]> git.ipfire.org Git - thirdparty/Python/cpython.git/commit
projects / thirdparty / Python / cpython.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 5a8b196) | patch
[3.12] gh-119451: Fix a potential denial of service in http.client (GH-119454) (...
authorMiss Islington (bot) <31488909+miss-islington@users.noreply.github.com>
Mon, 22 Dec 2025 13:50:18 +0000 (14:50 +0100)
committerGitHub <noreply@github.com>
Mon, 22 Dec 2025 13:50:18 +0000 (14:50 +0100)
commit14b1fdb0a94b96f86fc7b86671ea9582b8676628
treebffe53bb0b23a6075b78d5969251b82c4eb6fad6tree | snapshot
parent5a8b19677d818fb41ee55f310233772e15aa1a2bcommit | diff
[3.12] gh-119451: Fix a potential denial of service in http.client (GH-119454) (#142140)

gh-119451: Fix a potential denial of service in http.client (GH-119454)

Reading the whole body of the HTTP response could cause OOM if
the Content-Length value is too large even if the server does not send
a large amount of data. Now the HTTP client reads large data by chunks,
therefore the amount of consumed memory is proportional to the amount
of sent data.
(cherry picked from commit 5a4c4a033a4a54481be6870aa1896fad732555b5)

Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
Lib/http/client.py diff | blob | blame | history
Lib/test/test_httplib.py diff | blob | blame | history
Misc/NEWS.d/next/Security/2024-05-23-11-47-48.gh-issue-119451.qkJe9-.rst [new file with mode: 0644] blob
Mirror of https://github.com/python/cpython.git