[go/release-branch.go1.24] [release-branch.go1.24] encoding/asn1: prevent memory exhaustion when parsing using internal/saferio

[Gopher Robot (Gerrit)]

Gopher Robot submitted the change

Change information

Commit message:

[release-branch.go1.24] encoding/asn1: prevent memory exhaustion when parsing using internal/saferio

Within parseSequenceOf, reflect.MakeSlice is being used to pre-allocate
a slice that is needed in order to fully validate the given DER payload.
The size of the slice allocated are also multiple times larger than the
input DER:

- When using asn1.Unmarshal directly, the allocated slice is ~28x
  larger.
- When passing in DER using x509.ParseCertificateRequest, the allocated
  slice is ~48x larger.
- When passing in DER using ocsp.ParseResponse, the allocated slice is
  ~137x larger.

As a result, a malicious actor can craft a big empty DER payload,
resulting in an unnecessary large allocation of memories. This can be a
way to cause memory exhaustion.

To prevent this, we now use SliceCapWithSize within internal/saferio to
enforce a memory allocation cap.

Thanks to Jakub Ciolek for reporting this issue.

For #75671
Fixes #75704
Fixes CVE-2025-58185

Change-Id: Id50e76187eda43f594be75e516b9ca1d2ae6f428

Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/2700

Reviewed-by: Roland Shoemaker <brac...@google.com>

Reviewed-by: Damien Neil <dn...@google.com>

Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/2984

Reviewed-by: Nicholas Husin <hu...@google.com>

Reviewed-on: https://go-review.googlesource.com/c/go/+/709841

Reviewed-by: Carlos Amedee <car...@golang.org>

Auto-Submit: Michael Pratt <mpr...@google.com>

TryBot-Bypass: Michael Pratt <mpr...@google.com>

Files:

• M src/encoding/asn1/asn1.go
• M src/encoding/asn1/asn1_test.go
• M src/go/build/deps_test.go

Change size: M

Delta: 3 files changed, 48 insertions(+), 2 deletions(-)

Branch: refs/heads/release-branch.go1.24

Submit Requirements:

• Code-Review: +2 by Carlos Amedee
• TryBots-Pass: TryBot-Bypass+1 by Michael Pratt

Open in Gerrit

Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings.

Gerrit

Gerrit-MessageType: merged

Gerrit-Project: go

Gerrit-Branch: release-branch.go1.24

Gerrit-Change-Id: Id50e76187eda43f594be75e516b9ca1d2ae6f428

Gerrit-Change-Number: 709841

Gerrit-PatchSet: 2

Gerrit-Owner: Michael Pratt <mpr...@google.com>

Gerrit-Reviewer: Carlos Amedee <car...@golang.org>

Gerrit-Reviewer: Gopher Robot <go...@golang.org>

Gerrit-Reviewer: Michael Pratt <mpr...@google.com>

Gerrit-CC: Go LUCI <golang...@luci-project-accounts.iam.gserviceaccount.com>

Gerrit-CC: Nicholas Husin <hu...@google.com>

[Gopher Robot (Gerrit)]

Gopher Robot submitted the change

Change information

Commit message:

[release-branch.go1.25] encoding/asn1: prevent memory exhaustion when parsing using internal/saferio

Within parseSequenceOf, reflect.MakeSlice is being used to pre-allocate
a slice that is needed in order to fully validate the given DER payload.
The size of the slice allocated are also multiple times larger than the
input DER:

- When using asn1.Unmarshal directly, the allocated slice is ~28x
  larger.
- When passing in DER using x509.ParseCertificateRequest, the allocated
  slice is ~48x larger.
- When passing in DER using ocsp.ParseResponse, the allocated slice is
  ~137x larger.

As a result, a malicious actor can craft a big empty DER payload,
resulting in an unnecessary large allocation of memories. This can be a
way to cause memory exhaustion.

To prevent this, we now use SliceCapWithSize within internal/saferio to
enforce a memory allocation cap.

Thanks to Jakub Ciolek for reporting this issue.

For #75671

Fixes #75705
Fixes CVE-2025-58185

Change-Id: Id50e76187eda43f594be75e516b9ca1d2ae6f428

Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/2700

Reviewed-by: Roland Shoemaker <brac...@google.com>

Reviewed-by: Damien Neil <dn...@google.com>

Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/2966

Reviewed-by: Nicholas Husin <hu...@google.com>

Commit-Queue: Roland Shoemaker <brac...@google.com>

Reviewed-on: https://go-review.googlesource.com/c/go/+/709850

TryBot-Bypass: Michael Pratt <mpr...@google.com>

Reviewed-by: Carlos Amedee <car...@golang.org>

Auto-Submit: Michael Pratt <mpr...@google.com>

Files:

• M src/encoding/asn1/asn1.go
• M src/encoding/asn1/asn1_test.go
• M src/go/build/deps_test.go

Change size: M

Delta: 3 files changed, 48 insertions(+), 2 deletions(-)

Branch: refs/heads/release-branch.go1.25

Submit Requirements:

• Code-Review: +2 by Carlos Amedee
• TryBots-Pass: TryBot-Bypass+1 by Michael Pratt

Open in Gerrit

Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings.

Gerrit

Gerrit-MessageType: merged

Gerrit-Project: go

Gerrit-Branch: release-branch.go1.25

Gerrit-Change-Id: Id50e76187eda43f594be75e516b9ca1d2ae6f428

Gerrit-Change-Number: 709850

Gerrit-PatchSet: 2

Gerrit-Owner: Michael Pratt <mpr...@google.com>

Gerrit-Reviewer: Carlos Amedee <car...@golang.org>

Gerrit-Reviewer: Gopher Robot <go...@golang.org>

Gerrit-Reviewer: Michael Pratt <mpr...@google.com>

Gerrit-CC: Nicholas Husin <hu...@google.com>

[Gopher Robot (Gerrit)]

Gopher Robot submitted the change

Change information

Commit message:

encoding/asn1: prevent memory exhaustion when parsing using internal/saferio

Within parseSequenceOf, reflect.MakeSlice is being used to pre-allocate
a slice that is needed in order to fully validate the given DER payload.
The size of the slice allocated are also multiple times larger than the
input DER:

- When using asn1.Unmarshal directly, the allocated slice is ~28x
  larger.
- When passing in DER using x509.ParseCertificateRequest, the allocated
  slice is ~48x larger.
- When passing in DER using ocsp.ParseResponse, the allocated slice is
  ~137x larger.

As a result, a malicious actor can craft a big empty DER payload,
resulting in an unnecessary large allocation of memories. This can be a
way to cause memory exhaustion.

To prevent this, we now use SliceCapWithSize within internal/saferio to
enforce a memory allocation cap.

Thanks to Jakub Ciolek for reporting this issue.

For #75671

Fixes CVE-2025-58185

Change-Id: Id50e76187eda43f594be75e516b9ca1d2ae6f428

Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/2700

Reviewed-by: Roland Shoemaker <brac...@google.com>

Reviewed-by: Damien Neil <dn...@google.com>

Reviewed-on: https://go-review.googlesource.com/c/go/+/709856

Reviewed-by: Carlos Amedee <car...@golang.org>

LUCI-TryBot-Result: Go LUCI <golang...@luci-project-accounts.iam.gserviceaccount.com>

Auto-Submit: Michael Pratt <mpr...@google.com>

Files:

• M src/encoding/asn1/asn1.go
• M src/encoding/asn1/asn1_test.go
• M src/go/build/deps_test.go

Change size: M

Delta: 3 files changed, 48 insertions(+), 2 deletions(-)

Branch: refs/heads/master

Submit Requirements:

• Code-Review: +2 by Carlos Amedee

• TryBots-Pass: LUCI-TryBot-Result+1 by Go LUCI

Open in Gerrit

Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings.

Gerrit

Gerrit-MessageType: merged

Gerrit-Project: go

Gerrit-Branch: master

Gerrit-Change-Id: Id50e76187eda43f594be75e516b9ca1d2ae6f428

Gerrit-Change-Number: 709856

Gerrit-PatchSet: 2

Gerrit-Owner: Michael Pratt <mpr...@google.com>

Gerrit-Reviewer: Carlos Amedee <car...@golang.org>

Gerrit-Reviewer: Go LUCI <golang...@luci-project-accounts.iam.gserviceaccount.com>