]> git.ipfire.org Git - thirdparty/tornado.git/commit
projects / thirdparty / tornado.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: ed47b43) | patch
httputil: Fix quadratic behavior in _parseparam
authorBen Darnell <ben@bendarnell.com>
Wed, 10 Dec 2025 15:55:02 +0000 (10:55 -0500)
committerBen Darnell <ben@bendarnell.com>
Wed, 10 Dec 2025 20:57:36 +0000 (15:57 -0500)
commit771472cfdaeebc0d89a9cc46e249f8891a6b29cd
tree632c8e00de922a80ca36671fef41a2d7265b3982tree | snapshot
parented47b431a5ec38aa61f504148afae2cb8f981332commit | diff
httputil: Fix quadratic behavior in _parseparam

Prior to this change, _parseparam had O(n^2) behavior when parsing
certain inputs, which could be a DoS vector. This change adapts
logic from the equivalent function in the python standard library
in https://github.com/python/cpython/pull/136072/files
tornado/httputil.py diff | blob | blame | history
tornado/test/httputil_test.py diff | blob | blame | history
Mirror of https://github.com/tornadoweb/tornado.git