Cypherpunks repositories - gostls13.git/commit

author	Julie Qiu <julieqiu@google.com>
	Thu, 23 Jun 2022 23:18:56 +0000 (23:18 +0000)
committer	Michael Knyszek <mknyszek@google.com>
	Tue, 12 Jul 2022 15:06:01 +0000 (15:06 +0000)
commit	ac68c6c683409f98250d34ad282b9e1b0c9095ef
tree	ebe38cf09a612019da30edc542ba65c9918cacf9	tree
parent	fa2d41d0ca736f3ad6b200b2a4e134364e9acc59	commit \| diff

path/filepath: fix stack exhaustion in Glob

A limit is added to the number of path separators allowed by an input to
Glob, to prevent stack exhaustion issues.

Thanks to Juho Nurminen of Mattermost who reported the issue.

Fixes CVE-2022-30632
Fixes #53416

Change-Id: I1b9fd4faa85411a05dbc91dceae1c0c8eb021f07
Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1498176
Reviewed-by: Roland Shoemaker <bracewell@google.com>
Reviewed-on: https://go-review.googlesource.com/c/go/+/417066
Reviewed-by: Heschi Kreinick <heschi@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Run-TryBot: Michael Knyszek <mknyszek@google.com>

src/path/filepath/match.go		diff \| blob \| history
src/path/filepath/match_test.go		diff \| blob \| history