diff options
| author | Navtej <nkathuria@nvidia.com> | 2026-03-26 21:05:23 +0000 |
|---|---|---|
| committer | Gopher Robot <gobot@golang.org> | 2026-04-03 13:23:57 -0700 |
| commit | 583ed06a2b82cf7437b37b2fc1fd2c772d7de420 (patch) | |
| tree | 8a59aac7c855bbc0466e0500241af4db2a5efc06 /test/codegen | |
| parent | 16b01d5362794110376c23e83f386b9e413e2464 (diff) | |
| download | go-583ed06a2b82cf7437b37b2fc1fd2c772d7de420.tar.xz | |
crypto/x509/pkix: avoid quadratic string concatenation in RDNSequence.String
RDNSequence.String builds its result using repeated s += ... inside
nested loops, leading to O(N²) time and memory complexity.
A certificate with many Subject or Issuer RDN entries can therefore
cause excessive CPU and memory usage when String is called.
Switch to strings.Builder to construct the output, reducing complexity
to O(N) without changing behavior.
This follows the same approach used to fix CVE-2025-61729
(HostnameError.Error), which addressed the same quadratic concatenation
pattern.
Change-Id: Id44303b5732081de9f01d186bc2b8ac66349a650
GitHub-Last-Rev: b0706c20655d1a263c3a989b76c0c25796c900df
GitHub-Pull-Request: golang/go#78265
Reviewed-on: https://go-review.googlesource.com/c/go/+/757680
Reviewed-by: Navtej Kathuria US <nkathuria@nvidia.com>
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Mateusz Poliwczak <mpoliwczak34@gmail.com>
Reviewed-by: Junyang Shao <shaojunyang@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Mateusz Poliwczak <mpoliwczak34@gmail.com>
Diffstat (limited to 'test/codegen')
0 files changed, 0 insertions, 0 deletions