-
- Downloads
[3.11] gh-95778: CVE-2020-10735: Prevent DoS by very large int() (#96500)
Integer to and from text conversions via CPython's bignum `int` type is not safe against denial of service attacks due to malicious input. Very large input strings with hundred thousands of digits can consume several CPU seconds. This PR comes fresh from a pile of work done in our private PSRT security response team repo. This backports https://github.com/python/cpython/pull/96499 aka 511ca945 Signed-off-by:Christian Heimes [Red Hat] <christian@python.org> Tons-of-polishing-up-by:
Gregory P. Smith [Google] <greg@krypto.org> Reviews via the private PSRT repo via many others (see the NEWS entry in the PR). <!-- gh-issue-number: gh-95778 --> * Issue: gh-95778 <!-- /gh-issue-number --> I wrote up [a one pager for the release managers](https://docs.google.com/document/d/1KjuF_aXlzPUxTK4BMgezGJ2Pn7uevfX7g0_mvgHlL7Y/edit#).
Showing
- Doc/data/python3.11.abi 6 additions, 3 deletionsDoc/data/python3.11.abi
- Doc/library/functions.rst 7 additions, 0 deletionsDoc/library/functions.rst
- Doc/library/json.rst 11 additions, 0 deletionsDoc/library/json.rst
- Doc/library/stdtypes.rst 166 additions, 0 deletionsDoc/library/stdtypes.rst
- Doc/library/sys.rst 44 additions, 13 deletionsDoc/library/sys.rst
- Doc/library/test.rst 10 additions, 0 deletionsDoc/library/test.rst
- Doc/using/cmdline.rst 12 additions, 0 deletionsDoc/using/cmdline.rst
- Doc/whatsnew/3.11.rst 11 additions, 0 deletionsDoc/whatsnew/3.11.rst
- Include/internal/pycore_initconfig.h 2 additions, 0 deletionsInclude/internal/pycore_initconfig.h
- Include/internal/pycore_interp.h 2 additions, 0 deletionsInclude/internal/pycore_interp.h
- Include/internal/pycore_long.h 35 additions, 0 deletionsInclude/internal/pycore_long.h
- Lib/idlelib/idle_test/test_sidebar.py 3 additions, 1 deletionLib/idlelib/idle_test/test_sidebar.py
- Lib/test/support/__init__.py 11 additions, 0 deletionsLib/test/support/__init__.py
- Lib/test/test_ast.py 8 additions, 0 deletionsLib/test/test_ast.py
- Lib/test/test_cmd_line.py 33 additions, 0 deletionsLib/test/test_cmd_line.py
- Lib/test/test_compile.py 13 additions, 0 deletionsLib/test/test_compile.py
- Lib/test/test_decimal.py 18 additions, 0 deletionsLib/test/test_decimal.py
- Lib/test/test_int.py 114 additions, 0 deletionsLib/test/test_int.py
- Lib/test/test_json/test_decode.py 9 additions, 0 deletionsLib/test/test_json/test_decode.py
- Lib/test/test_sys.py 8 additions, 2 deletionsLib/test/test_sys.py
Loading
Please register or sign in to comment