git.ipfire.org Git - thirdparty/Python/cpython.git/commit

[3.11] gh-119451: Fix a potential denial of service in http.client (GH-119454) (#142141)

gh-119451: Fix a potential denial of service in http.client (GH-119454)

Reading the whole body of the HTTP response could cause OOM if
the Content-Length value is too large even if the server does not send
a large amount of data. Now the HTTP client reads large data by chunks,
therefore the amount of consumed memory is proportional to the amount
of sent data.
(cherry picked from commit 5a4c4a033a4a54481be6870aa1896fad732555b5)

Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>

author	Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com>
	Sun, 25 Jan 2026 17:11:02 +0000 (18:11 +0100)
committer	GitHub <noreply@github.com>
	Sun, 25 Jan 2026 17:11:02 +0000 (17:11 +0000)
commit	afc40bdd3dd71f343fd9016f6d8eebbacbd6587c
tree	988d421061bd2a7747dce1eee5da7b86fd2c9b8b	tree \| snapshot
parent	a46c10ec9d4050ab67b8a932e0859a2ea60c3cb8	commit \| diff

Lib/http/client.py		diff \| blob \| blame \| history
Lib/test/test_httplib.py		diff \| blob \| blame \| history
Misc/NEWS.d/next/Security/2024-05-23-11-47-48.gh-issue-119451.qkJe9-.rst	[new file with mode: 0644]	blob