Mirror
/
cpython
mirror of https://github.com/python/cpython
4
1
Fork 0
Code Issues Releases Wiki Activity
cpython/Misc
History
Gregory P. Smith 511ca94520
gh-95778: CVE-2020-10735: Prevent DoS by very large int() (#96499) 
Integer to and from text conversions via CPython's bignum `int` type is not safe against denial of service attacks due to malicious input. Very large input strings with hundred thousands of digits can consume several CPU seconds.

This PR comes fresh from a pile of work done in our private PSRT security response team repo.

Signed-off-by: Christian Heimes [Red Hat] <christian@python.org>
Tons-of-polishing-up-by: Gregory P. Smith [Google] <greg@krypto.org>
Reviews via the private PSRT repo via many others (see the NEWS entry in the PR).

<!-- gh-issue-number: gh-95778 -->
* Issue: gh-95778
<!-- /gh-issue-number -->

I wrote up [a one pager for the release managers](https://docs.google.com/document/d/1KjuF_aXlzPUxTK4BMgezGJ2Pn7uevfX7g0_mvgHlL7Y/edit#). Much of that text wound up in the Issue. Backports PRs already exist. See the issue for links.
 		2022-09-02 09:35:08 -07:00
..
NEWS.d gh-95778: CVE-2020-10735: Prevent DoS by very large int() (#96499) 2022-09-02 09:35:08 -07:00
rhel7 gh-95957: Add instructions for Tcl/Tk and OpenSSL on RHEL/CentOS 7 (#95964) 2022-08-16 13:44:02 +02:00
ACKS gh-90467: StreamReaderProtocol - add strong reference to created task (#96323) 2022-08-27 12:32:01 -07:00
HISTORY Fix links to old SF bugs (#95648) 2022-08-04 18:12:35 +02:00
Porting
README bpo-23469: Delete Wing IDE configuration files (GH-30067) 2021-12-14 15:01:13 +02:00
README.AIX bpo-42087: Remove support for AIX 5.3 and below (GH-22830) 2020-11-16 16:16:10 +01:00
README.coverity
README.valgrind closes docs: remove references to Py_USING_MEMORY_DEBUGGER (GH-30284) 2021-12-29 16:20:42 -06:00
SpecialBuilds.txt gh-78607: Replace __ltrace__ with __lltrace__ (GH-91619) 2022-04-16 18:57:00 -04:00
coverity_model.c
gdbinit gdbinit: Use proper define syntax (GH-19557) 2020-04-23 05:49:26 -07:00
indent.pro
python-config.in
python-config.sh.in
python-embed.pc.in
python.man gh-90300: split --help output into separate options (#30331) 2022-06-01 05:50:01 -04:00
python.pc.in
requirements-test.txt Update tzdata to 2020.3 (GH-22856) 2020-10-21 06:40:43 -07:00
stable_abi.toml gh-93274: Expose receiving vectorcall in the Limited API (GH-95717) 2022-08-08 14:12:05 +02:00
svnmap.txt
valgrind-python.supp
vgrindefs

README 

Python Misc subdirectory
========================

This directory contains files that wouldn't fit in elsewhere.  Some
documents are only of historic importance.

Files found here
----------------

ACKS                    Acknowledgements
gdbinit                 Handy stuff to put in your .gdbinit file, if you use gdb
HISTORY                 News from previous releases -- oldest last
indent.pro              GNU indent profile approximating my C style
NEWS                    News for this release (for some meaning of "this")
Porting                 Mini-FAQ on porting to new platforms
python-config.in        Python script template for python-config
python.man              UNIX man page for the python interpreter
python.pc.in            Package configuration info template for pkg-config
README                  The file you're reading now
README.AIX              Information about using Python on AIX
README.coverity         Information about running Coverity's Prevent on Python
README.valgrind         Information for Valgrind users, see valgrind-python.supp
SpecialBuilds.txt       Describes extra symbols you can set for debug builds
svnmap.txt              Map of old SVN revs and branches to hg changeset ids,
                        help history-digging
valgrind-python.supp    Valgrind suppression file, see README.valgrind
vgrindefs               Python configuration for vgrind (a generic pretty printer)