mirrors
/
cpython
mirror of https://github.com/python/cpython.git
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
cpython/Lib/test/support
History
Gregory P. Smith 8f0fa4bd10
[3.10] gh-95778: CVE-2020-10735: Prevent DoS by very large int() (#96501) 
Integer to and from text conversions via CPython's bignum `int` type is not safe against denial of service attacks due to malicious input. Very large input strings with hundred thousands of digits can consume several CPU seconds.

This PR comes fresh from a pile of work done in our private PSRT security response team repo.

This backports https://github.com/python/cpython/pull/96499 aka 511ca94520

Signed-off-by: Christian Heimes [Red Hat] <christian@python.org>
Tons-of-polishing-up-by: Gregory P. Smith [Google] <greg@krypto.org>
Reviews via the private PSRT repo via many others (see the NEWS entry in the PR).

<!-- gh-issue-number: gh-95778 -->
* Issue: gh-95778
<!-- /gh-issue-number -->

I wrote up [a one pager for the release managers](https://docs.google.com/document/d/1KjuF_aXlzPUxTK4BMgezGJ2Pn7uevfX7g0_mvgHlL7Y/edit#).
 		2022-09-02 09:51:49 -07:00
..
__init__.py [3.10] gh-95778: CVE-2020-10735: Prevent DoS by very large int() (#96501) 2022-09-02 09:51:49 -07:00
bytecode_helper.py bpo-42199: Fix bytecode_helper assertNotInBytecode (#23031) 2020-12-17 16:30:29 -08:00
hashlib_helper.py bpo-45042: Now test classes decorated with `requires_hashdigest` are not skipped (GH-28060) 2021-09-04 14:04:44 -07:00
import_helper.py bpo-46678: Fix Invalid cross device link in Lib/test/support/import_helper.py (GH-31204) (GH-31207) 2022-02-08 13:04:05 -08:00
interpreters.py bpo-32604: Clean up test.support.interpreters. (gh-20926) 2020-06-16 18:24:40 -06:00
logging_helper.py bpo-40275: Avoid importing logging in test.support (GH-19601) 2020-04-25 11:35:18 +03:00
os_helper.py bpo-46426: Improve tests for the dir_fd argument (GH-30668) (GH-30739) 2022-01-21 19:31:25 +02:00
script_helper.py bpo-42639: Add script_helper.run_test_script() (GH-23777) 2020-12-15 16:08:16 +01:00
socket_helper.py bpo-44740: Lowercase "internet" and "web" where appropriate. (GH-27378) (GH-27380) 2021-07-27 00:34:32 +02:00
testresult.py bpo-45057: Simplify RegressionTestResult (GH-28081) (GH-28101) 2021-09-01 09:45:46 +03:00
threading_helper.py [3.10] Fix typos in the Lib directory (GH-28775) (GH-28804) 2021-10-07 11:49:47 -04:00
warnings_helper.py [3.10] bpo-44852: Support ignoring specific DeprecationWarnings wholesale in regrtest (GH-27634) (GH-27784) 2021-08-17 12:01:00 +02:00