Cypherpunks repositories - gostls13.git/commit

author	Roland Shoemaker <bracewell@google.com>
	Tue, 30 Sep 2025 18:16:56 +0000 (11:16 -0700)
committer	Gopher Robot <gobot@golang.org>
	Tue, 7 Oct 2025 19:46:27 +0000 (12:46 -0700)
commit	5ce8cd16f3859ec5ac4106ad8ec15d6236f4501b
tree	2181f7b0ce66d04ba051b7222f26bab6516bb79e	tree
parent	f6f4e8b3ef21299db1ea3a343c3e55e91365a7fd	commit \| diff

encoding/pem: make Decode complexity linear

Because Decode scanned the input first for the first BEGIN line, and
then the first END line, the complexity of Decode is quadratic. If the
input contained a large number of BEGINs and then a single END right at
the end of the input, we would find the first BEGIN, and then scan the
entire input for the END, and fail to parse the block, so move onto the
next BEGIN, scan the entire input for the END, etc.

Instead, look for the first END in the input, and then the first BEGIN
that precedes the found END. We then process the bytes between the BEGIN
and END, and move onto the bytes after the END for further processing.
This gives us linear complexity.

Fixes CVE-2025-61723
Fixes #75676

Change-Id: I813c4f63e78bca4054226c53e13865c781564ccf
Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/2921
Reviewed-by: Nicholas Husin <husin@google.com>
Reviewed-by: Damien Neil <dneil@google.com>
Reviewed-on: https://go-review.googlesource.com/c/go/+/709858
TryBot-Bypass: Michael Pratt <mpratt@google.com>
Auto-Submit: Michael Pratt <mpratt@google.com>
Reviewed-by: Carlos Amedee <carlos@golang.org>

src/encoding/pem/pem.go		diff \| blob \| history
src/encoding/pem/pem_test.go		diff \| blob \| history