git.ipfire.org Git - thirdparty/Python/cpython.git/commit

]> git.ipfire.org Git - thirdparty/Python/cpython.git/commit

projects / thirdparty / Python / cpython.git / commit

author	Serhiy Storchaka <storchaka@gmail.com>
	Mon, 1 Dec 2025 12:59:09 +0000 (14:59 +0200)
committer	GitHub <noreply@github.com>
	Mon, 1 Dec 2025 12:59:09 +0000 (12:59 +0000)
commit	29c657a1f231c0908796e0c9ff6967e15ab20d9b
tree	f4e971a1a3a67d5acffa025944835e1128970842	tree \| snapshot
parent	c4054f7aa8aff80f4fed1b6af02c9aec79b14c6f	commit \| diff

[3.14] gh-119452: Fix a potential virtual memory allocation denial of service in http.server (GH-119455)

The CGI server on Windows could consume the amount of memory specified
in the Content-Length header of the request even if the client does not
send such much data. Now it reads the POST request body by chunks,
so that the memory consumption is proportional to the amount of sent
data.

Lib/http/server.py		diff \| blob \| blame \| history
Lib/test/test_httpservers.py		diff \| blob \| blame \| history
Misc/NEWS.d/next/Security/2024-05-23-11-44-41.gh-issue-119452.PRfsSv.rst	[new file with mode: 0644]	blob

Mirror of https://github.com/python/cpython.git

RSS Atom