mirrors/cpython
1
0
Fork 0
mirror of https://github.com/python/cpython.git synced 2025-12-23 09:19:18 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
cpython/Include
History
Gregory P. Smith 8f0fa4bd10
[3.10] gh-95778: CVE-2020-10735: Prevent DoS by very large int() (#96501) 
Integer to and from text conversions via CPython's bignum `int` type is not safe against denial of service attacks due to malicious input. Very large input strings with hundred thousands of digits can consume several CPU seconds.

This PR comes fresh from a pile of work done in our private PSRT security response team repo.

This backports https://github.com/python/cpython/pull/96499 aka 511ca94520

Signed-off-by: Christian Heimes [Red Hat] <christian@python.org>
Tons-of-polishing-up-by: Gregory P. Smith [Google] <greg@krypto.org>
Reviews via the private PSRT repo via many others (see the NEWS entry in the PR).

<!-- gh-issue-number: gh-95778 -->
* Issue: gh-95778
<!-- /gh-issue-number -->

I wrote up [a one pager for the release managers](https://docs.google.com/document/d/1KjuF_aXlzPUxTK4BMgezGJ2Pn7uevfX7g0_mvgHlL7Y/edit#).
2022-09-02 09:51:49 -07:00
..
cpython [3.11] gh-93741: Add private C API _PyImport_GetModuleAttrString() (GH-93742) (GH-93792) 2022-06-16 00:19:29 -07:00
internal [3.10] gh-95778: CVE-2020-10735: Prevent DoS by very large int() (#96501) 2022-09-02 09:51:49 -07:00
abstract.h [3.10] Fix typos in the Include directory (GH-28745) (GH-28789) 2021-10-07 06:00:23 -07:00
bltinmodule.h
boolobject.h bpo-43795: PEP-652: Simplify headers for easier static analysis (GH-25483) 2021-04-23 14:14:00 +02:00
bytearrayobject.h
bytesobject.h bpo-42431: Fix outdated bytes comments (GH-23458) 2020-12-03 12:46:16 +02:00
cellobject.h bpo-30459: Cast the result of PyCell_SET to void (GH-23654) 2020-12-07 11:56:20 +01:00
ceval.h bpo-41936. Remove macros Py_ALLOW_RECURSION/Py_END_ALLOW_RECURSION (GH-22552) 2020-10-05 12:32:00 +03:00
classobject.h
code.h bpo-40421: Add Include/cpython/code.h header file (GH-19756) 2020-04-28 17:07:12 +02:00
codecs.h bpo-41842: Add codecs.unregister() function (GH-22360) 2020-09-28 23:41:11 +02:00
compile.h bpo-35134: Add include/cpython/compile.h (GH-24922) 2021-03-22 09:32:11 +01:00
complexobject.h
context.h bpo-40428: Remove PyTuple_ClearFreeList() function (GH-19769) 2020-04-29 02:29:20 +02:00
datetime.h bpo-30155: Add macros to get tzinfo from datetime instances (GH-21633) 2020-09-23 14:43:45 -04:00
descrobject.h bpo-40170: Convert PyDescr_IsData() to static inline function (GH-24535) 2021-02-16 08:50:00 +01:00
dictobject.h bpo-41845: Move PyObject_GenericGetDict() back into the limited API (GH22646) 2020-10-19 23:47:37 +01:00
dynamic_annotations.h
enumobject.h
errcode.h [3.10] bpo-46521: Fix codeop to use a new partial-input mode of the parser (GH-31010). (GH-31213) 2022-02-08 12:25:15 +00:00
eval.h bpo-42990: Further refactoring of PyEval_ functions. (GH-24368) 2021-02-01 10:42:03 +00:00
exports.h
fileobject.h bpo-41986: Add Py_FileSystemDefaultEncodeErrors and Py_UTF8Mode back to limited API (GH-22621) 2020-10-10 17:09:45 +03:00
fileutils.h bpo-43795: PEP-652: Clean up the stable ABI/limited API (GH-25482) 2021-04-23 14:17:58 +02:00
floatobject.h bpo-40428: Remove PyTuple_ClearFreeList() function (GH-19769) 2020-04-29 02:29:20 +02:00
frameobject.h bpo-40421: Add pyframe.h header file (GH-19755) 2020-04-28 16:32:48 +02:00
funcobject.h bpo-42990: Introduce 'frame constructor' struct to simplify API for PyEval_CodeEval and friends (GH-24298) 2021-01-29 13:24:55 +00:00
genericaliasobject.h
genobject.h Delete PyGen_Send (#22663) 2020-10-12 12:10:42 -07:00
import.h
interpreteridobject.h
intrcheck.h bpo-41713: Remove PyOS_InitInterrupts() function (GH-23342) 2020-11-17 16:22:23 +01:00
iterobject.h bpo-43770: _PyTypes_Init() inits _PyAnextAwaitable_Type (GH-25266) 2021-04-08 09:58:15 +02:00
listobject.h
longintrepr.h
longobject.h bpo-42161: Remove private _PyLong_Zero and _PyLong_One (GH-23003) 2020-10-27 21:34:33 +01:00
marshal.h
memoryobject.h
methodobject.h bpo-43688: Fix Py_LIMITED_API version of xxlimited (GH-25135) 2021-04-01 15:09:33 +02:00
modsupport.h bpo-1635741: Add PyModule_AddObjectRef() function (GH-23122) 2020-11-04 13:59:15 +01:00
moduleobject.h bpo-42923: Dump extension modules on fatal error (GH-24207) 2021-01-18 20:47:13 +01:00
namespaceobject.h
object.h [3.10] Fix typos in the Include directory (GH-28745) (GH-28789) 2021-10-07 06:00:23 -07:00
objimpl.h bpo-43774: Remove unused PYMALLOC_DEBUG macro (GH-25711) 2021-04-29 10:47:47 +02:00
opcode.h bpo-43754: Eliminate bindings for partial pattern matches (GH-25229) 2021-05-02 13:02:10 -07:00
osdefs.h
osmodule.h
patchlevel.h Post 3.10.6 2022-08-02 11:05:09 +01:00
py_curses.h
pycapsule.h
pydtrace.d
pydtrace.h
pyerrors.h bpo-43510: Implement PEP 597 opt-in EncodingWarning. (GH-19481) 2021-03-29 12:28:14 +09:00
pyexpat.h
pyframe.h bpo-40421: Add PyFrame_GetCode() function (GH-19757) 2020-04-28 19:01:31 +02:00
pyhash.h bpo-43795: PEP-652: Clean up the stable ABI/limited API (GH-25482) 2021-04-23 14:17:58 +02:00
pylifecycle.h bpo-43795: Remove Py_FrozenMain from the Limited API & Stable ABI (GH-26241) (GH-26353) 2021-05-25 12:59:10 +01:00
pymacconfig.h
pymacro.h bpo-41875: Use __builtin_unreachable when possible (GH-22433) 2020-09-29 05:41:23 +09:00
pymath.h bpo-29782: Consolidate _Py_Bit_Length() (GH-20739) 2020-06-15 14:33:48 +02:00
pymem.h bpo-43774: Remove unused PYMALLOC_DEBUG macro (GH-25711) 2021-04-29 10:47:47 +02:00
pyport.h bpo-43795: PEP-652: Simplify headers for easier static analysis (GH-25483) 2021-04-23 14:14:00 +02:00
pystate.h Update code comment re: location of struct _is. (GH-20067) 2020-05-14 19:11:00 -07:00
pystrcmp.h
pystrhex.h
pystrtod.h
Python.h bpo-39026: Fix Python.h when building with Xcode (GH-29488) (GH-29732) 2021-11-25 13:35:22 +01:00
pythonrun.h bpo-43868: Remove PyOS_ReadlineFunctionPointer from the stable ABI list (GH-25442) 2021-04-23 14:23:38 +02:00
pythread.h
rangeobject.h
README.rst bpo-43795: PEP 652 user documentation (GH-25668) (GH-26034) 2021-05-13 22:29:09 -07:00
setobject.h bpo-43277: Add PySet_CheckExact to the C-API (GH-24598) 2021-02-20 18:03:08 +00:00
sliceobject.h
structmember.h bpo-42800: Rename AUDIT_READ to PY_AUDIT_READ (GH-25736) 2021-04-30 01:08:55 +01:00
structseq.h bpo-43916: Move the _PyStructSequence_InitType function to the internal API (GH-25854) 2021-05-03 15:50:24 +01:00
sysmodule.h
token.h bpo-43822: Improve syntax errors for missing commas (GH-25377) 2021-04-15 21:38:45 +01:00
traceback.h bpo-40421: Add pyframe.h header file (GH-19755) 2020-04-28 16:32:48 +02:00
tracemalloc.h
tupleobject.h bpo-40428: Remove PyTuple_ClearFreeList() function (GH-19769) 2020-04-29 02:29:20 +02:00
typeslots.h bpo-42085: Introduce dedicated entry in PyAsyncMethods for sending values (#22780) 2020-11-10 12:09:55 -08:00
unicodeobject.h bpo-41784: make PyUnicode_AsUTF8AndSize part of the limited API (GH-22252) 2020-10-19 23:17:50 +01:00
warnings.h
weakrefobject.h

README.rst 

The Python C API
================

The C API is divided into three sections:

1. ``Include/``: Limited API
2. ``Include/cpython/``: CPython implementation details
3. ``Include/internal/``: The internal API

Information on changing the C API is available `in the developer guide`_

.. _in the developer guide: https://devguide.python.org/c-api/