc5725d2b9e4531655d980e (patch)
tree	abe3b35f2a3e7d7b4a14ed712cf30d8b7c5136df /src/archive/zip/reader.go
parent	df9ce19db6df32d94eae8760927bdfbc595433c3 (diff)
download	go-31d60cda1f58b7558fc5725d2b9e4531655d980e.tar.gz go-31d60cda1f58b7558fc5725d2b9e4531655d980e.zip

[release-branch.go1.15] net: verify results from Lookup* are valid domain names

For the methods LookupCNAME, LookupSRV, LookupMX, LookupNS, and LookupAddr check that the returned domain names are in fact valid DNS names using the existing isDomainName function. Thanks to Philipp Jeitner and Haya Shulman from Fraunhofer SIT for reporting this issue. Updates #46241 Fixes #46356 Fixes CVE-2021-33195 Change-Id: I47a4f58c031cb752f732e88bbdae7f819f0af4f3 Reviewed-on: https://go-review.googlesource.com/c/go/+/323131 Trust: Roland Shoemaker <roland@golang.org> Run-TryBot: Roland Shoemaker <roland@golang.org> TryBot-Result: Go Bot <gobot@golang.org> Reviewed-by: Filippo Valsorda <filippo@golang.org> Reviewed-by: Katie Hockman <katie@golang.org> (cherry picked from commit cdcd02842da7c004efd023881e3719105209c908) Reviewed-on: https://go-review.googlesource.com/c/go/+/323269

Diffstat (limited to 'src/archive/zip/reader.go')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: