From: Roland Shoemaker <roland@golang.org>
Date: Mon, 27 Oct 2025 15:15:48 +0000 (-0700)
Subject: encoding/pem: don't reslice in failure modes
X-Git-Tag: go1.26rc1~383
X-Git-Url: http://www.git.cypherpunks.su/?a=commitdiff_plain;h=9f6590f333ee3ecd318e95ef54073fe76d1225de;p=gostls13.git

encoding/pem: don't reslice in failure modes

We re-slice the data being processed at the stat of each loop. If the
var that we use to calculate where to re-slice is < 0 or > the length
of the remaining data, return instead of attempting to re-slice.

Change-Id: I1d6c2b6c596feedeea8feeaace370ea73ba02c4c
Reviewed-on: https://go-review.googlesource.com/c/go/+/715260
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Roland Shoemaker <roland@golang.org>
Reviewed-by: Damien Neil <dneil@google.com>
---

diff --git a/src/encoding/pem/pem.go b/src/encoding/pem/pem.go
index 1da60d3227..6bf2b41ad0 100644
--- a/src/encoding/pem/pem.go
+++ b/src/encoding/pem/pem.go
@@ -95,6 +95,9 @@ func Decode(data []byte) (p *Block, rest []byte) {
 	for {
 		// If we've already tried parsing a block, skip past the END we already
 		// saw.
+		if endTrailerIndex < 0 || endTrailerIndex > len(rest) {
+			return nil, data
+		}
 		rest = rest[endTrailerIndex:]
 
 		// Find the first END line, and then find the last BEGIN line before