Damien Neil
Damien Neil
This is a PRIVATE issue for CVE-2022-27664 tracked in http://b/219507101 and fixed by http://tg/1413887.
See: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32233 Failure looks real: ``` Step #3: + . internal/fuzz/oss-fuzz-build.sh Step #3: ++ for x in 'internal/fuzz/*' Step #3: ++ '[' -d internal/fuzz/README.md/corpus ']' Step #3: ++ for x...
Update references to github.com/golang/protobuf to use the newer module. No user-visible changes. Regenerate bigtable/internal/conformance/tests.pb.go.
HEAD requests may have a body, although [RFC 7231](https://datatracker.ietf.org/doc/html/rfc7231#section-4.3.2) states that "some existing implementations" may reject a HEAD request which contains one. The `net/http` package handles HEAD requests with a...
Hi! I have an in-review proposal to add support for wrapping multiple errors to the standard library. The latest version of the proposal is: https://github.com/golang/go/issues/53435#issuecomment-1191752789 This proposal is intended to...
It is common for programs to accept filenames from untrusted sources. For example, an archive extractor might create files based on names in the archive, or a webserver may serve...
https://vuln.go.dev/ should have a link to pkgsite for anyone who wants to browse the database.
This proposal seeks to address #16100 (no way of manipulating timeouts in Handler), and is inspired by https://github.com/golang/go/issues/16100#issuecomment-396690586. HTTP handler timeouts are specified on a per-Server basis: `ReadTimeout`, `WriteTimeout`. It...
This is an alternative fix for #25849, as proposed by @dsnet in https://github.com/golang/go/issues/25849#issuecomment-396685881. The `archive/tar` and `archive/zip` readers return unsanitized paths from archives. Careless use of these paths leads to...
UNC paths with a `.` host are not recognized as UNC paths: ``` filepath.Clean(`\\.\C:\a`) // \C:\a filepath.Clean(`\\.\NUL`) // \NUL filepath.Join(`\\.\C:`, `a`) // \C:\a ``` This causes `Abs` to produce incorrect...