Commit 91062c2e authored by Katie Hockman's avatar Katie Hockman Committed by Katie Hockman
Browse files

[release-branch.go1.15-security] encoding/xml: prevent infinite loop while decoding 

This change properly handles a TokenReader which
returns an EOF in the middle of an open XML
element.

Thanks to Sam Whited for reporting this.

Fixes CVE-2021-27918

Change-Id: Id02a3f3def4a1b415fa2d9a8e3b373eb6cb0f433
Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1004594


Reviewed-by: default avatarRuss Cox <rsc@google.com>
Reviewed-by: default avatarRoland Shoemaker <bracewell@google.com>
Reviewed-by: default avatarFilippo Valsorda <valsorda@google.com>
(cherry picked from commit e7ce1f6746223ec7b4caa3b1ece25d9be3864710)
Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1014236
parent fa6752a5
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please to comment