]> Cypherpunks.ru repositories - gostls13.git/commit
projects / gostls13.git / commit
summary | shortlog | log | commit | commitdiff | tree
(parent: ea6b5a6) | patch
[release-branch.go1.20] net/textproto, mime/multipart: improve accounting of non...
authorDamien Neil <dneil@google.com>
Thu, 16 Mar 2023 23:56:12 +0000 (16:56 -0700)
committerGopher Robot <gobot@golang.org>
Tue, 4 Apr 2023 16:58:38 +0000 (16:58 +0000)
commitec18f62df59d8f857e63ed3d7480754c49b072c3
tree4fb2ac40d0978348830c252c22d0984e792c2d9btree
parentea6b5a64dd5bf68b33286436ffbe06f68a1fdbfdcommit | diff
[release-branch.go1.20] net/textproto, mime/multipart: improve accounting of non-file data

For requests containing large numbers of small parts,
memory consumption of a parsed form could be about 250%
over the estimated size.

When considering the size of parsed forms, account for the size of
FileHeader structs and increase the estimate of memory consumed by
map entries.

Thanks to Jakob Ackermann (@das7pad) for reporting this issue.

For CVE-2023-24536
For #59153
For #59270

Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1802454
Run-TryBot: Damien Neil <dneil@google.com>
Reviewed-by: Roland Shoemaker <bracewell@google.com>
Reviewed-by: Julie Qiu <julieqiu@google.com>
Change-Id: I9753aa1f8a1b1479c160f870def3b7081b6847ac
Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1802399
TryBot-Result: Security TryBots <security-trybots@go-security-trybots.iam.gserviceaccount.com>
Run-TryBot: Roland Shoemaker <bracewell@google.com>
Reviewed-on: https://go-review.googlesource.com/c/go/+/481990
TryBot-Bypass: Michael Knyszek <mknyszek@google.com>
Reviewed-by: Matthew Dempsky <mdempsky@google.com>
Run-TryBot: Michael Knyszek <mknyszek@google.com>
Auto-Submit: Michael Knyszek <mknyszek@google.com>
src/mime/multipart/formdata.go diff | blob | history
src/mime/multipart/formdata_test.go diff | blob | history
src/net/textproto/reader.go diff | blob | history
Go GOST TLS 1.3