Staging
v0.5.1
v0.5.1
https://github.com/python/cpython
Revision 942cc04ae44825ea120e3a19a80c9b348b8194d0 authored by Ned Deily on 11 March 2018, 18:28:53 UTC, committed by larryhastings on 11 March 2018, 18:28:53 UTC
* Prevent low-grade poplib REDOS (CVE-2018-1060) The regex to test a mail server's timestamp is susceptible to catastrophic backtracking on long evil responses from the server. Happily, the maximum length of malicious inputs is 2K thanks to a limit introduced in the fix for CVE-2013-1752. A 2KB evil response from the mail server would result in small slowdowns (milliseconds vs. microseconds) accumulated over many apop calls. This is a potential DOS vector via accumulated slowdowns. Replace it with a similar non-vulnerable regex. The new regex is RFC compliant. The old regex was non-compliant in edge cases. * Prevent difflib REDOS (CVE-2018-1061) The default regex for IS_LINE_JUNK is susceptible to catastrophic backtracking. This is a potential DOS vector. Replace it with an equivalent non-vulnerable regex. Also introduce unit and REDOS tests for difflib. Co-authored-by: Tim Peters <tim.peters@gmail.com> Co-authored-by: Christian Heimes <christian@python.org>.
1 parent f584ecd
Tip revision: 942cc04ae44825ea120e3a19a80c9b348b8194d0 authored by Ned Deily on 11 March 2018, 18:28:53 UTC
[3.4] bpo-32981: Fix catastrophic backtracking vulns (GH-5955) (#6035)
[3.4] bpo-32981: Fix catastrophic backtracking vulns (GH-5955) (#6035)
Tip revision: 942cc04
| File | Mode | Size |
|---|---|---|
| VS9.0 | ||
| bdist_wininst | ||
| icons | ||
| WinMain.c | -rw-r--r-- | 449 bytes |
| _msi.c | -rw-r--r-- | 31.0 KB |
| config.c | -rw-r--r-- | 5.0 KB |
| dl_nt.c | -rw-r--r-- | 4.3 KB |
| dllbase_nt.txt | -rw-r--r-- | 3.5 KB |
| empty.c | -rw-r--r-- | 137 bytes |
| errmap.h | -rw-r--r-- | 2.1 KB |
| errmap.mak | -rw-r--r-- | 95 bytes |
| frozen_dllmain.c | -rw-r--r-- | 3.9 KB |
| generrmap.c | -rw-r--r-- | 849 bytes |
| getpathp.c | -rw-r--r-- | 24.5 KB |
| icons.mak | -rw-r--r-- | 213 bytes |
| icons.rc | -rw-r--r-- | 59 bytes |
| launcher.c | -rw-r--r-- | 47.9 KB |
| launcher.ico | -rw-r--r-- | 19.3 KB |
| make_versioninfo.c | -rw-r--r-- | 1.2 KB |
| msvcrtmodule.c | -rw-r--r-- | 14.0 KB |
| py.ico | -rw-r--r-- | 19.3 KB |
| pyc.ico | -rw-r--r-- | 19.3 KB |
| pycon.ico | -rw-r--r-- | 19.3 KB |
| pyconfig.h | -rw-r--r-- | 20.6 KB |
| pylauncher.rc | -rw-r--r-- | 1.3 KB |
| python3.def | -rw-r--r-- | 35.0 KB |
| python3.mak | -rw-r--r-- | 611 bytes |
| python34gen.py | -rw-r--r-- | 663 bytes |
| python34stub.def | -rw-r--r-- | 13.4 KB |
| python3dll.c | -rw-r--r-- | 134 bytes |
| python_exe.rc | -rw-r--r-- | 49 bytes |
| python_nt.rc | -rw-r--r-- | 1.8 KB |
| readme.txt | -rw-r--r-- | 3.8 KB |
| testpy.py | -rw-r--r-- | 836 bytes |
| winreg.c | -rw-r--r-- | 59.7 KB |
| winsound.c | -rw-r--r-- | 5.5 KB |
Computing file changes ...
