net/textproto, mime/multipart: improve accounting of non-file data - go - Fork of Go programming language with my patches.

diff options

author	Damien Neil <dneil@google.com>	2023-03-16 16:56:12 -0700
committer	Gopher Robot <gobot@golang.org>	2023-04-04 17:01:58 +0000
commit	3c010f2c2182a12f28ad86c5e1ff984f1f2d880a (patch)
tree	2915ded045c64503337d2bc4bcdb834034b88f7f /src/encoding/binary
parent	3549c613b9d354d9f5410afc54dc9f7e6393c8cf (diff)
download	go-3c010f2c2182a12f28ad86c5e1ff984f1f2d880a.tar.xz

net/textproto, mime/multipart: improve accounting of non-file data

For requests containing large numbers of small parts, memory consumption of a parsed form could be about 250% over the estimated size. When considering the size of parsed forms, account for the size of FileHeader structs and increase the estimate of memory consumed by map entries. Thanks to Jakob Ackermann (@das7pad) for reporting this issue. For CVE-2023-24536 For #59153 Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1802454 Run-TryBot: Damien Neil <dneil@google.com> Reviewed-by: Roland Shoemaker <bracewell@google.com> Reviewed-by: Julie Qiu <julieqiu@google.com> Change-Id: I9620758495ed77c09ca6dc5db4b723c29f3baad8 Reviewed-on: https://go-review.googlesource.com/c/go/+/482076 TryBot-Result: Gopher Robot <gobot@golang.org> Auto-Submit: Michael Knyszek <mknyszek@google.com> Run-TryBot: Michael Knyszek <mknyszek@google.com> Reviewed-by: Matthew Dempsky <mdempsky@google.com>

Diffstat (limited to 'src/encoding/binary')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: