Staging
v0.5.1
v0.5.1
https://github.com/python/cpython
Revision 942cc04ae44825ea120e3a19a80c9b348b8194d0 authored by Ned Deily on 11 March 2018, 18:28:53 UTC, committed by larryhastings on 11 March 2018, 18:28:53 UTC
* Prevent low-grade poplib REDOS (CVE-2018-1060) The regex to test a mail server's timestamp is susceptible to catastrophic backtracking on long evil responses from the server. Happily, the maximum length of malicious inputs is 2K thanks to a limit introduced in the fix for CVE-2013-1752. A 2KB evil response from the mail server would result in small slowdowns (milliseconds vs. microseconds) accumulated over many apop calls. This is a potential DOS vector via accumulated slowdowns. Replace it with a similar non-vulnerable regex. The new regex is RFC compliant. The old regex was non-compliant in edge cases. * Prevent difflib REDOS (CVE-2018-1061) The default regex for IS_LINE_JUNK is susceptible to catastrophic backtracking. This is a potential DOS vector. Replace it with an equivalent non-vulnerable regex. Also introduce unit and REDOS tests for difflib. Co-authored-by: Tim Peters <tim.peters@gmail.com> Co-authored-by: Christian Heimes <christian@python.org>.
1 parent f584ecd
Tip revision: 942cc04ae44825ea120e3a19a80c9b348b8194d0 authored by Ned Deily on 11 March 2018, 18:28:53 UTC
[3.4] bpo-32981: Fix catastrophic backtracking vulns (GH-5955) (#6035)
[3.4] bpo-32981: Fix catastrophic backtracking vulns (GH-5955) (#6035)
Tip revision: 942cc04
File | Mode | Size |
---|---|---|
stringlib | ||
abstract.c | -rw-r--r-- | 68.3 KB |
accu.c | -rw-r--r-- | 2.4 KB |
boolobject.c | -rw-r--r-- | 6.5 KB |
bytearrayobject.c | -rw-r--r-- | 89.3 KB |
bytes_methods.c | -rw-r--r-- | 9.1 KB |
bytesobject.c | -rw-r--r-- | 87.8 KB |
capsule.c | -rw-r--r-- | 7.2 KB |
cellobject.c | -rw-r--r-- | 4.8 KB |
classobject.c | -rw-r--r-- | 19.1 KB |
codeobject.c | -rw-r--r-- | 19.4 KB |
complexobject.c | -rw-r--r-- | 31.0 KB |
descrobject.c | -rw-r--r-- | 53.2 KB |
dictnotes.txt | -rw-r--r-- | 6.0 KB |
dictobject.c | -rw-r--r-- | 116.6 KB |
enumobject.c | -rw-r--r-- | 12.7 KB |
exceptions.c | -rw-r--r-- | 84.0 KB |
fileobject.c | -rw-r--r-- | 15.5 KB |
floatobject.c | -rw-r--r-- | 65.8 KB |
frameobject.c | -rw-r--r-- | 32.1 KB |
funcobject.c | -rw-r--r-- | 30.6 KB |
genobject.c | -rw-r--r-- | 16.8 KB |
iterobject.c | -rw-r--r-- | 9.1 KB |
listobject.c | -rw-r--r-- | 85.9 KB |
listsort.txt | -rw-r--r-- | 34.9 KB |
lnotab_notes.txt | -rw-r--r-- | 5.3 KB |
longobject.c | -rw-r--r-- | 155.5 KB |
memoryobject.c | -rw-r--r-- | 86.5 KB |
methodobject.c | -rw-r--r-- | 11.0 KB |
moduleobject.c | -rw-r--r-- | 15.0 KB |
namespaceobject.c | -rw-r--r-- | 7.3 KB |
object.c | -rw-r--r-- | 55.4 KB |
obmalloc.c | -rw-r--r-- | 75.2 KB |
rangeobject.c | -rw-r--r-- | 36.8 KB |
setobject.c | -rw-r--r-- | 71.2 KB |
sliceobject.c | -rw-r--r-- | 18.4 KB |
structseq.c | -rw-r--r-- | 12.9 KB |
tupleobject.c | -rw-r--r-- | 29.7 KB |
typeobject.c | -rw-r--r-- | 219.9 KB |
typeslots.inc | -rw-r--r-- | 3.6 KB |
typeslots.py | -rwxr-xr-x | 821 bytes |
unicodectype.c | -rw-r--r-- | 7.5 KB |
unicodeobject.c | -rw-r--r-- | 449.3 KB |
unicodetype_db.h | -rw-r--r-- | 187.3 KB |
weakrefobject.c | -rw-r--r-- | 29.4 KB |
Computing file changes ...