| commit | 59706cdaa8f95502fdec64b67b4c61d6ca58727d | [log] [tgz] |
|---|---|---|
| author | Roland Shoemaker <roland@golang.org> | Mon Sep 29 16:33:18 2025 -0700 |
| committer | Roland Shoemaker <roland@golang.org> | Tue Oct 07 11:18:01 2025 -0700 |
| tree | 858913fd630d3606f1a59de6b9ece80f8bf751df | |
| parent | 6ec8895aa5f6594da7356da7d341b98133629009 [diff] |
html: impose open element stack size limit The HTML specification contains a number of algorithms which are quadratic in complexity by design. Instead of adding complicated workarounds to prevent these cases from becoming extremely expensive in pathological cases, we impose a limit of 512 to the size of the stack of open elements. It is extremely unlikely that non-adversarial HTML documents will ever hit this limit (but if we see cases of this, we may want to make the limit configurable via a ParseOption). Thanks to Guido Vranken and Jakub Ciolek for both independently reporting this issue. Fixes CVE-2025-47911 Fixes golang/go#75682 Change-Id: I890517b189af4ffbf427d25d3fde7ad7ec3509ad Reviewed-on: https://go-review.googlesource.com/c/net/+/709876 Reviewed-by: Damien Neil <dneil@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
This repository holds supplementary Go networking packages.
This repository uses Gerrit for code changes. To learn how to submit changes to this repository, see https://go.dev/doc/contribute.
The git repository is https://go.googlesource.com/net.
The main issue tracker for the net repository is located at https://go.dev/issues. Prefix your issue with “x/net:” in the subject line, so it is easy to find.