Fix a shell code injection vulnerability in the
get-remote-certificate.py example script. The script no longer uses a
shell to run "openssl" commands. Issue reported and initial fix by
Caleb Shortt.
Remove the Windows code path to send "quit" on stdin to the "openssl
s_client" command: use DEVNULL on all platforms instead.
Co-authored-by: Caleb Shortt <caleb@rgauge.com>
Fix multiplying a list by an integer (list *= int): detect the
integer overflow when the new allocated length is close to the
maximum size. Issue reported by Jordan Limor.
list_resize() now checks for integer overflow before multiplying the
new allocated length by the list item size (sizeof(PyObject*)).
Previously, checkbuttons in different parent widgets could have the same
short name and share the same state if arguments "name" and "variable" are
not specified. Now they are globally unique.
Fix command line parsing: reject "-X int_max_str_digits" option with
no value (invalid) when the PYTHONINTMAXSTRDIGITS environment
variable is set to a valid limit.
This PR fixes undefined behaviour in the struct module unpacking support functions `bu_longlong`, `lu_longlong`, `bu_int` and `lu_int`; thanks to @kumaraditya303 for finding these.
The fix is to accumulate the bytes in an unsigned integer type instead of a signed integer type, then to convert to the appropriate signed type. In cases where the width matches, that conversion will typically be compiled away to a no-op.
(Evidence from Godbolt: https://godbolt.org/z/5zvxodj64 .)
To make the conversions efficient, I've specialised the relevant functions for their output size: for `bu_longlong` and `lu_longlong`, this only entails checking that the output size is indeed `8`. But `bu_int` and `lu_int` were used for format sizes `2` and `4` - I've split those into two separate functions each.
No tests, because all of the affected cases are already exercised by the test suite.
This is a preliminary PR to refactor `PyLong_FromString` which is currently quite messy and has spaghetti like code that mixes up different concerns as well as duplicating logic.
In particular:
- `PyLong_FromString` now only handles sign, base and prefix detection and calls a new function `long_from_string_base` to parse the main body of the string.
- The `long_from_string_base` function handles all string validation and then calls `long_from_binary_base` or a new function `long_from_non_binary_base` to construct the actual `PyLong`.
- The existing `long_from_binary_base` function is simplified by factoring duplicated logic to `long_from_string_base`.
- The new function `long_from_non_binary_base` factors out much of the code from `PyLong_FromString` including in particular the quadratic algorithm reffered to in gh-95778 so that this can be seen separately from unrelated concerns such as string validation.
HTTP links in the "HISTORY OF THE SOFTWARE" section of Doc/license.rst
were converted to HTTPS in f62ff97f31.
But there were other copies of these links, which were left HTTP links.
Only call tkinter.tk and its follow-up code in _init_tk_type when requires('gui')
does not raise. This function can be called as an unintended side-effect of
calling other idlelib code as part of tests on macOS without a GUI enabled.
The main problem was that an unluckily timed task cancellation could cause
the semaphore to be stuck. There were also doubts about strict FIFO ordering
of tasks allowed to pass.
The Semaphore implementation was rewritten to be more similar to Lock.
Many tests for edge cases (including cancellation) were added.
They were undertested, and since #96954 might involve a
rewrite of this part of the code we want to ensure that
there won't be any behavioral change.
Co-authored-by: Carl Friedrich Bolz-Tereick <cfbolz@gmx.de>
Shin-myoung-serp
Stanley
Victor Stinner
Jakob Weigert
Kumar Aditya
LiarPrincess
Vinay Sajip
Andrew Kay
C.A.M. Gerlach
Pablo Galindo Salgado
Serhiy Storchaka
Cyker Way
Michael Curran
chgnrdv
Dennis Sweeney
Mark Dickinson
Oscar Benjamin
Terry Jan Reedy
Michael Droettboom
Steve Dower
Dong-hee Na
Jeff Allen
Brandt Bucher
Harry
partev
Batuhan Taskaya
Nikita Sobolev
wim glenn
Виталий Дмитриев
Samuel
Irit Katriel
serge-sans-paille