cpython: 6fa0ebfdc136 (original) (raw)
Mercurial > cpython
changeset 102635:6fa0ebfdc136 2.7
fix possible overflow in encode_basestring_ascii (#23369) [#23369]
| Benjamin Peterson benjamin@python.org | |
|---|---|
| date | Sat, 13 Aug 2016 16:47:25 -0700 |
| parents | b1e4c8a3e786 |
| children | fdae903db33a |
| files | Misc/NEWS Modules/_json.c |
| diffstat | 2 files changed, 7 insertions(+), 0 deletions(-)[+] [-] Misc/NEWS 3 Modules/_json.c 4 |
line wrap: on
line diff
--- a/Misc/NEWS +++ b/Misc/NEWS @@ -29,6 +29,9 @@ Core and Builtins Library ------- +- Issue #23369: Fixed possible integer overflow in
- Issue #27568: Prevent HTTPoxy attack (CVE-2016-1000110). Ignore the HTTP_PROXY variable when REQUEST_METHOD environment is set, which indicates that the script is in CGI mode.
--- a/Modules/_json.c +++ b/Modules/_json.c @@ -211,6 +211,10 @@ ascii_escape_unicode(PyObject pystr) input_unicode = PyUnicode_AS_UNICODE(pystr); / One char input can be up to 6 chars output, estimate 4 of these */
- if (input_chars > (PY_SSIZE_T_MAX - 2)/ MAX_EXPANSION) {
PyErr_SetString(PyExc_OverflowError, "string is too long to escape");[](#l2.8)return NULL;[](#l2.9)- } output_size = 2 + (MIN_EXPANSION * 4) + input_chars; max_output_size = 2 + (input_chars * MAX_EXPANSION); rval = PyString_FromStringAndSize(NULL, output_size);