]> git.ipfire.org Git - thirdparty/Python/cpython.git/commit
projects / thirdparty / Python / cpython.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 0aab07c) | patch
gh-90949: add Expat API to prevent XML deadly allocations (CVE-2025-59375) (#139234)
authorBénédikt Tran <10796600+picnixz@users.noreply.github.com>
Fri, 26 Sep 2025 14:13:56 +0000 (16:13 +0200)
committerGitHub <noreply@github.com>
Fri, 26 Sep 2025 14:13:56 +0000 (14:13 +0000)
commitf04bea44c37793561d753dd4ca6e7cd658137553
tree8acbb0a5e4f551bc29a7ac9e330fc49cd09c702ftree | snapshot
parent0aab07ccf79f335e3afa8021ddcbcfb8afa4d70ccommit | diff
gh-90949: add Expat API to prevent XML deadly allocations (CVE-2025-59375) (#139234)

Expose the XML Expat 2.7.2 mitigation APIs to disallow use of
disproportional amounts of dynamic memory from within an Expat
parser (see CVE-2025-59375 for instance).

The exposed APIs are available on Expat parsers, that is,
parsers created by `xml.parsers.expat.ParserCreate()`, as:

- `parser.SetAllocTrackerActivationThreshold(threshold)`, and
- `parser.SetAllocTrackerMaximumAmplification(max_factor)`.
Doc/library/pyexpat.rst diff | blob | blame | history
Doc/whatsnew/3.15.rst diff | blob | blame | history
Include/pyexpat.h diff | blob | blame | history
Lib/test/test_pyexpat.py diff | blob | blame | history
Misc/NEWS.d/next/Library/2025-09-22-14-40-11.gh-issue-90949.UM35nb.rst [new file with mode: 0644] blob
Modules/clinic/pyexpat.c.h diff | blob | blame | history
Modules/expat/pyexpatns.h diff | blob | blame | history
Modules/pyexpat.c diff | blob | blame | history
Mirror of https://github.com/python/cpython.git