Google Git
Sign in
fuchsia / third_party / golang / net / refs/heads/upstream/internal-branch.go1.19-vendor
commitd99f623d45a4846fab7f1cc1d429359adb1e1ec1[log] [tgz]
authorDamien Neil <[email protected]>Thu Dec 22 09:33:10 2022 -0800
committerMichael Pratt <[email protected]>Tue Feb 14 20:08:05 2023 +0000
tree3c87c33a7c35902b44eed90f6d3e954d40b20394
parent183621ab9c4e43af4b725d1302c73c75ff11e5ec [diff]
[internal-branch.go1.19-vendor] http2/hpack: avoid quadratic complexity in hpack decoding

When parsing a field literal containing two Huffman-encoded strings,
don't decode the first string until verifying all data is present.
Avoids forced quadratic complexity when repeatedly parsing a partial
field, repeating the Huffman decoding of the string on each iteration.

Thanks to Philippe Antoine (Catena cyber) for reporting this issue.

Fixes golang/go#57855
Fixes CVE-2022-41723
For golang/go#58355

Change-Id: I58a743df450a4a4923dddd5cf6bb0592b0a7bdf3
Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1688184
TryBot-Result: Security TryBots <[email protected]>
Reviewed-by: Julie Qiu <[email protected]>
Run-TryBot: Damien Neil <[email protected]>
Reviewed-by: Roland Shoemaker <[email protected]>
Reviewed-on: https://go-review.googlesource.com/c/net/+/468135
Run-TryBot: Michael Pratt <[email protected]>
Reviewed-by: Roland Shoemaker <[email protected]>
Reviewed-by: Than McIntosh <[email protected]>
Auto-Submit: Michael Pratt <[email protected]>
TryBot-Result: Gopher Robot <[email protected]>
(cherry picked from commit 8e2b117aee74f6b86c207a808b0255de45c0a18a)
Reviewed-on: https://go-review.googlesource.com/c/net/+/468335
2 files changed
tree: 3c87c33a7c35902b44eed90f6d3e954d40b20394
  1. bpf/
  2. context/
  3. dict/
  4. dns/
  5. html/
  6. http/
  7. http2/
  8. icmp/
  9. idna/
  10. internal/
  11. ipv4/
  12. ipv6/
  13. lif/
  14. nettest/
  15. netutil/
  16. proxy/
  17. publicsuffix/
  18. route/
  19. trace/
  20. webdav/
  21. websocket/
  22. xsrftoken/
  23. .gitattributes
  24. .gitignore
  25. AUTHORS
  26. codereview.cfg
  27. CONTRIBUTING.md
  28. CONTRIBUTORS
  29. go.mod
  30. go.sum
  31. LICENSE
  32. PATENTS
  33. README.md
README.md

Go Networking

Go Reference

This repository holds supplementary Go networking libraries.

Download/Install

The easiest way to install is to run go get -u golang.org/x/net. You can also manually git clone the repository to $GOPATH/src/golang.org/x/net.

Report Issues / Send Patches

This repository uses Gerrit for code changes. To learn how to submit changes to this repository, see https://golang.org/doc/contribute.html. The main issue tracker for the net repository is located at https://github.com/golang/go/issues. Prefix your issue with “x/net:” in the subject line, so it is easy to find.

OSZAR »