Google Git
Sign in
go / go / c4c1993fd2a5b26fe45c09592af6d3388a3b2e08
commitc4c1993fd2a5b26fe45c09592af6d3388a3b2e08[log] [tgz]
authorRoland Shoemaker <roland@golang.org>Tue Mar 29 15:52:09 2022 -0700
committerMichael Knyszek <mknyszek@google.com>Tue Jul 12 15:05:33 2022 +0000
treec9fcd79b62f65e7c2bda9d3e4bb6e4a34a7928a5
parent913d05133c7fb3adfd2b1a34a47d635d8e072fa2 [diff]
encoding/xml: limit depth of nesting in unmarshal

Prevent exhausting the stack limit when unmarshalling extremely deeply
nested structures into nested types.

Fixes #53611
Fixes CVE-2022-30633

Change-Id: Ic6c5d41674c93cfc9a316135a408db9156d39c59
Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1421319
Reviewed-by: Damien Neil <dneil@google.com>
Reviewed-by: Julie Qiu <julieqiu@google.com>
Reviewed-on: https://go-review.googlesource.com/c/go/+/417061
Run-TryBot: Michael Knyszek <mknyszek@google.com>
Reviewed-by: Heschi Kreinick <heschi@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
2 files changed
tree: c9fcd79b62f65e7c2bda9d3e4bb6e4a34a7928a5
  1. .github/
  2. api/
  3. doc/
  4. lib/
  5. misc/
  6. src/
  7. test/
  8. .gitattributes
  9. .gitignore
  10. AUTHORS
  11. codereview.cfg
  12. CONTRIBUTING.md
  13. CONTRIBUTORS
  14. LICENSE
  15. PATENTS
  16. README.md
  17. SECURITY.md
README.md

The Go Programming Language

Go is an open source programming language that makes it easy to build simple, reliable, and efficient software.

Gopher image Gopher image by Renee French, licensed under Creative Commons 3.0 Attributions license.

Our canonical Git repository is located at https://go.googlesource.com/go. There is a mirror of the repository at https://github.com/golang/go.

Unless otherwise noted, the Go source files are distributed under the BSD-style license found in the LICENSE file.

Download and Install

Binary Distributions

Official binary distributions are available at https://go.dev/dl/.

After downloading a binary release, visit https://go.dev/doc/install for installation instructions.

Install From Source

If a binary distribution is not available for your combination of operating system and architecture, visit https://go.dev/doc/install/source for source installation instructions.

Contributing

Go is the work of thousands of contributors. We appreciate your help!

To contribute, please read the contribution guidelines at https://go.dev/doc/contribute.

Note that the Go project uses the issue tracker for bug reports and proposals only. See https://go.dev/wiki/Questions for a list of places to ask questions about the Go language.