Descriptiongoprotobuf: fix integer overflows.
1) It's possible to panic the decoder by overflowing a length check.
2) (minor) the decoder was silently truncating varints that were larger than 64 bits. This isn't strictly a problem, but it could lead to a situation where a different decoder could decode a given message differently. Thus, if the message was vetted by one decoder and processed by another, an attacker could exploit this difference.
Patch Set 1 #Patch Set 2 : diff -r c31cbc77cd48 https://code.google.com/p/goprotobuf #Patch Set 3 : diff -r c31cbc77cd48 https://code.google.com/p/goprotobuf #Patch Set 4 : diff -r c31cbc77cd48 https://code.google.com/p/goprotobuf #MessagesTotal messages: 4
|