https://bugzilla.redhat.com/show_bug.cgi?id=1401985
Bug ID: 1401985
Summary: golang: net/http: multipart ReadForm close file after
copy
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: amaris(a)redhat.com
CC: admiller(a)redhat.com, amurdaca(a)redhat.com,
aortega(a)redhat.com, apevec(a)redhat.com,
ayoung(a)redhat.com, bleanhar(a)redhat.com,
ccoleman(a)redhat.com, chrisw(a)redhat.com,
cvsbot-xmlrpc(a)redhat.com, dedgar(a)redhat.com,
dmcphers(a)redhat.com,
golang-updates(a)lists.fedoraproject.org,
jcajka(a)redhat.com, jgoulding(a)redhat.com,
jialiu(a)redhat.com, jkeck(a)redhat.com,
joelsmith(a)redhat.com, jokerman(a)redhat.com,
jschluet(a)redhat.com, kbasil(a)redhat.com,
kseifried(a)redhat.com, lemenkov(a)gmail.com,
lhh(a)redhat.com, lmeyer(a)redhat.com, lpeer(a)redhat.com,
markmc(a)redhat.com, mmccomas(a)redhat.com,
rbryant(a)redhat.com, renich(a)woralelandia.com,
rhs-bugs(a)redhat.com, sclewis(a)redhat.com,
sgirijan(a)redhat.com, sisharma(a)redhat.com,
smohan(a)redhat.com, srevivo(a)redhat.com,
ssaha(a)redhat.com, s(a)shk.io,
storage-qa-internal(a)redhat.com, tdawson(a)redhat.com,
tdecacqu(a)redhat.com, vbatts(a)redhat.com,
vbellur(a)redhat.com
The net/http package's Request.ParseMultipartForm method starts writing to
temporary files once the request body size surpasses the given "maxMemory"
limit. It was possible for an attacker to generate a multipart request crafted
such that the server ran out of file descriptors.
Upstream bug:
https://github.com/golang/go/issues/17965
Upstream patch:
https://go-review.googlesource.com/#/c/30410/
External Reference:
https://groups.google.com/forum/#!msg/golang-dev/4NdLzS8sls8/uIz8QlnIBQAJ
--
You are receiving this mail because:
You are on the CC list for the bug.