diff options
author | Ian Lance Taylor <iant@golang.org> | 2020-11-02 21:31:06 -0800 |
---|---|---|
committer | Katie Hockman <katiehockman@google.com> | 2020-11-11 23:35:26 +0000 |
commit | ec06b6d6be568ce1591d91a0ea4f14c190d06605 (patch) | |
tree | 55f128a69e570f9f36b288e9e982fa9779cefe4f /src/math/big/nat.go | |
parent | 32159824698a82a174b60a6845e8494ae3243102 (diff) | |
download | go-ec06b6d6be568ce1591d91a0ea4f14c190d06605.tar.gz go-ec06b6d6be568ce1591d91a0ea4f14c190d06605.zip |
[release-branch.go1.15-security] cmd/go: in cgoflags, permit -DX1, prohibit -Wp,-D,opt
Restrict -D and -U to ASCII C identifiers, but do permit trailing digits.
When using -Wp, prohibit commas in -D values.
Thanks to Imre Rad (https://www.linkedin.com/in/imre-rad-2358749b) for reporting this.
Fixes CVE-2020-28367
Change-Id: Ibfc4dfdd6e6c258e131448e7682610c44eee9492
Reviewed-on: https://go-review.googlesource.com/c/go/+/267277
Trust: Ian Lance Taylor <iant@golang.org>
Run-TryBot: Ian Lance Taylor <iant@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Bryan C. Mills <bcmills@google.com>
Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/899924
Reviewed-by: Filippo Valsorda <valsorda@google.com>
Diffstat (limited to 'src/math/big/nat.go')
0 files changed, 0 insertions, 0 deletions