mirrors/cpython
1
0
Fork 0
mirror of https://github.com/python/cpython.git synced 2025-07-23 03:05:38 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 15

[3.10] gh-95778: CVE-2020-10735: Prevent DoS by very large int() (#96501)

Browse source 
Integer to and from text conversions via CPython's bignum `int` type is not safe against denial of service attacks due to malicious input. Very large input strings with hundred thousands of digits can consume several CPU seconds.

This PR comes fresh from a pile of work done in our private PSRT security response team repo.

This backports https://github.com/python/cpython/pull/96499 aka 511ca94520

Signed-off-by: Christian Heimes [Red Hat] <christian@python.org>
Tons-of-polishing-up-by: Gregory P. Smith [Google] <greg@krypto.org>
Reviews via the private PSRT repo via many others (see the NEWS entry in the PR).

<!-- gh-issue-number: gh-95778 -->
* Issue: gh-95778
<!-- /gh-issue-number -->

I wrote up [a one pager for the release managers](https://docs.google.com/document/d/1KjuF_aXlzPUxTK4BMgezGJ2Pn7uevfX7g0_mvgHlL7Y/edit#).
This commit is contained in:
Gregory P. Smith 2022-09-02 09:51:49 -07:00 committed by GitHub
parent bbcb03e7b0
commit 8f0fa4bd10
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
27 changed files with 780 additions and 21 deletions
Download patch file Download diff file Expand all files Collapse all files

55
Python/clinic/sysmodule.c.h generated
View file

@ -647,6 +647,59 @@ exit:
#endif /* defined(USE_MALLOPT) */
PyDoc_STRVAR(sys_get_int_max_str_digits__doc__,
"get_int_max_str_digits($module, /)\n"
"--\n"
"\n"
"Set the maximum string digits limit for non-binary int<->str conversions.");
#define SYS_GET_INT_MAX_STR_DIGITS_METHODDEF \
{"get_int_max_str_digits", (PyCFunction)sys_get_int_max_str_digits, METH_NOARGS, sys_get_int_max_str_digits__doc__},
static PyObject *
sys_get_int_max_str_digits_impl(PyObject *module);
static PyObject *
sys_get_int_max_str_digits(PyObject *module, PyObject *Py_UNUSED(ignored))
{
return sys_get_int_max_str_digits_impl(module);
}
PyDoc_STRVAR(sys_set_int_max_str_digits__doc__,
"set_int_max_str_digits($module, /, maxdigits)\n"
"--\n"
"\n"
"Set the maximum string digits limit for non-binary int<->str conversions.");
#define SYS_SET_INT_MAX_STR_DIGITS_METHODDEF \
{"set_int_max_str_digits", (PyCFunction)(void(*)(void))sys_set_int_max_str_digits, METH_FASTCALL|METH_KEYWORDS, sys_set_int_max_str_digits__doc__},
static PyObject *
sys_set_int_max_str_digits_impl(PyObject *module, int maxdigits);
static PyObject *
sys_set_int_max_str_digits(PyObject *module, PyObject *const *args, Py_ssize_t nargs, PyObject *kwnames)
{
PyObject *return_value = NULL;
static const char * const _keywords[] = {"maxdigits", NULL};
static _PyArg_Parser _parser = {NULL, _keywords, "set_int_max_str_digits", 0};
PyObject *argsbuf[1];
int maxdigits;
args = _PyArg_UnpackKeywords(args, nargs, NULL, kwnames, &_parser, 1, 1, 0, argsbuf);
if (!args) {
goto exit;
}
maxdigits = _PyLong_AsInt(args[0]);
if (maxdigits == -1 && PyErr_Occurred()) {
goto exit;
}
return_value = sys_set_int_max_str_digits_impl(module, maxdigits);
exit:
return return_value;
}
PyDoc_STRVAR(sys_getrefcount__doc__,
"getrefcount($module, object, /)\n"
"--\n"
@ -983,4 +1036,4 @@ sys__deactivate_opcache(PyObject *module, PyObject *Py_UNUSED(ignored))
#ifndef SYS_GETANDROIDAPILEVEL_METHODDEF
#define SYS_GETANDROIDAPILEVEL_METHODDEF
#endif /* !defined(SYS_GETANDROIDAPILEVEL_METHODDEF) */
/*[clinic end generated code: output=68c62b9ca317a0c8 input=a9049054013a1b77]*/
/*[clinic end generated code: output=6230a1e3a4415744 input=a9049054013a1b77]*/