mirror
/
go
mirror of https://github.com/golang/go.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
go/src/encoding
History
Katie Hockman d86e53e896 [release-branch.go1.16-security] encoding/xml: prevent infinite loop while decoding 
This change properly handles a TokenReader which
returns an EOF in the middle of an open XML
element.

Thanks to Sam Whited for reporting this.

Fixes CVE-2021-27918

Change-Id: Id02a3f3def4a1b415fa2d9a8e3b373eb6cb0f433
Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1004594
Reviewed-by: Russ Cox <rsc@google.com>
Reviewed-by: Roland Shoemaker <bracewell@google.com>
Reviewed-by: Filippo Valsorda <valsorda@google.com>
(cherry picked from commit e7ce1f6746223ec7b4caa3b1ece25d9be3864710)
Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1014235
 		2021-03-09 17:55:05 +00:00
..
ascii85 all: update references to symbols moved from io/ioutil to io 2020-10-20 18:41:18 +00:00
asn1 encoding/asn1: document unmarshaling behavior for IMPLICIT string fields 2021-01-12 18:32:48 +00:00
base32 all: update references to symbols moved from io/ioutil to io 2020-10-20 18:41:18 +00:00
base64 all: update references to symbols moved from io/ioutil to io 2020-10-20 18:41:18 +00:00
binary all: update references to symbols moved from io/ioutil to io 2020-10-20 18:41:18 +00:00
csv encoding/csv: optimize Write by giving fieldNeedsQuotes a fast path for when Comma is ascii 2020-05-05 23:57:19 +00:00
gob all: update references to symbols moved from io/ioutil to io 2020-10-20 18:41:18 +00:00
hex all: update references to symbols moved from io/ioutil to io 2020-10-20 18:41:18 +00:00
json encoding/json: revert "add "json: " prefix to SyntaxError messages" 2020-12-01 22:51:45 +00:00
pem all: update references to symbols moved from io/ioutil to io 2020-10-20 18:41:18 +00:00
xml [release-branch.go1.16-security] encoding/xml: prevent infinite loop while decoding 2021-03-09 17:55:05 +00:00
encoding.go