git.ipfire.org Git - thirdparty/Python/cpython.git/commit

[3.10] gh-119451: Fix a potential denial of service in http.client (GH-119454) (#142142)

gh-119451: Fix a potential denial of service in http.client (GH-119454)

Reading the whole body of the HTTP response could cause OOM if
the Content-Length value is too large even if the server does not send
a large amount of data. Now the HTTP client reads large data by chunks,
therefore the amount of consumed memory is proportional to the amount
of sent data.
(cherry picked from commit 5a4c4a033a4a54481be6870aa1896fad732555b5)

Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>

author	Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com>
	Sun, 25 Jan 2026 17:10:57 +0000 (18:10 +0100)
committer	GitHub <noreply@github.com>
	Sun, 25 Jan 2026 17:10:57 +0000 (17:10 +0000)
commit	5dc101675fd22918facbbe0fecdc821502beaaf0
tree	13ced57b77aa11ab27467c81fc61e1a07a23a3ca	tree \| snapshot
parent	c97e87593063d84a2bd9fe7068b30eb44de23dc0	commit \| diff

Lib/http/client.py		diff \| blob \| blame \| history
Lib/test/test_httplib.py		diff \| blob \| blame \| history
Misc/NEWS.d/next/Security/2024-05-23-11-47-48.gh-issue-119451.qkJe9-.rst	[new file with mode: 0644]	blob