qbit/go
1
0
Fork 0
mirror of https://github.com/golang/go synced 2024-11-06 07:26:10 -07:00
Code Releases Activity
4fb7e22ade
go/src/path
History
Julie Qiu ac68c6c683 path/filepath: fix stack exhaustion in Glob 
A limit is added to the number of path separators allowed by an input to
Glob, to prevent stack exhaustion issues.

Thanks to Juho Nurminen of Mattermost who reported the issue.

Fixes CVE-2022-30632
Fixes #53416

Change-Id: I1b9fd4faa85411a05dbc91dceae1c0c8eb021f07
Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1498176
Reviewed-by: Roland Shoemaker <bracewell@google.com>
Reviewed-on: https://go-review.googlesource.com/c/go/+/417066
Reviewed-by: Heschi Kreinick <heschi@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Run-TryBot: Michael Knyszek <mknyszek@google.com>
2022-07-12 15:06:01 +00:00
..
filepath path/filepath: fix stack exhaustion in Glob 2022-07-12 15:06:01 +00:00
example_test.go
match_test.go
match.go all: remove trailing blank doc comment lines 2022-04-01 18:18:07 +00:00
path_test.go
path.go all: gofmt main repo 2022-04-11 16:34:30 +00:00