git.ipfire.org Git - thirdparty/Python/cpython.git/commit

author	Serhiy Storchaka <storchaka@gmail.com>
	Tue, 10 Nov 2020 19:54:15 +0000 (21:54 +0200)
committer	GitHub <noreply@github.com>
	Tue, 10 Nov 2020 19:54:15 +0000 (14:54 -0500)
commit	225e3659556616ad70186e7efc02baeebfeb5ec4
tree	5e3caa9f0fe900f6dd9a9b72a7869264aa77238f	tree \| snapshot
parent	dd2804790dfa116d20e37bc6b4463c07586da76c	commit \| diff

[3.7] bpo-42103: Improve validation of Plist files. (GH-22882) (#23117)

* Prevent some possible DoS attacks via providing invalid Plist files
with extremely large number of objects or collection sizes.
* Raise InvalidFileException for too large bytes and string size instead of returning garbage.
* Raise InvalidFileException instead of ValueError for specific invalid datetime (NaN).
* Raise InvalidFileException instead of TypeError for non-hashable dict keys.
* Add more tests for invalid Plist files..
(cherry picked from commit 34637a0ce21e7261b952fbd9d006474cc29b681f)

Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>

Lib/plistlib.py		diff \| blob \| blame \| history
Lib/test/test_plistlib.py		diff \| blob \| blame \| history
Misc/NEWS.d/next/Library/2020-10-23-19-20-14.bpo-42103.C5obK2.rst	[new file with mode: 0644]	blob
Misc/NEWS.d/next/Security/2020-10-23-19-19-30.bpo-42103.cILT66.rst	[new file with mode: 0644]	blob