]> git.ipfire.org Git - thirdparty/Python/cpython.git/commit
projects / thirdparty / Python / cpython.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 1e96de9) | patch
[3.8] bpo-42103: Improve validation of Plist files. (GH-22882) (GH-23116)
authorSerhiy Storchaka <storchaka@gmail.com>
Tue, 3 Nov 2020 07:32:15 +0000 (09:32 +0200)
committerGitHub <noreply@github.com>
Tue, 3 Nov 2020 07:32:15 +0000 (09:32 +0200)
commit547d2bcc55e348043b2f338027c1acd9549ada76
tree04713e0abf554f0c427d4ffb5c4a23911e7f5863tree | snapshot
parent1e96de9ed4b1ca96d345b7e309a8fe3802638f4acommit | diff
[3.8] bpo-42103: Improve validation of Plist files. (GH-22882) (GH-23116)

* Prevent some possible DoS attacks via providing invalid Plist files
  with extremely large number of objects or collection sizes.
* Raise InvalidFileException for too large bytes and string size instead of returning garbage.
* Raise InvalidFileException instead of ValueError for specific invalid datetime (NaN).
* Raise InvalidFileException instead of TypeError for non-hashable dict keys.
* Add more tests for invalid Plist files.

(cherry picked from commit 34637a0ce21e7261b952fbd9d006474cc29b681f)
Lib/plistlib.py diff | blob | blame | history
Lib/test/test_plistlib.py diff | blob | blame | history
Misc/NEWS.d/next/Library/2020-10-23-19-20-14.bpo-42103.C5obK2.rst [new file with mode: 0644] blob
Misc/NEWS.d/next/Security/2020-10-23-19-19-30.bpo-42103.cILT66.rst [new file with mode: 0644] blob
Mirror of https://github.com/python/cpython.git