Cypherpunks repositories - gostls13.git/commit

author	Tatiana Bradley <tatiana@golang.org>
	Fri, 6 May 2022 15:25:06 +0000 (11:25 -0400)
committer	Michael Knyszek <mknyszek@google.com>
	Tue, 12 Jul 2022 15:06:32 +0000 (15:06 +0000)
commit	8e27a8ac4c001c27713810b75925aa3794049c48
tree	d2d6fe57479c48dd795a9af6e3d8d769bed32845	tree
parent	0d1615b23f9a558aa0a1957b4c81596220eb8ec4	commit \| diff

[release-branch.go1.18] compress/gzip: fix stack exhaustion bug in Reader.Read

Replace recursion with iteration in Reader.Read to avoid stack
exhaustion when there are a large number of files.

Fixes CVE-2022-30631
Fixes #53718
Updates #53168

Change-Id: I47d8afe3f2d40b0213ab61431df9b221794dbfe0
Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1455673
Reviewed-by: Roland Shoemaker <bracewell@google.com>
Reviewed-by: Julie Qiu <julieqiu@google.com>
(cherry picked from commit cf498969c8a0bae9d7a24b98fc1f66c824a4775d)
Reviewed-on: https://go-review.googlesource.com/c/go/+/417057
Run-TryBot: Michael Knyszek <mknyszek@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Heschi Kreinick <heschi@google.com>

src/compress/gzip/gunzip.go		diff \| blob \| history
src/compress/gzip/gunzip_test.go		diff \| blob \| history