From: Gregory P. Smith Date: Wed, 14 Mar 2012 21:41:00 +0000 (-0700) Subject: Fixes Issue #14234: CVE-2012-0876: Randomize hashes of xml attributes X-Git-Tag: v3.3.0a2~192^2 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=373c7409245bb22da1e6e45ba1cb3818904c51a9;p=thirdparty%2FPython%2Fcpython.git Fixes Issue #14234: CVE-2012-0876: Randomize hashes of xml attributes in the hash table internal to the pyexpat module's copy of the expat library to avoid a denial of service due to hash collisions. Patch by David Malcolm with some modifications by the expat project. --- 373c7409245bb22da1e6e45ba1cb3818904c51a9 diff --cc Misc/NEWS index 6d6268c4c8c1,88ef91ead0af..1b4e09fceaea --- a/Misc/NEWS +++ b/Misc/NEWS @@@ -65,14 -48,12 +65,27 @@@ Librar Extension Modules ----------------- -- Issue #12221: Replace pyexpat.__version__ with the Python version. +- Issue #14212: The re module didn't retain a reference to buffers it was + scanning, resulting in segfaults. + + ++What's New in Python 3.2.3 release candidate 2? ++=============================================== ++ ++*Release date: XX-Mar-2012* ++ ++Library ++------- ++ ++- Issue #14234: CVE-2012-0876: Randomize hashes of xml attributes in the hash ++ table internal to the pyexpat module's copy of the expat library to avoid a ++ denial of service due to hash collisions. Patch by David Malcolm with some ++ modifications by the expat project. + -What's New in Python 3.1.4 release candidate 1? +What's New in Python 3.2.3 release candidate 1? =============================================== - *Release date: 24-Feb-2011* -*Release date: 2011-05-29* ++*Release date: 24-Feb-2012* Core and Builtins ----------------- diff --cc Modules/pyexpat.c index 849423f96bde,3ff56f4166ff..c1142de54dc1 --- a/Modules/pyexpat.c +++ b/Modules/pyexpat.c @@@ -1150,9 -1245,15 +1150,11 @@@ newxmlparseobject(char *encoding, char else { self->itself = XML_ParserCreate(encoding); } + XML_SetHashSalt(self->itself, + (unsigned long)_Py_HashSecret.prefix); self->intern = intern; Py_XINCREF(self->intern); -#ifdef Py_TPFLAGS_HAVE_GC PyObject_GC_Track(self); -#else - PyObject_GC_Init(self); -#endif if (self->itself == NULL) { PyErr_SetString(PyExc_RuntimeError, "XML_ParserCreate failed");