commit | 2fb46b16b8dda405028c50f7c7f0f9dd1fa6bfb1 | [log] [tgz] |
---|---|---|
author | Lorenz Bauer <lmb@cloudflare.com> | Fri Feb 02 11:17:09 2018 +0000 |
committer | Brad Fitzpatrick <bradfitz@golang.org> | Fri Feb 02 18:09:47 2018 +0000 |
tree | c033fa009c06b037bc1278ac47267216071a1e51 | |
parent | b417086c80e91bfa321ef761574721644b8b9f61 [diff] |
dns/dnsmessage: don't use untrusted data to pre-allocate slices We mustn't use data from p.header to pre-allocate slices for Message.Question, etc. Otherwise an attacker can force the allocation of several MiB per parsed message, which can lead to a DoS via putting pressure on the GC. Fixes golang/go#23214 Change-Id: I6c99577f625b08331b438533adb6b8167bcd1ec5 Reviewed-on: https://go-review.googlesource.com/85135 Reviewed-by: Ian Gudger <igudger@google.com> Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
This repository holds supplementary Go networking libraries.
The easiest way to install is to run go get -u golang.org/x/net
. You can also manually git clone the repository to $GOPATH/src/golang.org/x/net
.
This repository uses Gerrit for code changes. To learn how to submit changes to this repository, see https://golang.org/doc/contribute.html. The main issue tracker for the net repository is located at https://github.com/golang/go/issues. Prefix your issue with “x/net:” in the subject line, so it is easy to find.