Staging
v0.5.1
v0.5.1
https://github.com/python/cpython
Revision 942cc04ae44825ea120e3a19a80c9b348b8194d0 authored by Ned Deily on 11 March 2018, 18:28:53 UTC, committed by larryhastings on 11 March 2018, 18:28:53 UTC
* Prevent low-grade poplib REDOS (CVE-2018-1060) The regex to test a mail server's timestamp is susceptible to catastrophic backtracking on long evil responses from the server. Happily, the maximum length of malicious inputs is 2K thanks to a limit introduced in the fix for CVE-2013-1752. A 2KB evil response from the mail server would result in small slowdowns (milliseconds vs. microseconds) accumulated over many apop calls. This is a potential DOS vector via accumulated slowdowns. Replace it with a similar non-vulnerable regex. The new regex is RFC compliant. The old regex was non-compliant in edge cases. * Prevent difflib REDOS (CVE-2018-1061) The default regex for IS_LINE_JUNK is susceptible to catastrophic backtracking. This is a potential DOS vector. Replace it with an equivalent non-vulnerable regex. Also introduce unit and REDOS tests for difflib. Co-authored-by: Tim Peters <tim.peters@gmail.com> Co-authored-by: Christian Heimes <christian@python.org>.
1 parent f584ecd
Tip revision: 942cc04ae44825ea120e3a19a80c9b348b8194d0 authored by Ned Deily on 11 March 2018, 18:28:53 UTC
[3.4] bpo-32981: Fix catastrophic backtracking vulns (GH-5955) (#6035)
[3.4] bpo-32981: Fix catastrophic backtracking vulns (GH-5955) (#6035)
Tip revision: 942cc04
File | Mode | Size |
---|---|---|
VS9.0 | ||
bdist_wininst | ||
icons | ||
WinMain.c | -rw-r--r-- | 449 bytes |
_msi.c | -rw-r--r-- | 31.0 KB |
config.c | -rw-r--r-- | 5.0 KB |
dl_nt.c | -rw-r--r-- | 4.3 KB |
dllbase_nt.txt | -rw-r--r-- | 3.5 KB |
empty.c | -rw-r--r-- | 137 bytes |
errmap.h | -rw-r--r-- | 2.1 KB |
errmap.mak | -rw-r--r-- | 95 bytes |
frozen_dllmain.c | -rw-r--r-- | 3.9 KB |
generrmap.c | -rw-r--r-- | 849 bytes |
getpathp.c | -rw-r--r-- | 24.5 KB |
icons.mak | -rw-r--r-- | 213 bytes |
icons.rc | -rw-r--r-- | 59 bytes |
launcher.c | -rw-r--r-- | 47.9 KB |
launcher.ico | -rw-r--r-- | 19.3 KB |
make_versioninfo.c | -rw-r--r-- | 1.2 KB |
msvcrtmodule.c | -rw-r--r-- | 14.0 KB |
py.ico | -rw-r--r-- | 19.3 KB |
pyc.ico | -rw-r--r-- | 19.3 KB |
pycon.ico | -rw-r--r-- | 19.3 KB |
pyconfig.h | -rw-r--r-- | 20.6 KB |
pylauncher.rc | -rw-r--r-- | 1.3 KB |
python3.def | -rw-r--r-- | 35.0 KB |
python3.mak | -rw-r--r-- | 611 bytes |
python34gen.py | -rw-r--r-- | 663 bytes |
python34stub.def | -rw-r--r-- | 13.4 KB |
python3dll.c | -rw-r--r-- | 134 bytes |
python_exe.rc | -rw-r--r-- | 49 bytes |
python_nt.rc | -rw-r--r-- | 1.8 KB |
readme.txt | -rw-r--r-- | 3.8 KB |
testpy.py | -rw-r--r-- | 836 bytes |
winreg.c | -rw-r--r-- | 59.7 KB |
winsound.c | -rw-r--r-- | 5.5 KB |
Computing file changes ...