Cypherpunks repositories - gostls13.git/commit

author	Roland Shoemaker <bracewell@google.com>
	Thu, 20 Jun 2024 17:45:30 +0000 (10:45 -0700)
committer	Gopher Robot <gobot@golang.org>
	Thu, 5 Sep 2024 16:42:11 +0000 (16:42 +0000)
commit	f22d73197635b23c13bb852e330e5339eefaf910
tree	aedf7a339a035b01042c795dd588ece7bcee370a	tree
parent	08c84420bc40d1cd5eb71b85cbe3a36f707bdb3f	commit \| diff

go/build/constraint: add parsing limits

Limit the size of build constraints that we will parse. This prevents a
number of stack exhaustions that can be hit when parsing overly complex
constraints. The imposed limits are unlikely to ever be hit in real
world usage.

Fixes #69141
Fixes CVE-2024-34158

Change-Id: I38b614bf04caa36eefc6a4350d848588c4cef3c4
Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/1540
Reviewed-by: Damien Neil <dneil@google.com>
Reviewed-by: Russ Cox <rsc@google.com>
Reviewed-on: https://go-review.googlesource.com/c/go/+/611240
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Auto-Submit: Dmitri Shuralyov <dmitshur@golang.org>

src/go/build/constraint/expr.go		diff \| blob \| history
src/go/build/constraint/expr_test.go		diff \| blob \| history