mirror of
https://github.com/python/cpython.git
synced 2025-08-04 17:08:35 +00:00
0e6c8ee235
* Prevent low-grade poplib REDOS (CVE-2018-1060) The regex to test a mail server's timestamp is susceptible to catastrophic backtracking on long evil responses from the server. Happily, the maximum length of malicious inputs is 2K thanks to a limit introduced in the fix for CVE-2013-1752. A 2KB evil response from the mail server would result in small slowdowns (milliseconds vs. microseconds) accumulated over many apop calls. This is a potential DOS vector via accumulated slowdowns. Replace it with a similar non-vulnerable regex. The new regex is RFC compliant. The old regex was non-compliant in edge cases. * Prevent difflib REDOS (CVE-2018-1061) The default regex for IS_LINE_JUNK is susceptible to catastrophic backtracking. This is a potential DOS vector. Replace it with an equivalent non-vulnerable regex. Also introduce unit and REDOS tests for difflib. Co-authored-by: Tim Peters <tim.peters@gmail.com> Co-authored-by: Christian Heimes <christian@python.org> |
||
|---|---|---|
| .. | ||
| NEWS.d | ||
| ACKS | ||
| coverity_model.c | ||
| gdbinit | ||
| HISTORY | ||
| indent.pro | ||
| Porting | ||
| python-config.in | ||
| python-config.sh.in | ||
| python-wing3.wpr | ||
| python-wing4.wpr | ||
| python-wing5.wpr | ||
| python.man | ||
| python.pc.in | ||
| README | ||
| README.AIX | ||
| README.coverity | ||
| README.valgrind | ||
| SpecialBuilds.txt | ||
| svnmap.txt | ||
| valgrind-python.supp | ||
| vgrindefs | ||
Python Misc subdirectory
========================
This directory contains files that wouldn't fit in elsewhere. Some
documents are only of historic importance.
Files found here
----------------
ACKS Acknowledgements
gdbinit Handy stuff to put in your .gdbinit file, if you use gdb
HISTORY News from previous releases -- oldest last
indent.pro GNU indent profile approximating my C style
NEWS News for this release (for some meaning of "this")
Porting Mini-FAQ on porting to new platforms
python-config.in Python script template for python-config
python.man UNIX man page for the python interpreter
python.pc.in Package configuration info template for pkg-config
python-wing*.wpr Wing IDE project file
README The file you're reading now
README.AIX Information about using Python on AIX
README.coverity Information about running Coverity's Prevent on Python
README.valgrind Information for Valgrind users, see valgrind-python.supp
SpecialBuilds.txt Describes extra symbols you can set for debug builds
svnmap.txt Map of old SVN revs and branches to hg changeset ids,
help history-digging
valgrind-python.supp Valgrind suppression file, see README.valgrind
vgrindefs Python configuration for vgrind (a generic pretty printer)