Cypherpunks repositories - gostls13.git/commit

author	Damien Neil <dneil@google.com>
	Thu, 16 Mar 2023 21:18:04 +0000 (14:18 -0700)
committer	Gopher Robot <gobot@golang.org>
	Tue, 4 Apr 2023 16:47:45 +0000 (16:47 +0000)
commit	ef41a4e2face45e580c5836eaebd51629fc23f15
tree	62182957b5822e6a9fc1e90796dd4c14e4a4bbf7	tree
parent	d6759e7a059f4208f07aa781402841d7ddaaef96	commit \| diff

[release-branch.go1.19] mime/multipart: avoid excessive copy buffer allocations in ReadForm

When copying form data to disk with io.Copy,
allocate only one copy buffer and reuse it rather than
creating two buffers per file (one from io.multiReader.WriteTo,
and a second one from os.File.ReadFrom).

Thanks to Jakob Ackermann (@das7pad) for reporting this issue.

For CVE-2023-24536
For #59153
For #59269

Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1802453
Run-TryBot: Damien Neil <dneil@google.com>
Reviewed-by: Julie Qiu <julieqiu@google.com>
Reviewed-by: Roland Shoemaker <bracewell@google.com>
Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1802395
Run-TryBot: Roland Shoemaker <bracewell@google.com>
Reviewed-by: Damien Neil <dneil@google.com>
Change-Id: Ie405470c92abffed3356913b37d813e982c96c8b
Reviewed-on: https://go-review.googlesource.com/c/go/+/481983
Run-TryBot: Michael Knyszek <mknyszek@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Auto-Submit: Michael Knyszek <mknyszek@google.com>
Reviewed-by: Matthew Dempsky <mdempsky@google.com>

src/mime/multipart/formdata.go		diff \| blob \| history
src/mime/multipart/formdata_test.go		diff \| blob \| history