mirrors/cpython
1
0
Fork 0
mirror of https://github.com/python/cpython.git synced 2025-08-03 08:34:29 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 6

Fixes Issue #14234: CVE-2012-0876: Randomize hashes of xml attributes

Browse source 
in the hash table internal to the pyexpat module's copy of the expat
library to avoid a denial of service due to hash collisions.
Patch by David Malcolm with some modifications by the expat project.
This commit is contained in:
Gregory P. Smith 2012-03-14 15:00:39 -07:00
commit 70c9c4dca6
5 changed files with 135 additions and 59 deletions
Download patch file Download diff file Expand all files Collapse all files

2
Modules/pyexpat.c
View file

@ -1156,6 +1156,8 @@ newxmlparseobject(char *encoding, char *namespace_separator, PyObject *intern)
else {
self->itself = XML_ParserCreate(encoding);
}
XML_SetHashSalt(self->itself,
(unsigned long)_Py_HashSecret.prefix);
self->intern = intern;
Py_XINCREF(self->intern);
PyObject_GC_Track(self);