Google Git
Sign in
go / crypto.git / 24ffb5feb3312a39054178a4b0a4554fc2201248
commit24ffb5feb3312a39054178a4b0a4554fc2201248[log] [tgz]
authorKB Sriram <kbsriram@google.com>Wed May 06 21:55:27 2015 -0700
committerAdam Langley <agl@golang.org>Fri May 08 01:16:24 2015 +0000
treeb5abd0276b987616b29b1093861cb410273bf996
parent59435533c88bd0b1254c738244da1fe96b59d05d [diff]
x/crypto/openpgp: Limit packet recursion depth.

A carefully crafted packet can cause the packet reader to push an
infinite number of recursive packet readers. This change limits
the number of recursive parsing levels within the packet reader.

More details at:
http://mumble.net/~campbell/misc/pgp-quine
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4402

Fixes #10751

Change-Id: Ib4e102d85f6496e2c7feb5b9d7e5db45db6032df
Reviewed-on: https://go-review.googlesource.com/9843
Reviewed-by: Adam Langley <agl@golang.org>
3 files changed
tree: b5abd0276b987616b29b1093861cb410273bf996
  1. bcrypt/
  2. blowfish/
  3. bn256/
  4. cast5/
  5. curve25519/
  6. hkdf/
  7. md4/
  8. nacl/
  9. ocsp/
  10. openpgp/
  11. otr/
  12. pbkdf2/
  13. poly1305/
  14. ripemd160/
  15. salsa20/
  16. scrypt/
  17. sha3/
  18. ssh/
  19. twofish/
  20. xtea/
  21. xts/
  22. .gitattributes
  23. .gitignore
  24. AUTHORS
  25. codereview.cfg
  26. CONTRIBUTING.md
  27. CONTRIBUTORS
  28. LICENSE
  29. PATENTS
  30. README