]> Cypherpunks.ru repositories - gostls13.git/commit
projects / gostls13.git / commit
summary | shortlog | log | commit | commitdiff | tree
(parent: 881a165) | patch
regexp: limit size of parsed regexps
authorRuss Cox <rsc@golang.org>
Wed, 28 Sep 2022 15:18:51 +0000 (11:18 -0400)
committerGopher Robot <gobot@golang.org>
Wed, 5 Oct 2022 20:39:49 +0000 (20:39 +0000)
commitc3c4aea55b404c2e6ef109ec6a345f4ccb877381
tree966c1c4e4ded7d3cf414056249a32584c044baf7tree
parent881a16542e357fd85ac492424021ff380175675acommit | diff
regexp: limit size of parsed regexps

Set a 128 MB limit on the amount of space used by []syntax.Inst
in the compiled form corresponding to a given regexp.

Also set a 128 MB limit on the rune storage in the *syntax.Regexp
tree itself.

Thanks to Adam Korczynski (ADA Logics) and OSS-Fuzz for reporting this issue.

Fixes CVE-2022-41715.
Fixes #55949.

Change-Id: Ia656baed81564436368cf950e1c5409752f28e1b
Reviewed-on: https://go-review.googlesource.com/c/go/+/439356
Auto-Submit: Roland Shoemaker <roland@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
Run-TryBot: Roland Shoemaker <roland@golang.org>
Reviewed-by: Damien Neil <dneil@google.com>
src/regexp/syntax/parse.go diff | blob | history
src/regexp/syntax/parse_test.go diff | blob | history
Go GOST TLS 1.3