[2.7] bpo-34623: Use XML_SetHashSalt in _elementtree (GH-9146) (GH-9394)

The C accelerated _elementtree module now initializes hash randomization
salt from _Py_HashSecret instead of libexpat's default CPRNG.

Signed-off-by: Christian Heimes <christian@python.org>

https://bugs.python.org/issue34623.
(cherry picked from commit cb5778f00c)

Co-authored-by: Christian Heimes <christian@python.org>



https://bugs.python.org/issue34623
This commit is contained in:
Christian Heimes 2018-09-18 15:13:09 +02:00 committed by Miss Islington (bot)
parent 5f883fcb9b
commit 18b20bad75
4 changed files with 15 additions and 1 deletions

View File

@ -3,7 +3,7 @@
/* note: you must import expat.h before importing this module! */ /* note: you must import expat.h before importing this module! */
#define PyExpat_CAPI_MAGIC "pyexpat.expat_CAPI 1.0" #define PyExpat_CAPI_MAGIC "pyexpat.expat_CAPI 1.1"
#define PyExpat_CAPSULE_NAME "pyexpat.expat_CAPI" #define PyExpat_CAPSULE_NAME "pyexpat.expat_CAPI"
struct PyExpat_CAPI struct PyExpat_CAPI
@ -43,6 +43,8 @@ struct PyExpat_CAPI
XML_Parser parser, XML_UnknownEncodingHandler handler, XML_Parser parser, XML_UnknownEncodingHandler handler,
void *encodingHandlerData); void *encodingHandlerData);
void (*SetUserData)(XML_Parser parser, void *userData); void (*SetUserData)(XML_Parser parser, void *userData);
/* might be none for expat < 2.1.0 */
int (*SetHashSalt)(XML_Parser parser, unsigned long hash_salt);
/* always add new stuff to the end! */ /* always add new stuff to the end! */
}; };

View File

@ -0,0 +1,2 @@
The C accelerated _elementtree module now initializes hash randomization
salt from _Py_HashSecret instead of libexpat's default CSPRNG.

View File

@ -2574,6 +2574,11 @@ xmlparser(PyObject* self_, PyObject* args, PyObject* kw)
PyErr_NoMemory(); PyErr_NoMemory();
return NULL; return NULL;
} }
/* expat < 2.1.0 has no XML_SetHashSalt() */
if (EXPAT(SetHashSalt) != NULL) {
EXPAT(SetHashSalt)(self->parser,
(unsigned long)_Py_HashSecret.prefix);
}
ALLOC(sizeof(XMLParserObject), "create expatparser"); ALLOC(sizeof(XMLParserObject), "create expatparser");

View File

@ -2042,6 +2042,11 @@ MODULE_INITFUNC(void)
capi.SetProcessingInstructionHandler = XML_SetProcessingInstructionHandler; capi.SetProcessingInstructionHandler = XML_SetProcessingInstructionHandler;
capi.SetUnknownEncodingHandler = XML_SetUnknownEncodingHandler; capi.SetUnknownEncodingHandler = XML_SetUnknownEncodingHandler;
capi.SetUserData = XML_SetUserData; capi.SetUserData = XML_SetUserData;
#if XML_COMBINED_VERSION >= 20100
capi.SetHashSalt = XML_SetHashSalt;
#else
capi.SetHashSalt = NULL;
#endif
/* export using capsule */ /* export using capsule */
capi_object = PyCapsule_New(&capi, PyExpat_CAPSULE_NAME, NULL); capi_object = PyCapsule_New(&capi, PyExpat_CAPSULE_NAME, NULL);