io/fs: fix stack exhaustion in Glob - go - Fork of Go programming language with my patches.

diff options

author	Julie Qiu <julieqiu@google.com>	2022-06-23 23:17:53 +0000
committer	Michael Knyszek <mknyszek@google.com>	2022-07-12 15:05:55 +0000
commit	fa2d41d0ca736f3ad6b200b2a4e134364e9acc59 (patch)
tree	478c848a7c669695bfd5d7c3506c22d77951208e /src/path/filepath
parent	6fa37e98ea4382bf881428ee0c150ce591500eb7 (diff)
download	go-fa2d41d0ca736f3ad6b200b2a4e134364e9acc59.tar.xz

io/fs: fix stack exhaustion in Glob

A limit is added to the number of path separators allowed by an input to Glob, to prevent stack exhaustion issues. Thanks to Juho Nurminen of Mattermost who reported a similar issue in path/filepath. Fixes CVE-2022-30630 Fixes golang/go#53415 Change-Id: I5a9d02591fed90cd3d52627f5945f1301e53465d Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1497588 Reviewed-by: Roland Shoemaker <bracewell@google.com> Reviewed-on: https://go-review.googlesource.com/c/go/+/417065 Run-TryBot: Michael Knyszek <mknyszek@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Heschi Kreinick <heschi@google.com>

Diffstat (limited to 'src/path/filepath')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: