git.ipfire.org Git - thirdparty/Python/cpython.git/commit

[3.11] gh-119452: Fix a potential virtual memory allocation denial of service in http.server (GH-142216) (#142298)

[3.14] gh-119452: Fix a potential virtual memory allocation denial of service in http.server (GH-142216)

The CGI server on Windows could consume the amount of memory specified
in the Content-Length header of the request even if the client does not
send such much data. Now it reads the POST request body by chunks,
therefore the memory consumption is proportional to the amount of sent
data.
(cherry picked from commit 0e4f4f1a4633f2d215fb5a803cae278aeea31845)

Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>

author	Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com>
	Sun, 25 Jan 2026 17:10:45 +0000 (18:10 +0100)
committer	GitHub <noreply@github.com>
	Sun, 25 Jan 2026 17:10:45 +0000 (17:10 +0000)
commit	fa1aae0e3430930acba1fe3e13eb31ff150ec896
tree	f8d7a6d3d43b0c343cda69555bb99ef08bedb7f1	tree \| snapshot
parent	e9970f077240c7c670e8a6fc6662f2b30d3b6ad0	commit \| diff

Lib/http/server.py		diff \| blob \| blame \| history
Lib/test/test_httpservers.py		diff \| blob \| blame \| history
Misc/NEWS.d/next/Security/2024-05-23-11-44-41.gh-issue-119452.PRfsSv.rst	[new file with mode: 0644]	blob