Cypherpunks repositories - gostls13.git/commit

author	Julie Qiu <julieqiu@google.com>
	Thu, 23 Jun 2022 23:18:56 +0000 (23:18 +0000)
committer	Michael Knyszek <mknyszek@google.com>
	Tue, 12 Jul 2022 15:20:41 +0000 (15:20 +0000)
commit	76f8b7304d1f7c25834e2a0cc9e88c55276c47df
tree	624f073dcc9fffc21522d70137a10e2043d244c8	tree
parent	8c1d8c836270615cfb5b229932269048ef59ac07	commit \| diff

[release-branch.go1.17] path/filepath: fix stack exhaustion in Glob

A limit is added to the number of path separators allowed by an input to
Glob, to prevent stack exhaustion issues.

Thanks to Juho Nurminen of Mattermost who reported the issue.

Fixes #53713
Updates #53416
Fixes CVE-2022-30632

Change-Id: I1b9fd4faa85411a05dbc91dceae1c0c8eb021f07
Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1498176
Reviewed-by: Roland Shoemaker <bracewell@google.com>
(cherry picked from commit d182a6d1217fd0d04c9babfa9a7ccd3515435c39)
Reviewed-on: https://go-review.googlesource.com/c/go/+/417073
Reviewed-by: Heschi Kreinick <heschi@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Run-TryBot: Michael Knyszek <mknyszek@google.com>

src/path/filepath/match.go		diff \| blob \| history
src/path/filepath/match_test.go		diff \| blob \| history