git.ipfire.org Git - thirdparty/Python/cpython.git/commit

[3.10] gh-119452: Fix a potential virtual memory allocation denial of service in http.server (GH-142216) (#142299)

[3.14] gh-119452: Fix a potential virtual memory allocation denial of service in http.server (GH-142216)

The CGI server on Windows could consume the amount of memory specified
in the Content-Length header of the request even if the client does not
send such much data. Now it reads the POST request body by chunks,
therefore the memory consumption is proportional to the amount of sent
data.
(cherry picked from commit 0e4f4f1a4633f2d215fb5a803cae278aeea31845)

Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>

author	Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com>
	Sun, 25 Jan 2026 17:10:42 +0000 (18:10 +0100)
committer	GitHub <noreply@github.com>
	Sun, 25 Jan 2026 17:10:42 +0000 (17:10 +0000)
commit	f2088a567e8b137581e00cd18c8d6b79973ab150
tree	b2fa90b359656d955c9661cdf16b94302134f531	tree \| snapshot
parent	8cdf6204f4ae821f32993f8fc6bad0d318f95f36	commit \| diff

Lib/http/server.py		diff \| blob \| blame \| history
Lib/test/test_httpservers.py		diff \| blob \| blame \| history
Misc/NEWS.d/next/Security/2024-05-23-11-44-41.gh-issue-119452.PRfsSv.rst	[new file with mode: 0644]	blob