mirror
/
go
mirror of https://github.com/golang/go.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
go/src/io
History
Julie Qiu fa2d41d0ca io/fs: fix stack exhaustion in Glob 
A limit is added to the number of path separators allowed by an input to
Glob, to prevent stack exhaustion issues.

Thanks to Juho Nurminen of Mattermost who reported a similar issue in
path/filepath.

Fixes CVE-2022-30630
Fixes golang/go#53415

Change-Id: I5a9d02591fed90cd3d52627f5945f1301e53465d
Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1497588
Reviewed-by: Roland Shoemaker <bracewell@google.com>
Reviewed-on: https://go-review.googlesource.com/c/go/+/417065
Run-TryBot: Michael Knyszek <mknyszek@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Heschi Kreinick <heschi@google.com>
 		2022-07-12 15:05:55 +00:00
..
fs io/fs: fix stack exhaustion in Glob 2022-07-12 15:05:55 +00:00
ioutil all: fix spelling 2022-05-18 00:47:29 +00:00
example_test.go io: revert: add an Err field to LimitedReader 2022-06-04 14:00:38 +00:00
export_test.go io: unexport ErrBadWriteCount 2020-10-16 17:52:59 +00:00
io.go io: clarify SeekEnd offset value 2022-06-25 19:08:51 +00:00
io_test.go io: NopCloser forward WriterTo implementations if the reader supports it 2022-05-03 14:37:48 +00:00
multi.go all: gofmt main repo 2022-05-19 15:49:05 +00:00
multi_test.go io: add WriterTo to MultiReader 2022-03-07 23:22:26 +00:00
pipe.go io: unexport internal methods 2021-08-19 09:11:02 +00:00
pipe_test.go