Stowage/cpython
2
0
Fork 0
mirror of https://github.com/python/cpython.git synced 2026-02-07 10:20:33 +00:00
Code Issues Projects Releases Packages Wiki Activity
cpython/Include
History
Gregory P. Smith 8f0fa4bd10
[3.10] gh-95778: CVE-2020-10735: Prevent DoS by very large int() (#96501) 
Integer to and from text conversions via CPython's bignum `int` type is not safe against denial of service attacks due to malicious input. Very large input strings with hundred thousands of digits can consume several CPU seconds.

This PR comes fresh from a pile of work done in our private PSRT security response team repo.

This backports https://github.com/python/cpython/pull/96499 aka 511ca94520

Signed-off-by: Christian Heimes [Red Hat] <christian@python.org>
Tons-of-polishing-up-by: Gregory P. Smith [Google] <greg@krypto.org>
Reviews via the private PSRT repo via many others (see the NEWS entry in the PR).

<!-- gh-issue-number: gh-95778 -->
* Issue: gh-95778
<!-- /gh-issue-number -->

I wrote up [a one pager for the release managers](https://docs.google.com/document/d/1KjuF_aXlzPUxTK4BMgezGJ2Pn7uevfX7g0_mvgHlL7Y/edit#).
2022-09-02 09:51:49 -07:00
..
cpython [3.11] gh-93741: Add private C API _PyImport_GetModuleAttrString() (GH-93742) (GH-93792) 2022-06-16 00:19:29 -07:00
internal [3.10] gh-95778: CVE-2020-10735: Prevent DoS by very large int() (#96501) 2022-09-02 09:51:49 -07:00
abstract.h [3.10] Fix typos in the Include directory (GH-28745) (GH-28789) 2021-10-07 06:00:23 -07:00
bltinmodule.h these builtins have to be initialized 2009-05-09 18:10:51 +00:00
boolobject.h bpo-43795: PEP-652: Simplify headers for easier static analysis (GH-25483) 2021-04-23 14:14:00 +02:00
bytearrayobject.h bpo-39573: Add Py_IS_TYPE() function (GH-18488) 2020-02-13 18:37:17 +01:00
bytesobject.h bpo-42431: Fix outdated bytes comments (GH-23458) 2020-12-03 12:46:16 +02:00
cellobject.h bpo-30459: Cast the result of PyCell_SET to void (GH-23654) 2020-12-07 11:56:20 +01:00
ceval.h bpo-41936. Remove macros Py_ALLOW_RECURSION/Py_END_ALLOW_RECURSION (GH-22552) 2020-10-05 12:32:00 +03:00
classobject.h bpo-39573: PyXXX_Check() macros use Py_IS_TYPE() (GH-18508) 2020-02-14 08:48:12 +01:00
code.h bpo-40421: Add Include/cpython/code.h header file (GH-19756) 2020-04-28 17:07:12 +02:00
codecs.h bpo-41842: Add codecs.unregister() function (GH-22360) 2020-09-28 23:41:11 +02:00
compile.h bpo-35134: Add include/cpython/compile.h (GH-24922) 2021-03-22 09:32:11 +01:00
complexobject.h bpo-39573: Add Py_IS_TYPE() function (GH-18488) 2020-02-13 18:37:17 +01:00
context.h bpo-40428: Remove PyTuple_ClearFreeList() function (GH-19769) 2020-04-29 02:29:20 +02:00
datetime.h bpo-30155: Add macros to get tzinfo from datetime instances (GH-21633) 2020-09-23 14:43:45 -04:00
descrobject.h bpo-40170: Convert PyDescr_IsData() to static inline function (GH-24535) 2021-02-16 08:50:00 +01:00
dictobject.h bpo-41845: Move PyObject_GenericGetDict() back into the limited API (GH22646) 2020-10-19 23:47:37 +01:00
dynamic_annotations.h fix instances of consecutive articles (closes #23221) 2015-01-13 09:17:24 -05:00
enumobject.h Implement and apply PEP 322, reverse iteration 2003-11-06 14:06:48 +00:00
errcode.h [3.10] bpo-46521: Fix codeop to use a new partial-input mode of the parser (GH-31010). (GH-31213) 2022-02-08 12:25:15 +00:00
eval.h bpo-42990: Further refactoring of PyEval_ functions. (GH-24368) 2021-02-01 10:42:03 +00:00
exports.h bpo-11410: Standardize and use symbol visibility attributes across POSIX and Windows. (GH-16347) 2019-10-15 08:26:12 +01:00
fileobject.h bpo-41986: Add Py_FileSystemDefaultEncodeErrors and Py_UTF8Mode back to limited API (GH-22621) 2020-10-10 17:09:45 +03:00
fileutils.h bpo-43795: PEP-652: Clean up the stable ABI/limited API (GH-25482) 2021-04-23 14:17:58 +02:00
floatobject.h bpo-40428: Remove PyTuple_ClearFreeList() function (GH-19769) 2020-04-29 02:29:20 +02:00
frameobject.h bpo-40421: Add pyframe.h header file (GH-19755) 2020-04-28 16:32:48 +02:00
funcobject.h bpo-42990: Introduce 'frame constructor' struct to simplify API for PyEval_CodeEval and friends (GH-24298) 2021-01-29 13:24:55 +00:00
genericaliasobject.h bpo-39481: Implementation for PEP 585 (#18239) 2020-04-07 09:50:06 -07:00
genobject.h Delete PyGen_Send (#22663) 2020-10-12 12:10:42 -07:00
import.h bpo-39372: Clean header files of declared interfaces with no implementations (GH-18037) 2020-01-18 03:14:59 +00:00
interpreteridobject.h bpo-36097: Use only public C-API in the_xxsubinterpreters module (adding as necessary). (gh-12359) 2019-03-15 16:35:46 -06:00
intrcheck.h bpo-41713: Remove PyOS_InitInterrupts() function (GH-23342) 2020-11-17 16:22:23 +01:00
iterobject.h bpo-43770: _PyTypes_Init() inits _PyAnextAwaitable_Type (GH-25266) 2021-04-08 09:58:15 +02:00
listobject.h bpo-39573: Add Py_IS_TYPE() function (GH-18488) 2020-02-13 18:37:17 +01:00
longintrepr.h bpo-32150: Expand tabs to spaces in C files. (#4583) 2017-11-28 17:56:10 +02:00
longobject.h bpo-42161: Remove private _PyLong_Zero and _PyLong_One (GH-23003) 2020-10-27 21:34:33 +01:00
marshal.h Issue #1772673: The type of char* arguments now changed to const char*. 2013-10-19 21:03:34 +03:00
memoryobject.h bpo-39573: Add Py_IS_TYPE() function (GH-18488) 2020-02-13 18:37:17 +01:00
methodobject.h bpo-43688: Fix Py_LIMITED_API version of xxlimited (GH-25135) 2021-04-01 15:09:33 +02:00
modsupport.h bpo-1635741: Add PyModule_AddObjectRef() function (GH-23122) 2020-11-04 13:59:15 +01:00
moduleobject.h bpo-42923: Dump extension modules on fatal error (GH-24207) 2021-01-18 20:47:13 +01:00
namespaceobject.h Issue #26900: Excluded underscored names and other private API from limited API. 2016-09-11 11:03:14 +03:00
object.h [3.10] Fix typos in the Include directory (GH-28745) (GH-28789) 2021-10-07 06:00:23 -07:00
objimpl.h bpo-43774: Remove unused PYMALLOC_DEBUG macro (GH-25711) 2021-04-29 10:47:47 +02:00
opcode.h bpo-43754: Eliminate bindings for partial pattern matches (GH-25229) 2021-05-02 13:02:10 -07:00
osdefs.h bpo-31904: Add cross-build support for VxWorks RTOS (GH-11968) 2019-02-27 12:09:28 +01:00
osmodule.h Issue #29058: All stable API extensions added after Python 3.2 are now 2016-12-27 14:57:39 +02:00
patchlevel.h Post 3.10.6 2022-08-02 11:05:09 +01:00
py_curses.h bpo-39573: Finish converting to new Py_IS_TYPE() macro (GH-18601) 2020-03-04 14:15:20 +01:00
pycapsule.h bpo-39573: Add Py_IS_TYPE() function (GH-18488) 2020-02-13 18:37:17 +01:00
pydtrace.d bpo-36842: Implement PEP 578 (GH-12613) 2019-05-23 08:45:22 -07:00
pydtrace.h bpo-36842: Implement PEP 578 (GH-12613) 2019-05-23 08:45:22 -07:00
pyerrors.h bpo-43510: Implement PEP 597 opt-in EncodingWarning. (GH-19481) 2021-03-29 12:28:14 +09:00
pyexpat.h bpo-34623: Use XML_SetHashSalt in _elementtree (GH-9146) 2018-09-18 05:38:58 -07:00
pyframe.h bpo-40421: Add PyFrame_GetCode() function (GH-19757) 2020-04-28 19:01:31 +02:00
pyhash.h bpo-43795: PEP-652: Clean up the stable ABI/limited API (GH-25482) 2021-04-23 14:17:58 +02:00
pylifecycle.h bpo-43795: Remove Py_FrozenMain from the Limited API & Stable ABI (GH-26241) (GH-26353) 2021-05-25 12:59:10 +01:00
pymacconfig.h Minor spelling fixes 2016-08-20 08:03:06 +00:00
pymacro.h bpo-41875: Use __builtin_unreachable when possible (GH-22433) 2020-09-29 05:41:23 +09:00
pymath.h bpo-29782: Consolidate _Py_Bit_Length() (GH-20739) 2020-06-15 14:33:48 +02:00
pymem.h bpo-43774: Remove unused PYMALLOC_DEBUG macro (GH-25711) 2021-04-29 10:47:47 +02:00
pyport.h bpo-43795: PEP-652: Simplify headers for easier static analysis (GH-25483) 2021-04-23 14:14:00 +02:00
pystate.h Update code comment re: location of struct _is. (GH-20067) 2020-05-14 19:11:00 -07:00
pystrcmp.h Merged revisions 59541-59561 via svnmerge from 2007-12-19 02:07:34 +00:00
pystrhex.h bpo-22385: Support output separators in hex methods. (#13578) 2019-05-29 11:46:58 -07:00
pystrtod.h Issue #26331: Implement the parsing part of PEP 515. 2016-09-09 14:57:09 -07:00
Python.h bpo-39026: Fix Python.h when building with Xcode (GH-29488) (GH-29732) 2021-11-25 13:35:22 +01:00
pythonrun.h bpo-43868: Remove PyOS_ReadlineFunctionPointer from the stable ABI list (GH-25442) 2021-04-23 14:23:38 +02:00
pythread.h bpo-40089: Add _at_fork_reinit() method to locks (GH-19195) 2020-04-07 23:11:49 +02:00
rangeobject.h bpo-39573: Add Py_IS_TYPE() function (GH-18488) 2020-02-13 18:37:17 +01:00
README.rst bpo-43795: PEP 652 user documentation (GH-25668) (GH-26034) 2021-05-13 22:29:09 -07:00
setobject.h bpo-43277: Add PySet_CheckExact to the C-API (GH-24598) 2021-02-20 18:03:08 +00:00
sliceobject.h bpo-39573: Add Py_IS_TYPE() function (GH-18488) 2020-02-13 18:37:17 +01:00
structmember.h bpo-42800: Rename AUDIT_READ to PY_AUDIT_READ (GH-25736) 2021-04-30 01:08:55 +01:00
structseq.h bpo-43916: Move the _PyStructSequence_InitType function to the internal API (GH-25854) 2021-05-03 15:50:24 +01:00
sysmodule.h bpo-36842: Implement PEP 578 (GH-12613) 2019-05-23 08:45:22 -07:00
token.h bpo-43822: Improve syntax errors for missing commas (GH-25377) 2021-04-15 21:38:45 +01:00
traceback.h bpo-40421: Add pyframe.h header file (GH-19755) 2020-04-28 16:32:48 +02:00
tracemalloc.h bpo-35053: Define _PyTraceMalloc_NewReference in object.h (GH-10107) 2018-10-26 00:01:56 +02:00
tupleobject.h bpo-40428: Remove PyTuple_ClearFreeList() function (GH-19769) 2020-04-29 02:29:20 +02:00
typeslots.h bpo-42085: Introduce dedicated entry in PyAsyncMethods for sending values (#22780) 2020-11-10 12:09:55 -08:00
unicodeobject.h bpo-41784: make PyUnicode_AsUTF8AndSize part of the limited API (GH-22252) 2020-10-19 23:17:50 +01:00
warnings.h bpo-32591: Add native coroutine origin tracking (#5250) 2018-01-21 09:44:07 -05:00
weakrefobject.h bpo-39573: Add Py_IS_TYPE() function (GH-18488) 2020-02-13 18:37:17 +01:00

README.rst 

The Python C API
================

The C API is divided into three sections:

1. ``Include/``: Limited API
2. ``Include/cpython/``: CPython implementation details
3. ``Include/internal/``: The internal API

Information on changing the C API is available `in the developer guide`_

.. _in the developer guide: https://devguide.python.org/c-api/