diff options
author | Tatiana Bradley <tatiana@golang.org> | 2022-05-06 11:25:06 -0400 |
---|---|---|
committer | Michael Knyszek <mknyszek@google.com> | 2022-07-12 15:20:33 +0000 |
commit | 0117dee7dccbbd7803d88f65a2ce8bd686219ad3 (patch) | |
tree | 3959ba93c39cb57ff0af16b6b045f8bc45aa9dae /src/compress/gzip/gunzip_test.go | |
parent | ba8788ebcead55e99e631c6a1157ad7b35535d11 (diff) | |
download | go-0117dee7dccbbd7803d88f65a2ce8bd686219ad3.tar.gz go-0117dee7dccbbd7803d88f65a2ce8bd686219ad3.zip |
[release-branch.go1.17] compress/gzip: fix stack exhaustion bug in Reader.Read
Replace recursion with iteration in Reader.Read to avoid stack
exhaustion when there are a large number of files.
Fixes CVE-2022-30631
Fixes #53717
Updates #53168
Change-Id: I47d8afe3f2d40b0213ab61431df9b221794dbfe0
Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1455673
Reviewed-by: Roland Shoemaker <bracewell@google.com>
Reviewed-by: Julie Qiu <julieqiu@google.com>
(cherry picked from commit cf498969c8a0bae9d7a24b98fc1f66c824a4775d)
Reviewed-on: https://go-review.googlesource.com/c/go/+/417071
Reviewed-by: Heschi Kreinick <heschi@google.com>
Run-TryBot: Michael Knyszek <mknyszek@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Diffstat (limited to 'src/compress/gzip/gunzip_test.go')
-rw-r--r-- | src/compress/gzip/gunzip_test.go | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/src/compress/gzip/gunzip_test.go b/src/compress/gzip/gunzip_test.go index 17c23e8a9b..6fe8ddcf55 100644 --- a/src/compress/gzip/gunzip_test.go +++ b/src/compress/gzip/gunzip_test.go @@ -515,3 +515,19 @@ func TestTruncatedStreams(t *testing.T) { } } } + +func TestCVE202230631(t *testing.T) { + var empty = []byte{0x1f, 0x8b, 0x08, 0x00, 0xa7, 0x8f, 0x43, 0x62, 0x00, + 0x03, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00} + r := bytes.NewReader(bytes.Repeat(empty, 4e6)) + z, err := NewReader(r) + if err != nil { + t.Fatalf("NewReader: got %v, want nil", err) + } + // Prior to CVE-2022-30631 fix, this would cause an unrecoverable panic due + // to stack exhaustion. + _, err = z.Read(make([]byte, 10)) + if err != io.EOF { + t.Errorf("Reader.Read: got %v, want %v", err, io.EOF) + } +} |