-
Notifications
You must be signed in to change notification settings - Fork 17.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
math/big: index out of range in Float.GobDecode #53871
Comments
CC @griesemer @golang/security |
Oh I thought GobDecode was not a security issue... |
Ah, no, it's just owned in part by the Go security team. I don't know whether this is a security issue. (See https://dev.golang.org/owners.) |
Generally we consider panics in functions which take external input to be security issues. If you are not sure, feel free to send a message to security@golang.org before opening an issue and we will be happy to check. |
Change https://go.dev/cl/417774 mentions this issue: |
Another reproducer for Rat : https://go.dev/play/p/6Qpskg2_Abp |
@gopherbot please open backports, this is a security issue. |
Backport issue(s) opened: #54094 (for 1.17), #54095 (for 1.18). Remember to create the cherry-pick CL(s) as soon as the patch is submitted to master, according to https://go.dev/wiki/MinorReleases. |
Change https://go.dev/cl/419814 mentions this issue: |
Change https://go.dev/cl/419815 mentions this issue: |
So, I should have sent a mail instead of opening a GitHub issue, sorry about missing it. |
In Float.GobDecode and Rat.GobDecode, check buffer sizes before indexing slices. Updates #53871 Fixes #54095 Change-Id: I1b652c32c2bc7a0e8aa7620f7be9b2740c568b0a Reviewed-on: https://go-review.googlesource.com/c/go/+/417774 TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Tatiana Bradley <tatiana@golang.org> Run-TryBot: Roland Shoemaker <roland@golang.org> (cherry picked from commit 055113e) Reviewed-on: https://go-review.googlesource.com/c/go/+/419815 Reviewed-by: Julie Qiu <julieqiu@google.com>
In Float.GobDecode and Rat.GobDecode, check buffer sizes before indexing slices. Updates #53871 Fixes #54094 Change-Id: I1b652c32c2bc7a0e8aa7620f7be9b2740c568b0a Reviewed-on: https://go-review.googlesource.com/c/go/+/417774 TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Tatiana Bradley <tatiana@golang.org> Run-TryBot: Roland Shoemaker <roland@golang.org> (cherry picked from commit 055113e) Reviewed-on: https://go-review.googlesource.com/c/go/+/419814 Reviewed-by: Julie Qiu <julieqiu@google.com>
In Float.GobDecode and Rat.GobDecode, check buffer sizes before indexing slices. Fixes golang#53871 Change-Id: I1b652c32c2bc7a0e8aa7620f7be9b2740c568b0a Reviewed-on: https://go-review.googlesource.com/c/go/+/417774 TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Tatiana Bradley <tatiana@golang.org> Run-TryBot: Roland Shoemaker <roland@golang.org>
In Float.GobDecode and Rat.GobDecode, check buffer sizes before indexing slices. Updates golang#53871 Fixes golang#54094 Change-Id: I1b652c32c2bc7a0e8aa7620f7be9b2740c568b0a Reviewed-on: https://go-review.googlesource.com/c/go/+/417774 TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Tatiana Bradley <tatiana@golang.org> Run-TryBot: Roland Shoemaker <roland@golang.org> (cherry picked from commit 055113e) Reviewed-on: https://go-review.googlesource.com/c/go/+/419814 Reviewed-by: Julie Qiu <julieqiu@google.com>
In Float.GobDecode and Rat.GobDecode, check buffer sizes before indexing slices. Updates golang#53871 Fixes golang#54094 Change-Id: I1b652c32c2bc7a0e8aa7620f7be9b2740c568b0a Reviewed-on: https://go-review.googlesource.com/c/go/+/417774 TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Tatiana Bradley <tatiana@golang.org> Run-TryBot: Roland Shoemaker <roland@golang.org> (cherry picked from commit 055113e) Reviewed-on: https://go-review.googlesource.com/c/go/+/419814 Reviewed-by: Julie Qiu <julieqiu@google.com>
In Float.GobDecode and Rat.GobDecode, check buffer sizes before indexing slices. Updates golang#53871 Fixes golang#54094 Change-Id: I1b652c32c2bc7a0e8aa7620f7be9b2740c568b0a Reviewed-on: https://go-review.googlesource.com/c/go/+/417774 TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Tatiana Bradley <tatiana@golang.org> Run-TryBot: Roland Shoemaker <roland@golang.org> (cherry picked from commit 055113e) Reviewed-on: https://go-review.googlesource.com/c/go/+/419814 Reviewed-by: Julie Qiu <julieqiu@google.com>
In Float.GobDecode and Rat.GobDecode, check buffer sizes before indexing slices. Updates golang#53871 Fixes golang#54094 Change-Id: I1b652c32c2bc7a0e8aa7620f7be9b2740c568b0a Reviewed-on: https://go-review.googlesource.com/c/go/+/417774 TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Tatiana Bradley <tatiana@golang.org> Run-TryBot: Roland Shoemaker <roland@golang.org> (cherry picked from commit 055113e) Reviewed-on: https://go-review.googlesource.com/c/go/+/419814 Reviewed-by: Julie Qiu <julieqiu@google.com>
# AWS EKS Backported To: go-1.15.15-eks Backported On: Thu, 22 Sept 2022 Backported By: budris@amazon.com Backported From: release-branch.go1.17 EKS Patch Source Commit: danbudris@2fcd1ec Upstream Source Commit: golang@703c8ab # Original Information In Float.GobDecode and Rat.GobDecode, check buffer sizes before indexing slices. Updates golang#53871 Fixes golang#54094 Change-Id: I1b652c32c2bc7a0e8aa7620f7be9b2740c568b0a Reviewed-on: https://go-review.googlesource.com/c/go/+/417774 TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Tatiana Bradley <tatiana@golang.org> Run-TryBot: Roland Shoemaker <roland@golang.org> (cherry picked from commit 055113e) Reviewed-on: https://go-review.googlesource.com/c/go/+/419814 Reviewed-by: Julie Qiu <julieqiu@google.com>
# AWS EKS Backported To: go-1.15.15-eks Backported On: Thu, 22 Sept 2022 Backported By: budris@amazon.com Backported From: release-branch.go1.17 EKS Patch Source Commit: danbudris@2fcd1ec Upstream Source Commit: golang@703c8ab # Original Information In Float.GobDecode and Rat.GobDecode, check buffer sizes before indexing slices. Updates golang#53871 Fixes golang#54094 Change-Id: I1b652c32c2bc7a0e8aa7620f7be9b2740c568b0a Reviewed-on: https://go-review.googlesource.com/c/go/+/417774 TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Tatiana Bradley <tatiana@golang.org> Run-TryBot: Roland Shoemaker <roland@golang.org> (cherry picked from commit 055113e) Reviewed-on: https://go-review.googlesource.com/c/go/+/419814 Reviewed-by: Julie Qiu <julieqiu@google.com>
# AWS EKS Backported To: go-1.16.15-eks Backported On: Tue, 04 Oct 2022 Backported By: budris@amazon.com Backported From: release-branch.go1.17 EKS Patch Source Commit: danbudris@268843b Upstream Source Commit: golang@703c8ab # Original Information In Float.GobDecode and Rat.GobDecode, check buffer sizes before indexing slices. Updates golang#53871 Fixes golang#54094 Change-Id: I1b652c32c2bc7a0e8aa7620f7be9b2740c568b0a Reviewed-on: https://go-review.googlesource.com/c/go/+/417774 TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Tatiana Bradley <tatiana@golang.org> Run-TryBot: Roland Shoemaker <roland@golang.org> (cherry picked from commit 055113e) Reviewed-on: https://go-review.googlesource.com/c/go/+/419814 Reviewed-by: Julie Qiu <julieqiu@google.com>
What version of Go are you using (
go version
)?Does this issue reproduce with the latest release?
Yes
What operating system and processor architecture are you using (
go env
)?go env
OutputWhat did you do?
Run https://go.dev/play/p/-iOX1cXown9 ie
Float0.GobDecode([]byte{0x1, 0x0, 0x0, 0x0})
What did you expect to see?
The program finishing and printing somme Hello, without having allocated too much space
What did you see instead?
Found by https://github.com/catenacyber/ngolo-fuzzing on oss-fuzz
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=49120
The text was updated successfully, but these errors were encountered: