encoding/gob: add top level security doc

Add a slightly expanded version of the Decoder type comment to the top level package doc, which explains that this package is not designed to be hardened against adversarial inputs. Change-Id: I8b83433838c8235eb06ded99041fdf726c811ee5 Reviewed-on: https://go-review.googlesource.com/c/go/+/436096 TryBot-Result: Gopher Robot <gobot@golang.org> Run-TryBot: Roland Shoemaker <roland@golang.org> Auto-Submit: Roland Shoemaker <roland@golang.org> Reviewed-by: Damien Neil <dneil@google.com>
author: Roland Shoemaker <roland@golang.org> 2022-09-28 14:41:30 -0700
committer: Gopher Robot <gobot@golang.org> 2022-09-29 00:30:21 +0000
commit: 13d48bb6a1ad3787c10fbbe4265ad11672d90a37 (patch)
tree: 36b9b59d61f3d96f94c676b03241a0ed779d6cde /src/encoding
parent: ffdfa9ff41a83fe1265c48b93381a8fa302cf480 (diff)
download: go-13d48bb6a1ad3787c10fbbe4265ad11672d90a37.tar.xz
1 files changed, 7 insertions, 0 deletions
diff --git a/src/encoding/gob/doc.go b/src/encoding/gob/doc.go
index 306d395d5b..04cb0ac471 100644
--- a/src/encoding/gob/doc.go
+++ b/src/encoding/gob/doc.go
@@ -276,6 +276,13 @@ document for background: https://golang.org/doc/go1compat
 
 See "Gobs of data" for a design discussion of the gob wire format:
 https://blog.golang.org/gobs-of-data
+
+# Security
+
+This package is not designed to be hardened against adversarial inputs. In
+particular, the Decoder does only basic sanity checking on decoded input sizes,
+and its limits are not configurable. Care should be taken when decoding gob data
+from untrusted sources, which may consume significant resources.
 */
 package gob
author	Roland Shoemaker <roland@golang.org>	2022-09-28 14:41:30 -0700
committer	Gopher Robot <gobot@golang.org>	2022-09-29 00:30:21 +0000
commit	13d48bb6a1ad3787c10fbbe4265ad11672d90a37 (patch)
tree	36b9b59d61f3d96f94c676b03241a0ed779d6cde /src/encoding
parent	ffdfa9ff41a83fe1265c48b93381a8fa302cf480 (diff)
download	go-13d48bb6a1ad3787c10fbbe4265ad11672d90a37.tar.xz