rebase: ParseAcceptLanguage takes a long time to parse complex tags

A vulnerability was found in golang.org/x/text/language package which could cause a denial of service. An attacker can craft an Accept-Language header which ParseAcceptLanguage will take significant time to parse. Version v0.3.8 of golang.org/x/text fixes a vulnerability. See-also: https://go.dev/issue/56152 See-also: https://bugzilla.redhat.com/CVE-2022-32149 Signed-off-by: Niels de Vos <ndevos@redhat.com>
2025-06-14 10:53:34 +00:00 · 2022-10-17 08:49:59 +02:00
parent b3837d44ce
commit e08005f402
27 changed files with 667 additions and 583 deletions
--- a/vendor/golang.org/x/text/encoding/htmlindex/tables.go
+++ b/vendor/golang.org/x/text/encoding/htmlindex/tables.go
@ -93,8 +93,11 @@ var canonical = [numEncodings]string{

 var nameMap = map[string]htmlEncoding{
 	"unicode-1-1-utf-8":   utf8,
+	"unicode11utf8":       utf8,
+	"unicode20utf8":       utf8,
 	"utf-8":               utf8,
 	"utf8":                utf8,
+	"x-unicode20utf8":     utf8,
 	"866":                 ibm866,
 	"cp866":               ibm866,
 	"csibm866":            ibm866,
@ -307,7 +310,13 @@ var nameMap = map[string]htmlEncoding{
 	"iso-2022-cn-ext":     replacement,
 	"iso-2022-kr":         replacement,
 	"replacement":         replacement,
+	"unicodefffe":         utf16be,
 	"utf-16be":            utf16be,
+	"csunicode":           utf16le,
+	"iso-10646-ucs-2":     utf16le,
+	"ucs-2":               utf16le,
+	"unicode":             utf16le,
+	"unicodefeff":         utf16le,
 	"utf-16":              utf16le,
 	"utf-16le":            utf16le,
 	"x-user-defined":      xUserDefined,