]> Cypherpunks repositories - gostls13.git/commit
projects / gostls13.git / commit
summary | shortlog | log | commit | commitdiff | tree
(parent: 7139e8b) | patch
[release-branch.go1.17] encoding/pem: fix stack overflow in Decode
authorJulie Qiu <julie@golang.org>
Tue, 1 Mar 2022 16:19:38 +0000 (10:19 -0600)
committerDmitri Shuralyov <dmitshur@golang.org>
Tue, 12 Apr 2022 14:42:58 +0000 (14:42 +0000)
commit2116d60993e90d3f9b963c979f4bf1d116af03ff
treee85f6d8b6c528d14a2b27e12f8ce4e3992792057tree
parent7139e8b024604ab168b51b99c6e8168257a5bf58commit | diff
[release-branch.go1.17] encoding/pem: fix stack overflow in Decode

Previously, Decode called decodeError, a recursive function that was
prone to stack overflows when given a large PEM file containing errors.

Credit to Juho Nurminen of Mattermost who reported the error.

Fixes CVE-2022-24675
Updates #51853
Fixes #52036

Change-Id: Iffe768be53c8ddc0036fea0671d290f8f797692c
Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1391157
Reviewed-by: Damien Neil <dneil@google.com>
Reviewed-by: Filippo Valsorda <valsorda@google.com>
(cherry picked from commit 794ea5e828010e8b68493b2fc6d2963263195a02)
Reviewed-on: https://go-review.googlesource.com/c/go/+/399816
Run-TryBot: Dmitri Shuralyov <dmitshur@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: Cherry Mui <cherryyz@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
src/encoding/pem/pem.go diff | blob | history
src/encoding/pem/pem_test.go diff | blob | history
Go GOST TLS 1.3