Stowage/cpython
2
0
Fork 0
mirror of https://github.com/python/cpython.git synced 2026-03-17 10:20:50 +00:00
Code Issues Projects Releases Packages Wiki Activity
cpython/Include/internal
History
Gregory P. Smith 511ca94520
gh-95778: CVE-2020-10735: Prevent DoS by very large int() (#96499) 
Integer to and from text conversions via CPython's bignum `int` type is not safe against denial of service attacks due to malicious input. Very large input strings with hundred thousands of digits can consume several CPU seconds.

This PR comes fresh from a pile of work done in our private PSRT security response team repo.

Signed-off-by: Christian Heimes [Red Hat] <christian@python.org>
Tons-of-polishing-up-by: Gregory P. Smith [Google] <greg@krypto.org>
Reviews via the private PSRT repo via many others (see the NEWS entry in the PR).

<!-- gh-issue-number: gh-95778 -->
* Issue: gh-95778
<!-- /gh-issue-number -->

I wrote up [a one pager for the release managers](https://docs.google.com/document/d/1KjuF_aXlzPUxTK4BMgezGJ2Pn7uevfX7g0_mvgHlL7Y/edit#). Much of that text wound up in the Issue. Backports PRs already exist. See the issue for links.
2022-09-02 09:35:08 -07:00
..
pycore_abstract.h bpo-45636: Simplify BINARY_OP (GH-29565) 2021-11-16 05:53:57 -08:00
pycore_asdl.h gh-87347: Add parenthesis around macro arguments (#93915) 2022-06-20 16:04:52 +02:00
pycore_ast.h bpo-45292: [PEP-654] add except* (GH-29581) 2021-12-14 16:48:15 +00:00
pycore_ast_state.h gh-95185: Check recursion depth in the AST constructor (#95186) 2022-07-24 15:58:52 +01:00
pycore_atomic.h Fix typo in internal/pycore_atomic.h (GH-95939) 2022-08-13 11:40:41 +08:00
pycore_atomic_funcs.h bpo-39465: Add pycore_atomic_funcs.h header (GH-20766) 2020-12-23 03:41:08 +01:00
pycore_bitutils.h bpo-29882: Fix portability bug introduced in GH-30774 (#30794) 2022-01-23 09:59:34 +00:00
pycore_blocks_output_buffer.h bpo-44458: Ensure BUFFER_BLOCK_SIZE symbol is statically allocated. (GH-26808) 2021-06-21 23:36:36 -07:00
pycore_bytes_methods.h bpo-35081: Move bytes_methods.h to the internal C API (GH-18492) 2020-02-12 22:32:34 +01:00
pycore_bytesobject.h bpo-47070: Add _PyBytes_Repeat() (GH-31999) 2022-03-28 04:43:45 -04:00
pycore_call.h GH-90230: Add stats to breakdown the origin of calls to PyEval_EvalFrame (GH-93284) 2022-05-27 16:31:41 +01:00
pycore_ceval.h gh-96143: Allow Linux perf profiler to see Python calls (GH-96123) 2022-08-30 10:11:18 -07:00
pycore_code.h GH-93911: Specialize LOAD_ATTR for custom __getattribute__ (GH-93988) 2022-08-17 12:37:07 +01:00
pycore_compile.h gh-93678: add _testinternalcapi.optimize_cfg() and test utils for compiler optimization unit tests (GH-96007) 2022-08-24 11:02:53 +01:00
pycore_condvar.h bpo-46315: Add ifdef HAVE_ feature checks for WASI compatibility (GH-30507) 2022-01-13 09:46:04 +01:00
pycore_context.h bpo-46417: Clear more static types (GH-30796) 2022-01-22 18:55:48 +01:00
pycore_descrobject.h gh-93911: Specialize LOAD_ATTR_PROPERTY (GH-93912) 2022-06-17 23:13:17 +08:00
pycore_dict.h gh-46845: clean up unused DK_IXSIZE (GH-96405) 2022-08-30 16:03:30 +09:00
pycore_dtoa.h bpo-45412: Add _PY_SHORT_FLOAT_REPR macro (GH-31171) 2022-02-23 18:16:23 +01:00
pycore_emscripten_signal.h bpo-47176: Interrupt handling for wasm32-emscripten builds without pthreads (GH-32209) 2022-04-03 22:58:52 +02:00
pycore_exceptions.h bpo-46417: Factorize _PyExc_InitTypes() code (GH-30804) 2022-01-22 21:48:56 +01:00
pycore_fileutils.h bpo-46362: Ensure ntpath.abspath() uses the Windows API correctly (GH-30571) 2022-01-13 23:35:42 +00:00
pycore_floatobject.h gh-90667: Add specializations of Py_DECREF when types are known (GH-30872) 2022-04-19 19:02:19 +01:00
pycore_format.h bpo-45995: add "z" format specifer to coerce negative 0 to zero (GH-30049) 2022-04-11 15:34:18 +01:00
pycore_frame.h GH-96237: Allow non-functions as reference-holder in frames. (GH-96238) 2022-08-25 10:16:55 +01:00
pycore_function.h bpo-45316: Move private functions to internal C API (GH-31579) 2022-02-25 16:07:14 +01:00
pycore_gc.h gh-89653: PEP 670: Convert pycore_gc.h macros to functions (#92649) 2022-05-11 13:37:18 +02:00
pycore_genobject.h bpo-45316: Move private functions to internal C API (GH-31579) 2022-02-25 16:07:14 +01:00
pycore_getopt.h bpo-36763: Cleanup precmdline in _PyCoreConfig_Read() (GH-13371) 2019-05-17 03:15:12 +02:00
pycore_gil.h bpo-38353: Cleanup includes in the internal C API (GH-16548) 2019-10-02 23:51:20 +02:00
pycore_global_objects.h GH-96075: move interned dict under runtime state (GH-96077) 2022-08-22 12:05:21 -07:00
pycore_global_strings.h gh-95778: CVE-2020-10735: Prevent DoS by very large int() (#96499) 2022-09-02 09:35:08 -07:00
pycore_hamt.h gh-87347: Add parenthesis around PyXXX_Check() arguments (#92815) 2022-06-16 13:49:43 +02:00
pycore_hashtable.h gh-87347: Add parenthesis around macro arguments (#93915) 2022-06-20 16:04:52 +02:00
pycore_import.h bpo-45395: Make custom frozen modules additions instead of replacements. (gh-28778) 2021-10-28 15:04:33 -06:00
pycore_initconfig.h gh-95778: CVE-2020-10735: Prevent DoS by very large int() (#96499) 2022-09-02 09:35:08 -07:00
pycore_interp.h gh-95778: CVE-2020-10735: Prevent DoS by very large int() (#96499) 2022-09-02 09:35:08 -07:00
pycore_interpreteridobject.h bpo-35081: Move interpreteridobject.h to Include/internal/ (GH-28969) 2021-10-15 11:56:34 +02:00
pycore_list.h gh-91247: Use memcpy for list and tuple repeat (#91482) 2022-07-25 22:10:23 -04:00
pycore_long.h gh-95778: CVE-2020-10735: Prevent DoS by very large int() (#96499) 2022-09-02 09:35:08 -07:00
pycore_moduleobject.h bpo-45459: Use type names in the internal C API (GH-31669) 2022-03-03 23:08:07 +01:00
pycore_namespace.h bpo-45482: Rename namespaceobject.h to pycore_namespace.h (GH-28975) 2021-10-15 15:21:21 +02:00
pycore_object.h GH-95245: Move weakreflist into the pre-header. (GH-95996) 2022-08-16 13:57:18 +01:00
pycore_opcode.h gh-93554: Conditional jump opcodes only jump forward (GH-96318) 2022-09-01 21:36:47 +01:00
pycore_parser.h bpo-43244: Remove parser_interface.h header file (GH-25001) 2021-03-24 01:29:09 +01:00
pycore_pathconfig.h bpo-45582: Port getpath[p].c to Python (GH-29041) 2021-12-03 00:08:42 +00:00
pycore_pyarena.h bpo-43244: Remove the pyarena.h header (GH-25007) 2021-03-24 02:23:01 +01:00
pycore_pyerrors.h gh-90667: Add specializations of Py_DECREF when types are known (GH-30872) 2022-04-19 19:02:19 +01:00
pycore_pyhash.h bpo-36635: Change pyport.h for Py_BUILD_CORE_MODULE define (GH-12853) 2019-04-17 23:02:26 +02:00
pycore_pylifecycle.h gh-64783: Fix signal.NSIG value on FreeBSD (#91929) 2022-04-26 00:13:31 +02:00
pycore_pymath.h gh-82616: Add Py_IS_TYPE_SIGNED() macro (#93178) 2022-05-27 15:05:35 +02:00
pycore_pymem.h bpo-40170: Move _Py_GetAllocatedBlocks() to pycore_pymem.h (GH-30943) 2022-01-27 21:23:22 +01:00
pycore_pystate.h GH-96177: Move GIL and eval breaker code out of ceval.c into ceval_gil.c. (GH-96204) 2022-08-24 14:21:01 +01:00
pycore_range.h GH-91432: Specialize FOR_ITER (GH-91713) 2022-06-21 11:19:26 +01:00
pycore_runtime.h GH-95909: Make _PyArg_Parser initialization thread safe (GH-95958) 2022-08-16 11:22:14 -07:00
pycore_runtime_init.h GH-90699: Move generated static initializer to pycore_runtime_generated.h (GH-94051) 2022-07-07 13:04:05 -07:00
pycore_runtime_init_generated.h gh-95778: CVE-2020-10735: Prevent DoS by very large int() (#96499) 2022-09-02 09:35:08 -07:00
pycore_signal.h gh-64783: Fix signal.NSIG value on FreeBSD (#91929) 2022-04-26 00:13:31 +02:00
pycore_sliceobject.h GH-94163: Add BINARY_SLICE and STORE_SLICE instructions. (GH-94168) 2022-06-27 12:24:23 +01:00
pycore_strhex.h gh-91768: C API no longer use "const PyObject*" type (#91769) 2022-04-21 22:07:19 +02:00
pycore_structseq.h gh-94673: Add _PyStaticType_InitBuiltin() (#95152) 2022-07-25 12:47:31 -06:00
pycore_symtable.h gh-87347: Add parenthesis around PyXXX_Check() arguments (#92815) 2022-06-16 13:49:43 +02:00
pycore_sysmodule.h bpo-46541: Replace core use of _Py_IDENTIFIER() with statically initialized global objects. (gh-30928) 2022-02-08 13:39:07 -07:00
pycore_token.h gh-92651: Remove the Include/token.h header file (#92652) 2022-05-11 23:22:50 +02:00
pycore_traceback.h bpo-45459: Use type names in the internal C API (GH-31669) 2022-03-03 23:08:07 +01:00
pycore_tuple.h bpo-46753: Add the empty tuple to the _PyRuntimeState.global_objects. (gh-31345) 2022-02-28 15:15:48 -07:00
pycore_typeobject.h GH-93911: Specialize LOAD_ATTR for custom __getattribute__ (GH-93988) 2022-08-17 12:37:07 +01:00
pycore_ucnhash.h bpo-42157: Rename unicodedata.ucnhash_CAPI (GH-22994) 2020-10-27 04:36:22 +01:00
pycore_unicodeobject.h gh-90667: Add specializations of Py_DECREF when types are known (GH-30872) 2022-04-19 19:02:19 +01:00
pycore_unionobject.h gh-87347: Add parenthesis around PyXXX_Check() arguments (#92815) 2022-06-16 13:49:43 +02:00
pycore_warnings.h bpo-35134: Split warnings.h and weakrefobject.h (GH-29042) 2021-10-19 01:31:57 +02:00