Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

math/big: (*Rat).SetString with "1.770p02041010010011001001" crashes with "makeslice: len out of range" [1.15 backport] #46305

Closed
gopherbot opened this issue May 21, 2021 · 3 comments
Closed

math/big: (*Rat).SetString with "1.770p02041010010011001001" crashes with "makeslice: len out of range" [1.15 backport] #46305

gopherbot opened this issue May 21, 2021 · 3 comments
Labels
CherryPickApproved Used during the release process for point releases FrozenDueToAge release-blocker Security
Milestone
Go1.15.13

Comments

@gopherbot
Copy link
Contributor

@katiehockman requested issue #45910 to be considered for backport to the next 1.15 minor release.

@gopherbot please consider this for backport to 1.15 and 1.16 as this is a security issue.
@gopherbot gopherbot added the CherryPickCandidate Used during the release process for point releases label May 21, 2021
@gopherbot gopherbot mentioned this issue May 21, 2021
Closed
@gopherbot gopherbot added this to the Go1.15.13 milestone May 21, 2021
@katiehockman katiehockman self-assigned this May 21, 2021
@gopherbot
Copy link
Contributor Author

Change https://golang.org/cl/321831 mentions this issue: [release-branch.go1.15] math/big: check for excessive exponents in Rat.SetString
@dmitshur dmitshur mentioned this issue May 21, 2021
Closed
@dmitshur
Copy link
Contributor

Approving as a fix for a security issue. This backport applies to both 1.16 (#46306) and 1.15 (this issue).
@dmitshur dmitshur added CherryPickApproved Used during the release process for point releases and removed CherryPickCandidate Used during the release process for point releases labels May 21, 2021
@gopherbot
Copy link
Contributor Author

Closed by merging df9ce19 to release-branch.go1.15.
gopherbot pushed a commit that referenced this issue May 27, 2021
@griesemer @katiehockman
[release-branch.go1.15] math/big: check for excessive exponents in Ra…
df9ce19 
…t.SetString

Found by OSS-Fuzz https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33284

Thanks to Emmanuel Odeke for reporting this issue.

Updates #45910
Fixes #46305
Fixes CVE-2021-33198

Change-Id: I61e7b04dbd80343420b57eede439e361c0f7b79c
Reviewed-on: https://go-review.googlesource.com/c/go/+/316149
Trust: Robert Griesemer <gri@golang.org>
Trust: Katie Hockman <katie@golang.org>
Run-TryBot: Robert Griesemer <gri@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Katie Hockman <katie@golang.org>
Reviewed-by: Emmanuel Odeke <emmanuel@orijtech.com>
(cherry picked from commit 6c591f7)
Reviewed-on: https://go-review.googlesource.com/c/go/+/321831
Run-TryBot: Katie Hockman <katie@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
@golang golang locked and limited conversation to collaborators May 27, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
CherryPickApproved Used during the release process for point releases FrozenDueToAge release-blocker Security
4 participants
@FiloSottile @dmitshur @gopherbot @katiehockman