From 4ac5844ec076e9bcc31fd0a79ca17eaf4fb1bdb3 Mon Sep 17 00:00:00 2001 From: drfish Date: Tue, 8 Dec 2020 23:19:21 +0800 Subject: [PATCH] Cleanup sanity check for CVE-2019-11253 --- .../apiserver/pkg/endpoints/handlers/patch.go | 18 ------------------ 1 file changed, 18 deletions(-) diff --git a/staging/src/k8s.io/apiserver/pkg/endpoints/handlers/patch.go b/staging/src/k8s.io/apiserver/pkg/endpoints/handlers/patch.go index 096330a4ae9..ce07330c014 100644 --- a/staging/src/k8s.io/apiserver/pkg/endpoints/handlers/patch.go +++ b/staging/src/k8s.io/apiserver/pkg/endpoints/handlers/patch.go @@ -337,15 +337,6 @@ func (p *jsonPatcher) createNewObject() (runtime.Object, error) { func (p *jsonPatcher) applyJSPatch(versionedJS []byte) (patchedJS []byte, retErr error) { switch p.patchType { case types.JSONPatchType: - // sanity check potentially abusive patches - // TODO(liggitt): drop this once golang json parser limits stack depth (https://github.com/golang/go/issues/31789) - if len(p.patchBytes) > 1024*1024 { - v := []interface{}{} - if err := json.Unmarshal(p.patchBytes, &v); err != nil { - return nil, errors.NewBadRequest(fmt.Sprintf("error decoding patch: %v", err)) - } - } - patchObj, err := jsonpatch.DecodePatch(p.patchBytes) if err != nil { return nil, errors.NewBadRequest(err.Error()) @@ -361,15 +352,6 @@ func (p *jsonPatcher) applyJSPatch(versionedJS []byte) (patchedJS []byte, retErr } return patchedJS, nil case types.MergePatchType: - // sanity check potentially abusive patches - // TODO(liggitt): drop this once golang json parser limits stack depth (https://github.com/golang/go/issues/31789) - if len(p.patchBytes) > 1024*1024 { - v := map[string]interface{}{} - if err := json.Unmarshal(p.patchBytes, &v); err != nil { - return nil, errors.NewBadRequest(fmt.Sprintf("error decoding patch: %v", err)) - } - } - return jsonpatch.MergePatch(versionedJS, p.patchBytes) default: // only here as a safety net - go-restful filters content-type