qbit/go
1
0
Fork 0
mirror of https://github.com/golang/go synced 2024-09-30 03:24:39 -06:00
Code Releases Activity
a745171e6b
go/src/encoding
History
Katie Hockman 027d7241ce encoding/binary: read at most MaxVarintLen64 bytes in ReadUvarint 
This CL ensures that ReadUvarint consumes only a limited
amount of input (instead of an unbounded amount).

On some inputs, ReadUvarint could read an arbitrary number
of bytes before deciding to return an overflow error.
After this CL, ReadUvarint returns that same overflow
error sooner, after reading at most MaxVarintLen64 bytes.

Fix authored by Robert Griesemer and Filippo Valsorda.

Thanks to Diederik Loerakker, Jonny Rhea, Raúl Kripalani,
and Preston Van Loon for reporting this.

Fixes #40618
Fixes CVE-2020-16845

Change-Id: Ie0cb15972f14c38b7cf7af84c45c4ce54909bb8f
Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/812099
Reviewed-by: Filippo Valsorda <valsorda@google.com>
Reviewed-on: https://go-review.googlesource.com/c/go/+/247120
Run-TryBot: Katie Hockman <katie@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Alexander Rakoczy <alex@golang.org>
2020-08-06 17:24:10 +00:00
..
ascii85
asn1 encoding/asn1: document what Unmarshal returns in rest 2020-05-23 06:47:06 +00:00
base32
base64 encoding/base64: improve performance up to 20% total 2020-04-22 21:36:41 +00:00
binary encoding/binary: read at most MaxVarintLen64 bytes in ReadUvarint 2020-08-06 17:24:10 +00:00
csv encoding/csv: optimize Write by giving fieldNeedsQuotes a fast path for when Comma is ascii 2020-05-05 23:57:19 +00:00
gob
hex
json Revert "encoding/json: don't reuse slice elements when decoding" 2020-07-02 22:08:11 +00:00
pem
xml Revert "encoding/xml: fix reserved namespace check to be case-insensitive" 2020-06-29 21:33:02 +00:00
encoding.go