Cypherpunks repositories - gostls13.git/commit

author	Julie Qiu <julie@golang.org>
	Tue, 1 Mar 2022 16:19:38 +0000 (10:19 -0600)
committer	Dmitri Shuralyov <dmitshur@golang.org>
	Tue, 12 Apr 2022 14:45:32 +0000 (14:45 +0000)
commit	84264fcecaf7a3cdfb7ef9e423814e72c2885c1d
tree	f260b28923ef3c017b8f20b2d2a91c3536f070f3	tree
parent	9535031e32757d2f3b83f3f1ce116017bd06fdbe	commit \| diff

[release-branch.go1.18] encoding/pem: fix stack overflow in Decode

Previously, Decode called decodeError, a recursive function that was
prone to stack overflows when given a large PEM file containing errors.

Credit to Juho Nurminen of Mattermost who reported the error.

Fixes CVE-2022-24675
Updates #51853
Fixes #52037

Change-Id: Iffe768be53c8ddc0036fea0671d290f8f797692c
Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1391157
Reviewed-by: Damien Neil <dneil@google.com>
Reviewed-by: Filippo Valsorda <valsorda@google.com>
(cherry picked from commit 794ea5e828010e8b68493b2fc6d2963263195a02)
Reviewed-on: https://go-review.googlesource.com/c/go/+/399817
Run-TryBot: Dmitri Shuralyov <dmitshur@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: Cherry Mui <cherryyz@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>

src/encoding/pem/pem.go		diff \| blob \| history
src/encoding/pem/pem_test.go		diff \| blob \| history