mime/multipart: memory exhaustion due to no limit on line length #1528
Description
The mime/multipart package does not impose line length limits. Maliciously crafted
messages will cause bufio to allocate memory in infinite loop.
In general, bufio.ReadString('\n') should not be used against untrusted input. Its uses
should be rewritten to use the recently added encoding/line package.
package main
ipackage main
import (
"mime/multipart"
"os"
)
type malicious struct{}
func (malicious) Read(b []byte) (n int, err os.Error) {
return len(b), nil
}
func main() {
r := multipart.NewReader(&malicious{}, "fooBoundary")
r.NextPart()
}