]> git.ipfire.org Git - thirdparty/Python/cpython.git/commit
projects / thirdparty / Python / cpython.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: a75c4c9) | patch
[3.6] bpo-42103: Improve validation of Plist files. (GH-22882) (GH-23118)
authorSerhiy Storchaka <storchaka@gmail.com>
Tue, 10 Nov 2020 19:57:32 +0000 (21:57 +0200)
committerGitHub <noreply@github.com>
Tue, 10 Nov 2020 19:57:32 +0000 (14:57 -0500)
commita63234c49b2fbfb6f0aca32525e525ce3d43b2b4
tree3b068f72046f5495a8372e4edaf3769372bf2472tree | snapshot
parenta75c4c924de102e48faef5538eade764289915abcommit | diff
[3.6] bpo-42103: Improve validation of Plist files. (GH-22882) (GH-23118)

* Prevent some possible DoS attacks via providing invalid Plist files
  with extremely large number of objects or collection sizes.
* Raise InvalidFileException for too large bytes and string size instead of returning garbage.
* Raise InvalidFileException instead of ValueError for specific invalid datetime (NaN).
* Raise InvalidFileException instead of TypeError for non-hashable dict keys.
* Add more tests for invalid Plist files..
(cherry picked from commit 34637a0ce21e7261b952fbd9d006474cc29b681f)

Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
Lib/plistlib.py diff | blob | blame | history
Lib/test/test_plistlib.py diff | blob | blame | history
Misc/NEWS.d/next/Library/2020-10-23-19-20-14.bpo-42103.C5obK2.rst [new file with mode: 0644] blob
Misc/NEWS.d/next/Security/2020-10-23-19-19-30.bpo-42103.cILT66.rst [new file with mode: 0644] blob
Mirror of https://github.com/python/cpython.git