mirrors/cpython
1
0
Fork 0
mirror of https://github.com/python/cpython.git synced 2025-12-23 09:19:18 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
cpython/Include
History
Gregory P. Smith f8b71da9aa
[3.11] gh-95778: CVE-2020-10735: Prevent DoS by very large int() (#96500) 
Integer to and from text conversions via CPython's bignum `int` type is not safe against denial of service attacks due to malicious input. Very large input strings with hundred thousands of digits can consume several CPU seconds.

This PR comes fresh from a pile of work done in our private PSRT security response team repo.

This backports https://github.com/python/cpython/pull/96499 aka 511ca94520

Signed-off-by: Christian Heimes [Red Hat] <christian@python.org>
Tons-of-polishing-up-by: Gregory P. Smith [Google] <greg@krypto.org>
Reviews via the private PSRT repo via many others (see the NEWS entry in the PR).

<!-- gh-issue-number: gh-95778 -->
* Issue: gh-95778
<!-- /gh-issue-number -->

I wrote up [a one pager for the release managers](https://docs.google.com/document/d/1KjuF_aXlzPUxTK4BMgezGJ2Pn7uevfX7g0_mvgHlL7Y/edit#).
2022-09-02 09:48:57 -07:00
..
cpython gh-94936: C getters: co_varnames, co_cellvars, co_freevars (GH-95008) 2022-08-04 07:16:52 -07:00
internal [3.11] gh-95778: CVE-2020-10735: Prevent DoS by very large int() (#96500) 2022-09-02 09:48:57 -07:00
abstract.h bpo-45434: Remove useless space in includes (GH-28963) 2021-10-15 01:50:04 +02:00
bltinmodule.h
boolobject.h bpo-45459: C API uses type names rather than structure names (GH-31528) 2022-02-24 17:51:59 +01:00
bytearrayobject.h bpo-45434: Remove useless space in includes (GH-28963) 2021-10-15 01:50:04 +02:00
bytesobject.h bpo-45434: Remove useless space in includes (GH-28963) 2021-10-15 01:50:04 +02:00
ceval.h bpo-45434: Remove Include/eval.h header file (GH-28973) 2021-10-15 13:06:05 +02:00
codecs.h
compile.h bpo-35134: Add include/cpython/compile.h (GH-24922) 2021-03-22 09:32:11 +01:00
complexobject.h bpo-35134: Add Include/cpython/complexobject.h header (GH-32383) 2022-04-07 01:05:27 +02:00
datetime.h
descrobject.h bpo-45459: C API uses type names rather than structure names (GH-31528) 2022-02-24 17:51:59 +01:00
dictobject.h bpo-45434: Remove useless space in includes (GH-28963) 2021-10-15 01:50:04 +02:00
dynamic_annotations.h
enumobject.h
errcode.h bpo-46521: Fix codeop to use a new partial-input mode of the parser (GH-31010) 2022-02-08 11:54:37 +00:00
exports.h
fileobject.h bpo-45434: Remove useless space in includes (GH-28963) 2021-10-15 01:50:04 +02:00
fileutils.h bpo-45434: Remove useless space in includes (GH-28963) 2021-10-15 01:50:04 +02:00
floatobject.h bpo-46656: Remove Py_NO_NAN macro (GH-31160) 2022-02-25 01:32:57 +01:00
frameobject.h bpo-45434: Remove useless space in includes (GH-28963) 2021-10-15 01:50:04 +02:00
genericaliasobject.h bpo-44654: Refactor and clean up the union type implementation (GH-27196) 2021-07-17 22:44:10 +03:00
import.h bpo-45434: Remove useless space in includes (GH-28963) 2021-10-15 01:50:04 +02:00
intrcheck.h
iterobject.h bpo-43770: _PyTypes_Init() inits _PyAnextAwaitable_Type (GH-25266) 2021-04-08 09:58:15 +02:00
listobject.h bpo-45434: Remove useless space in includes (GH-28963) 2021-10-15 01:50:04 +02:00
longobject.h bpo-45459: Add pytypedefs.h header file (GH-31527) 2022-02-24 17:07:12 +01:00
marshal.h bpo-45474: Exclude all of marshal.h if Py_LIMITED_API is defined (GH-29061) 2021-10-20 02:32:14 -07:00
memoryobject.h bpo-45459: Add Py_buffer to limited API (GH-29991) 2022-02-02 07:03:10 -08:00
methodobject.h gh-92135: Rename _Py_reinterpret_cast() to _Py_CAST() (#92230) 2022-05-03 16:37:06 +02:00
modsupport.h gh-79315: Add Include/cpython/modsupport.h header (#91797) 2022-04-21 23:00:26 +02:00
moduleobject.h gh-91321: Fix PyModuleDef_HEAD_INIT on C++ (#92259) 2022-05-03 22:40:20 +02:00
object.h gh-89653: PEP 670: Use PyObject* type for parameters (GH-92694) 2022-05-11 16:23:29 -07:00
objimpl.h gh-92135: Rename _Py_reinterpret_cast() to _Py_CAST() (#92230) 2022-05-03 16:37:06 +02:00
opcode.h gh-91869: Fix tracing of specialized instructions with extended args (GH-91945) 2022-04-27 22:36:34 -06:00
osdefs.h
osmodule.h
patchlevel.h Post 3.11.0rc1 2022-08-08 14:07:31 +01:00
py_curses.h bpo-46417: Add _PyType_CAST() macro (GH-30760) 2022-01-21 21:39:01 +01:00
pybuffer.h bpo-45459: Add pytypedefs.h header file (GH-31527) 2022-02-24 17:07:12 +01:00
pycapsule.h
pydtrace.d
pydtrace.h
pyerrors.h gh-90501: Add PyErr_GetHandledException and PyErr_SetHandledException (GH-30531) 2022-04-15 19:57:47 +01:00
pyexpat.h
pyframe.h gh-93937, C API: Move PyFrame_GetBack() to Python.h (#93938) (#94000) 2022-06-20 15:47:41 +02:00
pyhash.h bpo-29410: Change the default hash algorithm to SipHash13. (GH-28752) 2021-10-10 17:29:46 +09:00
pylifecycle.h bpo-43931: Export Python version as API data (GH-25577) 2021-12-09 17:52:05 -08:00
pymacconfig.h
pymacro.h gh-91731: Don't define 'static_assert' in C++11 where is a keyword to avoid UB (GH-93700) 2022-06-16 07:50:15 -07:00
pymath.h bpo-46656: Remove Py_NO_NAN macro (GH-31160) 2022-02-25 01:32:57 +01:00
pymem.h bpo-45434: Remove useless space in includes (GH-28963) 2021-10-15 01:50:04 +02:00
pyport.h gh-94731: Revert to C-style casts for _Py_CAST (GH-94782) (#94849) 2022-07-15 09:35:23 +02:00
pystate.h bpo-45459: C API uses type names rather than structure names (GH-31528) 2022-02-24 17:51:59 +01:00
pystrcmp.h
pystrtod.h bpo-45995: add "z" format specifer to coerce negative 0 to zero (GH-30049) 2022-04-11 15:34:18 +01:00
Python.h bpo-35134: Remove the Include/code.h header file (GH-32385) 2022-04-07 02:29:52 +02:00
pythonrun.h Docs: Clarify availability of PyOS_CheckStack (GH-91816) 2022-04-22 12:44:43 +02:00
pythread.h gh-79315: Add Include/cpython/pythread.h header (#91798) 2022-04-21 23:00:42 +02:00
pytypedefs.h bpo-45459: Fix PyModuleDef_Slot type in the limited C API (GH-31668) 2022-03-03 23:06:55 +01:00
rangeobject.h
README.rst bpo-43795: PEP 652 user documentation (GH-25668) 2021-05-11 07:04:33 -07:00
setobject.h bpo-35134: Add Include/cpython/setobject.h header (GH-32384) 2022-04-07 01:26:24 +02:00
sliceobject.h
structmember.h bpo-45459: C API uses type names rather than structure names (GH-31528) 2022-02-24 17:51:59 +01:00
structseq.h bpo-45459: C API uses type names rather than structure names (GH-31528) 2022-02-24 17:51:59 +01:00
sysmodule.h gh-88279: Deprecate PySys_SetArgvEx() (#92363) 2022-05-06 05:24:29 +02:00
token.h bpo-43822: Improve syntax errors for missing commas (GH-25377) 2021-04-15 21:38:45 +01:00
traceback.h bpo-45434: Remove useless space in includes (GH-28963) 2021-10-15 01:50:04 +02:00
tracemalloc.h
tupleobject.h bpo-45434: Remove useless space in includes (GH-28963) 2021-10-15 01:50:04 +02:00
typeslots.h bpo-45459: Add Py_buffer to limited API (GH-29991) 2022-02-02 07:03:10 -08:00
unicodeobject.h bpo-47164: Add _PyASCIIObject_CAST() macro (GH-32191) 2022-03-31 09:59:27 +02:00
warnings.h bpo-35134: Split warnings.h and weakrefobject.h (GH-29042) 2021-10-19 01:31:57 +02:00
weakrefobject.h bpo-35134: Split warnings.h and weakrefobject.h (GH-29042) 2021-10-19 01:31:57 +02:00

README.rst 

The Python C API
================

The C API is divided into three sections:

1. ``Include/``: Limited API
2. ``Include/cpython/``: CPython implementation details
3. ``Include/internal/``: The internal API

Information on changing the C API is available `in the developer guide`_

.. _in the developer guide: https://devguide.python.org/c-api/