]> git.ipfire.org Git - thirdparty/Python/cpython.git/commit
projects / thirdparty / Python / cpython.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: e7d2f62) | patch
[3.13] gh-119451: Fix a potential denial of service in http.client (GH-119454) (...
authorMiss Islington (bot) <31488909+miss-islington@users.noreply.github.com>
Fri, 5 Dec 2025 15:21:57 +0000 (16:21 +0100)
committerGitHub <noreply@github.com>
Fri, 5 Dec 2025 15:21:57 +0000 (16:21 +0100)
commit289f29b0fe38baf2d7cb5854f4bb573cc34a6a15
tree08323e2ab6880257fedda960bf8effcc063fbcc0tree | snapshot
parente7d2f62bb3ab89e066db6f0ab1d2a13f0d6a88becommit | diff
[3.13] gh-119451: Fix a potential denial of service in http.client (GH-119454) (#142139)

gh-119451: Fix a potential denial of service in http.client (GH-119454)

Reading the whole body of the HTTP response could cause OOM if
the Content-Length value is too large even if the server does not send
a large amount of data. Now the HTTP client reads large data by chunks,
therefore the amount of consumed memory is proportional to the amount
of sent data.
(cherry picked from commit 5a4c4a033a4a54481be6870aa1896fad732555b5)

Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
Lib/http/client.py diff | blob | blame | history
Lib/test/test_httplib.py diff | blob | blame | history
Misc/NEWS.d/next/Security/2024-05-23-11-47-48.gh-issue-119451.qkJe9-.rst [new file with mode: 0644] blob
Mirror of https://github.com/python/cpython.git