diff options
| author | Roland Shoemaker <bracewell@google.com> | 2026-03-05 14:28:44 -0800 |
|---|---|---|
| committer | Roland Shoemaker <roland@golang.org> | 2026-03-25 11:02:45 -0700 |
| commit | 26d8a902002a2b41bc4c302044110f2eae8d597f (patch) | |
| tree | 25ddfcaa90da0a5d14b9436e2b51c143f1f3d85b /src/database/sql | |
| parent | 312541b783ceae00471573da83367cae26ca255b (diff) | |
| download | go-26d8a902002a2b41bc4c302044110f2eae8d597f.tar.xz | |
crypto/x509: fix signature checking limit
We added the "is this cert already in the chain" check (alreadyInChain)
to considerCandidates before the signature limit. considerCandidates
bails out when we exceed the signature check, but buildChains keeps
calling considerCandidates until it exhausts all potential parents. In
the case where a large number of certificates look to have signed each
other (e.g. all have subject==issuerSubject and the same key),
alreadyInChain is not particularly cheap, meaning even though we hit our
"this is too much work" limit, we still do a lot of work.
Move alreadyInChain after the signature limit, and also return a
sentinel error, and check it in buildChains so we can break out of the
loop early if we aren't actually going to do any more work.
Thanks to Jakub Ciolek for reporting this issue.
Fixes #78282
Fixes CVE-2026-32280
Change-Id: Ie6f05c6ba3b0a40c21f64f7c4f846e74fae3b10e
Reviewed-on: https://go-review.googlesource.com/c/go/+/758320
Reviewed-by: Damien Neil <dneil@google.com>
Reviewed-by: Neal Patel <nealpatel@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Jakub Ciolek <jakub@ciolek.dev>
Diffstat (limited to 'src/database/sql')
0 files changed, 0 insertions, 0 deletions