]> Cypherpunks repositories - gostls13.git/commit
projects / gostls13.git / commit
summary | shortlog | log | commit | commitdiff | tree
(parent: ef41a4e) | patch
[release-branch.go1.19] net/textproto, mime/multipart: improve accounting of non...
authorDamien Neil <dneil@google.com>
Thu, 16 Mar 2023 23:56:12 +0000 (16:56 -0700)
committerGopher Robot <gobot@golang.org>
Tue, 4 Apr 2023 16:47:46 +0000 (16:47 +0000)
commit7a359a651c7ebdb29e0a1c03102fce793e9f58f0
treebff50324b37c6802892e868c8b2be60d3a9865e9tree
parentef41a4e2face45e580c5836eaebd51629fc23f15commit | diff
[release-branch.go1.19] net/textproto, mime/multipart: improve accounting of non-file data

For requests containing large numbers of small parts,
memory consumption of a parsed form could be about 250%
over the estimated size.

When considering the size of parsed forms, account for the size of
FileHeader structs and increase the estimate of memory consumed by
map entries.

Thanks to Jakob Ackermann (@das7pad) for reporting this issue.

For CVE-2023-24536
For #59153
For #59269

Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1802454
Run-TryBot: Damien Neil <dneil@google.com>
Reviewed-by: Roland Shoemaker <bracewell@google.com>
Reviewed-by: Julie Qiu <julieqiu@google.com>
Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1802396
Run-TryBot: Roland Shoemaker <bracewell@google.com>
Reviewed-by: Damien Neil <dneil@google.com>
Change-Id: I31bc50e9346b4eee6fbe51a18c3c57230cc066db
Reviewed-on: https://go-review.googlesource.com/c/go/+/481984
Reviewed-by: Matthew Dempsky <mdempsky@google.com>
Auto-Submit: Michael Knyszek <mknyszek@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Run-TryBot: Michael Knyszek <mknyszek@google.com>
src/mime/multipart/formdata.go diff | blob | history
src/mime/multipart/formdata_test.go diff | blob | history
src/net/textproto/reader.go diff | blob | history
Go GOST TLS 1.3