diff options
| author | Dmitri Shuralyov <dmitshur@golang.org> | 2020-01-28 13:20:57 -0500 |
|---|---|---|
| committer | Dmitri Shuralyov <dmitshur@golang.org> | 2020-01-28 20:26:36 +0000 |
| commit | b13ce14c4a6aa59b7b041ad2b6eed2d23e15b574 (patch) | |
| tree | 74d4ed6d478c2fc21a3ecab301aae55d6675defe /src/runtime/mpallocbits.go | |
| parent | a858d15f11f87b53792a6afb156716b80f9634c7 (diff) | |
| download | go-b13ce14c4a6aa59b7b041ad2b6eed2d23e15b574.tar.xz | |
src/go.mod: import x/crypto/cryptobyte security fix for 32-bit archs
cryptobyte: fix panic due to malformed ASN.1 inputs on 32-bit archs
When int is 32 bits wide (on 32-bit architectures like 386 and arm), an
overflow could occur, causing a panic, due to malformed ASN.1 being
passed to any of the ASN1 methods of String.
Tested on linux/386 and darwin/amd64.
This fixes CVE-2020-7919 and was found thanks to the Project Wycheproof
test vectors.
Change-Id: I8c9696a8bfad1b40ec877cd740dba3467d66ab54
Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/645211
Reviewed-by: Katie Hockman <katiehockman@google.com>
Reviewed-by: Adam Langley <agl@google.com>
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/216677
Run-TryBot: Katie Hockman <katie@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
x/crypto/cryptobyte is used in crypto/x509 for parsing certificates.
Malformed certificates might cause a panic during parsing on 32-bit
architectures (like arm and 386).
Change-Id: I840feb54eba880dbb96780ef7adcade073c4c4e3
Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/647741
Reviewed-by: Katie Hockman <katiehockman@google.com>
Reviewed-on: https://go-review.googlesource.com/c/go/+/216680
Reviewed-by: Katie Hockman <katie@golang.org>
Diffstat (limited to 'src/runtime/mpallocbits.go')
0 files changed, 0 insertions, 0 deletions