diff options
author | Julie Qiu <julieqiu@google.com> | 2022-06-23 23:17:53 +0000 |
---|---|---|
committer | Michael Knyszek <mknyszek@google.com> | 2022-07-12 15:20:37 +0000 |
commit | 8c1d8c836270615cfb5b229932269048ef59ac07 (patch) | |
tree | 2137c8220879aa479bcf56198a297918265f7991 /src/path/filepath/match_test.go | |
parent | 0117dee7dccbbd7803d88f65a2ce8bd686219ad3 (diff) | |
download | go-8c1d8c836270615cfb5b229932269048ef59ac07.tar.gz go-8c1d8c836270615cfb5b229932269048ef59ac07.zip |
[release-branch.go1.17] io/fs: fix stack exhaustion in Glob
A limit is added to the number of path separators allowed by an input to
Glob, to prevent stack exhaustion issues.
Thanks to Juho Nurminen of Mattermost who reported a similar issue in
path/filepath.
Fixes #53719
Updates #53415
Fixes CVE-2022-30630
Change-Id: I5a9d02591fed90cd3d52627f5945f1301e53465d
Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1497588
Reviewed-by: Roland Shoemaker <bracewell@google.com>
(cherry picked from commit fdccc5d7bd0f276d0a8de3a818ca844f0bed5d97)
Reviewed-on: https://go-review.googlesource.com/c/go/+/417072
Reviewed-by: Heschi Kreinick <heschi@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Run-TryBot: Michael Knyszek <mknyszek@google.com>
Diffstat (limited to 'src/path/filepath/match_test.go')
0 files changed, 0 insertions, 0 deletions