diff options
| author | Gregory P. Smith <gps@google.com> | 2022-09-02 16:35:08 (GMT) |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-09-02 16:35:08 (GMT) |
| commit | 511ca9452033ef95bc7d7fc404b8161068226002 (patch) | |
| tree | cefd49e0c9c75f912fa28d05eae15335273aaa8e /Doc/library/json.rst | |
| parent | 656167db81a53934da55d90ed431449d8a4fc14b (diff) | |
| download | cpython-511ca9452033ef95bc7d7fc404b8161068226002.zip cpython-511ca9452033ef95bc7d7fc404b8161068226002.tar.gz cpython-511ca9452033ef95bc7d7fc404b8161068226002.tar.bz2 | |
gh-95778: CVE-2020-10735: Prevent DoS by very large int() (#96499)
Integer to and from text conversions via CPython's bignum `int` type is not safe against denial of service attacks due to malicious input. Very large input strings with hundred thousands of digits can consume several CPU seconds.
This PR comes fresh from a pile of work done in our private PSRT security response team repo.
Signed-off-by: Christian Heimes [Red Hat] <christian@python.org>
Tons-of-polishing-up-by: Gregory P. Smith [Google] <greg@krypto.org>
Reviews via the private PSRT repo via many others (see the NEWS entry in the PR).
<!-- gh-issue-number: gh-95778 -->
* Issue: gh-95778
<!-- /gh-issue-number -->
I wrote up [a one pager for the release managers](https://docs.google.com/document/d/1KjuF_aXlzPUxTK4BMgezGJ2Pn7uevfX7g0_mvgHlL7Y/edit#). Much of that text wound up in the Issue. Backports PRs already exist. See the issue for links.
Diffstat (limited to 'Doc/library/json.rst')
| -rw-r--r-- | Doc/library/json.rst | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/Doc/library/json.rst b/Doc/library/json.rst index 467d5d9..d05d62e 100644 --- a/Doc/library/json.rst +++ b/Doc/library/json.rst @@ -23,6 +23,11 @@ is a lightweight data interchange format inspired by `JavaScript <https://en.wikipedia.org/wiki/JavaScript>`_ object literal syntax (although it is not a strict subset of JavaScript [#rfc-errata]_ ). +.. warning:: + Be cautious when parsing JSON data from untrusted sources. A malicious + JSON string may cause the decoder to consume considerable CPU and memory + resources. Limiting the size of data to be parsed is recommended. + :mod:`json` exposes an API familiar to users of the standard library :mod:`marshal` and :mod:`pickle` modules. @@ -253,6 +258,12 @@ Basic Usage be used to use another datatype or parser for JSON integers (e.g. :class:`float`). + .. versionchanged:: 3.12 + The default *parse_int* of :func:`int` now limits the maximum length of + the integer string via the interpreter's :ref:`integer string + conversion length limitation <int_max_str_digits>` to help avoid denial + of service attacks. + *parse_constant*, if specified, will be called with one of the following strings: ``'-Infinity'``, ``'Infinity'``, ``'NaN'``. This can be used to raise an exception if invalid JSON numbers |