]> git.ipfire.org Git - thirdparty/Python/cpython.git/commit
projects / thirdparty / Python / cpython.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 69fbef0) | patch
[3.13] gh-119452: Fix a potential virtual memory allocation denial of service in...
authorMiss Islington (bot) <31488909+miss-islington@users.noreply.github.com>
Mon, 1 Dec 2025 14:22:10 +0000 (15:22 +0100)
committerGitHub <noreply@github.com>
Mon, 1 Dec 2025 14:22:10 +0000 (14:22 +0000)
commit6c922bbe28f2cd901ffa749240f96449287771a6
tree6ae2ca62264bd4f141d6e9cc87b5d5ac404381a1tree | snapshot
parent69fbef0d60ef6f3ba8735c635c9767c526fd85c3commit | diff
[3.13] gh-119452: Fix a potential virtual memory allocation denial of service in http.server (GH-119455) (GH-142130)

The CGI server on Windows could consume the amount of memory specified
in the Content-Length header of the request even if the client does not
send such much data. Now it reads the POST request body by chunks,
so that the memory consumption is proportional to the amount of sent
data.
(cherry picked from commit 29c657a1f231c0908796e0c9ff6967e15ab20d9b)

Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
Lib/http/server.py diff | blob | blame | history
Lib/test/test_httpservers.py diff | blob | blame | history
Misc/NEWS.d/next/Security/2024-05-23-11-44-41.gh-issue-119452.PRfsSv.rst [new file with mode: 0644] blob
Mirror of https://github.com/python/cpython.git