Commit 19f73a78 authored by Brad Fitzpatrick's avatar Brad Fitzpatrick

encoding/gob: warn about decoding data from untrusted sources

And some double space after period cleanup while I'm here.
I guess my previous regexps missed these. My next cleaner should
probably use go/ast instead of perl.

Updates #20221

Change-Id: Idb051e7ac3a7fb1fb86e015f709e32139d065d92
Reviewed-on: https://go-review.googlesource.com/47094Reviewed-by: default avatarIan Lance Taylor <iant@golang.org>
Reviewed-by: default avatarRob Pike <r@golang.org>
parent 8aee0b8b
......@@ -19,6 +19,10 @@ const tooBig = 1 << 30
// A Decoder manages the receipt of type and data information read from the
// remote side of a connection.
//
// The Decoder does only basic sanity checking on decoded input sizes,
// and its limits are not configurable. Take caution when decoding gob data
// from untrusted sources.
type Decoder struct {
mutex sync.Mutex // each item must be received atomically
r io.Reader // source of the data
......
This diff is collapsed.
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment