Revision - 547d2bc - [3.8] bpo-42103: Improve validation of Plist files. (GH-22882) [...] - origin: https://github.com/python/cpython

Staging
v0.8.1

visit type:

https://github.com/python/cpython

09 December 2020, 11:06:31 UTC

Revision 547d2bcc55e348043b2f338027c1acd9549ada76 authored by Serhiy Storchaka on 03 November 2020, 07:32:15 UTC, committed by GitHub on 03 November 2020, 07:32:15 UTC

[3.8] bpo-42103: Improve validation of Plist files. (GH-22882) (GH-23116)

* Prevent some possible DoS attacks via providing invalid Plist files
  with extremely large number of objects or collection sizes.
* Raise InvalidFileException for too large bytes and string size instead of returning garbage.
* Raise InvalidFileException instead of ValueError for specific invalid datetime (NaN).
* Raise InvalidFileException instead of TypeError for non-hashable dict keys.
* Add more tests for invalid Plist files.

(cherry picked from commit 34637a0ce21e7261b952fbd9d006474cc29b681f)

1 parent 1e96de9

Files
Changes

Permalinks

Tip revision: 547d2bcc55e348043b2f338027c1acd9549ada76 authored by Serhiy Storchaka on 03 November 2020, 07:32:15 UTC
[3.8] bpo-42103: Improve validation of Plist files. (GH-22882) (GH-23116)

Tip revision: 547d2bc

.gitattributes

# Binary data types
*.aif binary
*.aifc binary
*.aiff binary
*.au binary
*.bmp binary
*.exe binary
*.icns binary
*.gif binary
*.ico binary
*.jpg binary
*.pck binary
*.png binary
*.psd binary
*.tar binary
*.wav binary
*.whl binary
*.zip binary

# Specific binary files
Lib/test/sndhdrdata/sndhdr.* binary
PC/classicAppCompat.* binary

# Text files that should not be subject to eol conversion
Lib/test/cjkencodings/* -text
Lib/test/decimaltestdata/*.decTest -text
Lib/test/test_email/data/*.txt -text
Lib/test/xmltestdata/* -text
Lib/test/coding20731.py -text
Lib/test/test_importlib/data01/* -text

# CRLF files
*.bat text eol=crlf
*.ps1 text eol=crlf
*.sln text eol=crlf
*.vcxproj* text eol=crlf
*.props text eol=crlf
*.proj text eol=crlf
PCbuild/readme.txt text eol=crlf
PC/readme.txt text eol=crlf

# Generated files
# https://github.com/github/linguist#generated-code
Include/graminit.h          linguist-generated=true
Python/graminit.h           linguist-generated=true
Modules/clinic/*.h          linguist-generated=true
Objects/clinic/*.h          linguist-generated=true
PC/clinic/*.h               linguist-generated=true
Python/clinic/*.h           linguist-generated=true
Python/importlib.h          linguist-generated=true
Python/importlib_external.h linguist-generated=true
Include/Python-ast.h        linguist-generated=true
Python/Python-ast.c         linguist-generated=true
Include/opcode.h            linguist-generated=true
Python/opcode_targets.h     linguist-generated=true
Objects/typeslots.inc       linguist-generated=true
*_db.h                      linguist-generated=true
Doc/library/token-list.inc  linguist-generated=true
Include/token.h             linguist-generated=true
Lib/token.py                linguist-generated=true
Parser/token.c              linguist-generated=true

Showing with 0 additions and 0 deletions (0 / 0 diffs computed)

Computing file changes ...