Skip to content

[3.9] gh-95778: CVE-2020-10735: Prevent DoS by very large int() #96502

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 15 commits into from
Sep 5, 2022
Merged

[3.9] gh-95778: CVE-2020-10735: Prevent DoS by very large int() #96502

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
15 commits
Select commit Hold shift + click to select a range
576d772
Backport to 3.9 of psrt/CVE-2020-10735-3.10backport.
gpshead Aug 19, 2022
e5cd3fc
Fix versionadded/versionchanged.
gpshead Aug 21, 2022
9a3cd05
headers += Include/internal/pycore_long.h
gpshead Aug 21, 2022
c190dc9
Update attribution in Misc/NEWS.d
gpshead Aug 25, 2022
a7213dd
Manually add new field to abi file
tiran Sep 1, 2022
2384ef4
Move the whatsnew text per review.
gpshead Sep 1, 2022
fcb123b
Merge branch 'CVE-2020-10735-3.9backport' of github.com:python/psrt i…
gpshead Sep 1, 2022
1378bde
Make the doctest actually run & fix it.
gpshead Sep 1, 2022
e51a8e2
Fix the docs build.
gpshead Sep 2, 2022
3e7eb9c
Rename the news file to appease the Bedevere bot.
gpshead Sep 2, 2022
5c64ec6
hexadecimal spelling =)
gpshead Sep 2, 2022
a37041f
doc typo: limitation
gpshead Sep 4, 2022
b4957d8
Misc: Fix a typo in the header comment.
gpshead Sep 4, 2022
0515141
remove unneeded doc note on float.as_integer_ratio
gpshead Sep 4, 2022
a1247fd
gh-95778: Correctly pre-check for int-to-str conversion (#96537)
mdickinson Sep 4, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Make the doctest actually run & fix it.
  • Loading branch information
@gpshead
gpshead committed Sep 1, 2022
commit 1378bdeb8a41dafe35c227fa84fbc1a5616faf7c
4 changes: 3 additions & 1 deletion Doc/library/stdtypes.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5277,6 +5277,8 @@ and the sign are not counted towards the limit.

When an operation would exceed the limit, a :exc:`ValueError` is raised::

.. doctest::

>>> import sys
>>> sys.set_int_max_str_digits(4300) # Illustrative, this is the default.
>>> _ = int('2' * 5432)
Expand All @@ -5293,7 +5295,7 @@ When an operation would exceed the limit, a :exc:`ValueError` is raised::
ValueError: Exceeds the limit (4300) for integer string conversion: value has 8599 digits.
>>> len(hex(i_squared))
7144
>>> assert int(hex(i_squared), base=16) == i # Hexidecimal is unlimited.
>>> assert int(hex(i_squared), base=16) == i*i # Hexidecimal is unlimited.

The default limit is 4300 digits as provided in
:data:`sys.int_info.default_max_str_digits <sys.int_info>`.
Expand Down
4 changes: 2 additions & 2 deletions Misc/NEWS.d/next/Security/2022-08-07-16-53.gh-issue-95778.ch010gps.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,5 +10,5 @@ line flag, or :mod:`sys` APIs. See the :ref:`integer string conversion length
limitation <int_max_str_digits>` documentation. The default limit is 4300
digits in string form.

Patch by Gregory P. Smith [Google] and Christian Heimes [Red Hat] with feedback from
Victor Stinner, Thomas Wouters, and Steve Dower.
Patch by Gregory P. Smith [Google] and Christian Heimes [Red Hat] with feedback
from Victor Stinner, Thomas Wouters, Steve Dower, and Ned Deily.