New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix a memory bug in ldap's ParseDN function by disabling part of the functionality #6770
Conversation
…functionality Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
/lgtm |
/approve |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: inteon The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
/cherrypick release-1.14 |
@inteon: once the present PR merges, I will cherry-pick it on top of release-1.14 in a new PR and assign it to you. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/cherrypick release-1.13 |
@inteon: once the present PR merges, I will cherry-pick it on top of release-1.13 in a new PR and assign it to you. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/cherrypick release-1.12 |
@inteon: once the present PR merges, I will cherry-pick it on top of release-1.12 in a new PR and assign it to you. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/hold Should this even be merged into master? Why not merge into release-1.14 and then cherry-pick from there into release-1.13 and release-1.12? I don't think we ever intend for this code to be used in a future release. I'm happy to merge as-is, hold is just to ask the question |
@SgtCoDFish My plan is to merge this bugfix in master and backport to all older versions. |
diff --git a/pkg/util/pki/parse_test.go b/pkg/util/pki/parse_test.go
index a219564c4..34307b0da 100644
--- a/pkg/util/pki/parse_test.go
+++ b/pkg/util/pki/parse_test.go
@@ -47,6 +47,15 @@ func generatePKCS8PrivateKey(keyAlgo v1.PrivateKeyAlgorithm, keySize int) ([]byt
return EncodePKCS8PrivateKey(privateKey)
}
+func BenchmarkParseSubject(b *testing.B) {
+ for n := 0; n < b.N; n++ {
+ _, err := ParseSubjectStringToRawDERBytes("DF=#6666666666665006838820013100000746939546349182108463491821809FBFFFFFFFFF")
+ if err == nil {
+ b.Fatal("expected error, but got none")
+ }
+ }
+}
+
func TestDecodePrivateKeyBytes(t *testing.T) {
type testT struct {
name string Run with: go test -bench=. -benchmem ./pkg/util/pki/... Before this change:
After this change:
MIght be worth adding that benchmark to the followup PR for comparison |
/retest |
@inteon: new pull request created: #6772 In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
@inteon: new pull request created: #6773 In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
@inteon: new pull request created: #6774 In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Quick fix for memory issues caused by github.com/go-asn1-ber/asn1-ber library.
Similar to notaryproject/notation-go#275.
Will be superseded by #6761, the goal of this PR is to backport this quick fix to older cert-manager versions.
Kind
/kind bug
Release Note