]> Cypherpunks repositories - gostls13.git/commitdiff
projects / gostls13.git / commitdiff
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 4b993bf)
encoding/xml: reduce depth limit on wasm
authorRuss Cox <rsc@golang.org>
Mon, 31 Oct 2022 19:42:13 +0000 (15:42 -0400)
committerGopher Robot <gobot@golang.org>
Mon, 31 Oct 2022 20:35:56 +0000 (20:35 +0000)
Wasm can't handle the recusion for XML nested to depth 10,000.
Cut it off at 5,000 instead. This fixes TestCVE202228131 on trybots
in certain conditions.

Also disable TestCVE202230633 to fix 'go test -v encoding/xml' on gomotes.

Also rename errExeceededMaxUnmarshalDepth [misspelled and unwieldy]
to errUnmarshalDepth.

For #56498.

Change-Id: I7cc337ccfee251bfd9771497be0e5272737114f9
Reviewed-on: https://go-review.googlesource.com/c/go/+/446639
Auto-Submit: Russ Cox <rsc@golang.org>
Reviewed-by: Cherry Mui <cherryyz@google.com>
Reviewed-by: Bryan Mills <bcmills@google.com>
Run-TryBot: Russ Cox <rsc@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>

src/encoding/xml/read.go patch | blob | history
src/encoding/xml/read_test.go patch | blob | history

diff --git a/src/encoding/xml/read.go b/src/encoding/xml/read.go
index a6fb6654585c645a90457656e58625d90a879834..c2f495581acbe9fdd929d6e49dae412f53b48ccb 100644 (file)
--- a/src/encoding/xml/read.go
+++ b/src/encoding/xml/read.go
@@ -10,6 +10,7 @@ import (
        "errors"
        "fmt"
        "reflect"
+       "runtime"
        "strconv"
        "strings"
 )
@@ -308,14 +309,17 @@ var (
        textUnmarshalerType = reflect.TypeOf((*encoding.TextUnmarshaler)(nil)).Elem()
 )
 
-const maxUnmarshalDepth = 10000
+const (
+       maxUnmarshalDepth     = 10000
+       maxUnmarshalDepthWasm = 5000 // go.dev/issue/56498
+)
 
-var errExeceededMaxUnmarshalDepth = errors.New("exceeded max depth")
+var errUnmarshalDepth = errors.New("exceeded max depth")
 
 // Unmarshal a single XML element into val.
 func (d *Decoder) unmarshal(val reflect.Value, start *StartElement, depth int) error {
-       if depth >= maxUnmarshalDepth {
-               return errExeceededMaxUnmarshalDepth
+       if depth >= maxUnmarshalDepth || runtime.GOARCH == "wasm" && depth >= maxUnmarshalDepthWasm {
+               return errUnmarshalDepth
        }
        // Find start element if we need it.
        if start == nil {
diff --git a/src/encoding/xml/read_test.go b/src/encoding/xml/read_test.go
index 35385c64909b7397f7ac3d66afe02c01f1371c5f..3e85fca5c6f63b601efc3842ff85010c8c79ba57 100644 (file)
--- a/src/encoding/xml/read_test.go
+++ b/src/encoding/xml/read_test.go
@@ -9,6 +9,7 @@ import (
        "errors"
        "io"
        "reflect"
+       "runtime"
        "strings"
        "testing"
        "time"
@@ -1105,13 +1106,13 @@ func TestCVE202228131(t *testing.T) {
        err := Unmarshal(bytes.Repeat([]byte("<a>"), maxUnmarshalDepth+1), &n)
        if err == nil {
                t.Fatal("Unmarshal did not fail")
-       } else if !errors.Is(err, errExeceededMaxUnmarshalDepth) {
-               t.Fatalf("Unmarshal unexpected error: got %q, want %q", err, errExeceededMaxUnmarshalDepth)
+       } else if !errors.Is(err, errUnmarshalDepth) {
+               t.Fatalf("Unmarshal unexpected error: got %q, want %q", err, errUnmarshalDepth)
        }
 }
 
 func TestCVE202230633(t *testing.T) {
-       if testing.Short() {
+       if testing.Short() || runtime.GOARCH == "wasm" {
                t.Skip("test requires significant memory")
        }
        defer func() {
Go GOST TLS 1.3