diff options
| author | Roland Shoemaker <bracewell@google.com> | 2024-05-03 09:21:39 -0400 |
|---|---|---|
| committer | Gopher Robot <gobot@golang.org> | 2024-09-05 14:55:14 +0000 |
| commit | fa8ff1a46deb6c816304441ec6740ec112e19012 (patch) | |
| tree | 2ae4d40acac8513eff5798d81064d45c6d10b62f /src/encoding/gob/decoder.go | |
| parent | 53487e5477151ed75da50e50a0ba8f1ca64c00a3 (diff) | |
| download | go-fa8ff1a46deb6c816304441ec6740ec112e19012.tar.xz | |
[release-branch.go1.23] encoding/gob: cover missed cases when checking ignore depth
This change makes sure that we are properly checking the ignored field
recursion depth in decIgnoreOpFor consistently. This prevents stack
exhaustion when attempting to decode a message that contains an
extremely deeply nested struct which is ignored.
Thanks to Md Sakib Anwar of The Ohio State University (anwar.40@osu.edu)
for reporting this issue.
Updates #69139
Fixes #69145
Fixes CVE-2024-34156
Change-Id: Iacce06be95a5892b3064f1c40fcba2e2567862d6
Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/1440
Reviewed-by: Russ Cox <rsc@google.com>
Reviewed-by: Damien Neil <dneil@google.com>
(cherry picked from commit 9f2ea73c5f2a7056b7da5d579a485a7216f4b20a)
Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/1581
Commit-Queue: Roland Shoemaker <bracewell@google.com>
Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
Reviewed-on: https://go-review.googlesource.com/c/go/+/611176
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Auto-Submit: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: Michael Pratt <mpratt@google.com>
TryBot-Bypass: Dmitri Shuralyov <dmitshur@google.com>
Diffstat (limited to 'src/encoding/gob/decoder.go')
| -rw-r--r-- | src/encoding/gob/decoder.go | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/src/encoding/gob/decoder.go b/src/encoding/gob/decoder.go index c4b6088013..eae307838e 100644 --- a/src/encoding/gob/decoder.go +++ b/src/encoding/gob/decoder.go @@ -35,6 +35,8 @@ type Decoder struct { freeList *decoderState // list of free decoderStates; avoids reallocation countBuf []byte // used for decoding integers while parsing messages err error + // ignoreDepth tracks the depth of recursively parsed ignored fields + ignoreDepth int } // NewDecoder returns a new decoder that reads from the [io.Reader]. |