git.ipfire.org Git - thirdparty/Python/cpython.git/commit

[3.13] gh-119452: Fix a potential virtual memory allocation denial of service in http.server (GH-142216) (#142296)

[3.14] gh-119452: Fix a potential virtual memory allocation denial of service in http.server (GH-142216)

The CGI server on Windows could consume the amount of memory specified
in the Content-Length header of the request even if the client does not
send such much data. Now it reads the POST request body by chunks,
therefore the memory consumption is proportional to the amount of sent
data.
(cherry picked from commit 0e4f4f1a4633f2d215fb5a803cae278aeea31845)

Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
Co-authored-by: Hugo van Kemenade <1324225+hugovk@users.noreply.github.com>

author	Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com>
	Fri, 5 Dec 2025 15:37:09 +0000 (16:37 +0100)
committer	GitHub <noreply@github.com>
	Fri, 5 Dec 2025 15:37:09 +0000 (15:37 +0000)
commit	9303573c74256de141831229cfa046b00e37e2c8
tree	7c1155a49fe46017942a075518c868a0509c1eb6	tree \| snapshot
parent	ddcd2acd85d891a53e281c773b3093f9db953964	commit \| diff

Lib/http/server.py		diff \| blob \| blame \| history
Lib/test/test_httpservers.py		diff \| blob \| blame \| history
Misc/NEWS.d/next/Security/2024-05-23-11-44-41.gh-issue-119452.PRfsSv.rst	[new file with mode: 0644]	blob