]> git.ipfire.org Git - thirdparty/Python/cpython.git/commit
projects / thirdparty / Python / cpython.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 723e21a) | patch
bpo-42103: Improve validation of Plist files. (GH-22882)
authorMiss Skeleton (bot) <31488909+miss-islington@users.noreply.github.com>
Mon, 2 Nov 2020 21:34:46 +0000 (13:34 -0800)
committerGitHub <noreply@github.com>
Mon, 2 Nov 2020 21:34:46 +0000 (13:34 -0800)
commite277cb76989958fdbc092bf0b2cb55c43e86610a
tree8d698547371d7b995e7200ff469fb8411891fd2ctree | snapshot
parent723e21a8e79815ae77474d1f21b9847b9c9bdbebcommit | diff
bpo-42103: Improve validation of Plist files. (GH-22882)

* Prevent some possible DoS attacks via providing invalid Plist files
  with extremely large number of objects or collection sizes.
* Raise InvalidFileException for too large bytes and string size instead of returning garbage.
* Raise InvalidFileException instead of ValueError for specific invalid datetime (NaN).
* Raise InvalidFileException instead of TypeError for non-hashable dict keys.
* Add more tests for invalid Plist files.
(cherry picked from commit 34637a0ce21e7261b952fbd9d006474cc29b681f)

Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
Lib/plistlib.py diff | blob | blame | history
Lib/test/test_plistlib.py diff | blob | blame | history
Misc/NEWS.d/next/Library/2020-10-23-19-20-14.bpo-42103.C5obK2.rst [new file with mode: 0644] blob
Misc/NEWS.d/next/Security/2020-10-23-19-19-30.bpo-42103.cILT66.rst [new file with mode: 0644] blob
Mirror of https://github.com/python/cpython.git