Cypherpunks.ru repositories - gostls13.git/commit

author	Katie Hockman <katie@golang.org>
	Tue, 10 Nov 2020 20:54:12 +0000 (15:54 -0500)
committer	Katie Hockman <katie@golang.org>
	Thu, 12 Nov 2020 20:42:40 +0000 (20:42 +0000)
commit	1e1fa5903b760c6714ba17e50bf850b01f49135c
tree	99c236777e152cea208b785f6263f0b41bb540a1	tree
parent	b34b0aaf69349f060d3b03a06f520848964cb7eb	commit \| diff

math/big: fix shift for recursive division

The previous s value could cause a crash
for certain inputs.

Will check in tests and documentation improvements later.

Thanks to the Go Ethereum team and the OSS-Fuzz project for reporting this.
Thanks to Rémy Oudompheng and Robert Griesemer for their help
developing and validating the fix.

Fixes CVE-2020-28362

Change-Id: Ibbf455c4436bcdb07c84a34fa6551fb3422356d3
Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/899974
Reviewed-by: Roland Shoemaker <bracewell@google.com>
Reviewed-by: Filippo Valsorda <valsorda@google.com>
Reviewed-on: https://go-review.googlesource.com/c/go/+/269657
Trust: Katie Hockman <katie@golang.org>
Trust: Roland Shoemaker <roland@golang.org>
Run-TryBot: Katie Hockman <katie@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>