]> Cypherpunks repositories - gostls13.git/commit
projects / gostls13.git / commit
summary | shortlog | log | commit | commitdiff | tree
(parent: 9ccf5b8) | patch
encoding/pem: fix stack overflow in Decode
authorJulie Qiu <julie@golang.org>
Tue, 1 Mar 2022 16:19:38 +0000 (10:19 -0600)
committerGopher Robot <gobot@golang.org>
Tue, 12 Apr 2022 15:19:32 +0000 (15:19 +0000)
commit45c3387d777caf28f4b992ad9a6216e3085bb8fe
tree8016533c19858b171508b90ce619f9ed02181a57tree
parent9ccf5b8e86ce98494a2127196fbc47d72b0a71a5commit | diff
encoding/pem: fix stack overflow in Decode

Previously, Decode called decodeError, a recursive function that was
prone to stack overflows when given a large PEM file containing errors.

Credit to Juho Nurminen of Mattermost who reported the error.

Fixes CVE-2022-24675
Fixes #51853

Change-Id: Iffe768be53c8ddc0036fea0671d290f8f797692c
Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1391157
Reviewed-by: Damien Neil <dneil@google.com>
Reviewed-by: Filippo Valsorda <valsorda@google.com>
(cherry picked from commit 794ea5e828010e8b68493b2fc6d2963263195a02)
Reviewed-on: https://go-review.googlesource.com/c/go/+/399820
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Run-TryBot: Dmitri Shuralyov <dmitshur@google.com>
Auto-Submit: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: Cherry Mui <cherryyz@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
src/encoding/pem/pem.go diff | blob | history
src/encoding/pem/pem_test.go diff | blob | history
Go GOST TLS 1.3