8000 [3.9] gh-95778: CVE-2020-10735: Prevent DoS by very large int() by gpshead · Pull Request #96502 · python/cpython · GitHub
[go: up one dir, main page]
Skip to content

[3.9] gh-95778: CVE-2020-10735: Prevent DoS by very large int() #96502

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 15 commits into from
Sep 5, 2022
Merged

[3.9] gh-95778: CVE-2020-10735: Prevent DoS by very large int() #96502

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
15 commits
Select commit Hold shift + click to select a range
576d772
Backport to 3.9 of psrt/CVE-2020-10735-3.10backport.
gpshead Aug 19, 2022
e5cd3fc
Fix versionadded/versionchanged.
gpshead Aug 21, 2022
9a3cd05
headers += Include/internal/pycore_long.h
gpshead Aug 21, 2022
c190dc9
Update attribution in Misc/NEWS.d
gpshead Aug 25, 2022
a7213dd
Manually add new field to abi file
tiran Sep 1, 2022
2384ef4
Move the whatsnew text per review.
gpshead Sep 1, 2022
fcb123b
Merge branch 'CVE-2020-10735-3.9backport' of github.com:python/psrt i…
gpshead Sep 1, 2022
1378bde
Make the doctest actually run & fix it.
gpshead Sep 1, 2022
e51a8e2
Fix the docs build.
gpshead Sep 2, 2022
3e7eb9c
Rename the news file to appease the Bedevere bot.
gpshead Sep 2, 2022
5c64ec6
hexadecimal spelling =)
gpshead Sep 2, 2022
a37041f
doc typo: limitation
gpshead Sep 4, 2022
b4957d8
Misc: Fix a typo in the header comment.
gpshead Sep 4, 2022
0515141
remove unneeded doc note on float.as_integer_ratio
gpshead Sep 4, 2022
< 8000 /a>
a1247fd
gh-95778: Correctly pre-check for int-to-str conversion (#96537)
mdickinson Sep 4, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Fix versionadded/versionchanged.
  • Loading branch information
@gpshead
gpshead committed Aug 21, 2022
commit e5cd3fca43600919fe5bec67b9a275c8b4400287
2 changes: 1 addition & 1 deletion Doc/library/json.rst
View file
Open in desktop
8000
Original file line number Diff line number Diff line change
Expand Up @@ -253,7 +253,7 @@ Basic Usage
be used to use another datatype or parser for JSON integers
(e.g. :class:`float`).

.. versionchanged:: 3.10.7
.. versionchanged:: 3.9.14
The default *parse_int* of :func:`int` now limits the maximum length of
the integer string via the interpreter's :ref:`integer string
conversion length limitation <int_max_str_digits>` to help avoid denial
Expand Down
4 changes: 2 additions & 2 deletions Doc/library/stdtypes.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5310,7 +5310,7 @@ Verification::
... '571186405732').to_bytes(53, 'big')
...

.. versionadded:: 3.10.7
.. versionadded:: 3.9.14

Affected APIs
-------------
Expand Down Expand Up @@ -5365,7 +5365,7 @@ Information about the default and minimum can be found in :attr:`sys.int_info`:
* :data:`sys.int_info.str_digits_check_threshold <sys.int_info>` is the lowest
accepted value for the limit (other than 0 which disables it).

.. versionadded:: 3.10.7
.. versionadded:: 3.9.14

.. caution::

Expand Down
6 changes: 3 additions & 3 deletions Doc/library/sys.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -481,7 +481,7 @@ always available.
Mode <devmode>` and the ``utf8_mode`` attribute for the new :option:`-X`
``utf8`` flag.

.. versionchanged:: 3.10.7
.. versionchanged:: 3.9.14
Added the ``int_max_str_digits`` attribute.


Expand Down Expand Up @@ -966,7 +966,7 @@ always available.

.. versionadded:: 3.1

.. versionchanged:: 3.10.7
.. versionchanged:: 3.9.14
Added ``default_max_str_digits`` and ``str_digits_check_threshold``.


Expand Down Expand Up @@ -1252,7 +1252,7 @@ always available.
<int_max_str_digits>` used by this interpreter. See also
:func:`get_int_max_str_digits`.

.. versionadded:: 3.10.7
.. versionadded:: 3.9.14

.. function:: setprofile(profilefunc)

Expand Down
2 changes: 1 addition & 1 deletion Doc/using/cmdline.rst
7509
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -671,7 +671,7 @@ conflict.
interpreter's global :ref:`integer string conversion length limitation
<int_max_str_digits>`.

.. versionadded:: 3.10.7
.. versionadded:: 3.9.14

.. envvar:: PYTHONIOENCODING

Expand Down
0