Closed hdm closed 4 years ago
The code to expand a slice based on an array index ends up calling reflect.MakeSlice with a user-controlled length value: https://github.com/monoculum/formam/blob/master/formam.go#L570
reflect.MakeSlice
This could be abused by a malicious user to force large memory allocations in a Go web application.
A workaround could be to provide a default length limit (16k or similar) in the DecoderOptions and allow the user to override this.
Good catch; thanks! I created a patch: #32
@hdm Thank you very much for catching it! And thank you @arp242 for the PR!
Thanks for the patch!
I put out v3.4.0 which includes this fix.
The code to expand a slice based on an array index ends up calling
reflect.MakeSlice
with a user-controlled length value: https://github.com/monoculum/formam/blob/master/formam.go#L570This could be abused by a malicious user to force large memory allocations in a Go web application.
A workaround could be to provide a default length limit (16k or similar) in the DecoderOptions and allow the user to override this.