| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Correctly pre-check for int-to-str conversion
Converting a large enough `int` to a decimal string raises `ValueError` as expected. However, the raise comes _after_ the quadratic-time base-conversion algorithm has run to completion. For effective DOS prevention, we need some kind of check before entering the quadratic-time loop. Oops! =)
The quick fix: essentially we catch _most_ values that exceed the threshold up front. Those that slip through will still be on the small side (read: sufficiently fast), and will get caught by the existing check so that the limit remains exact.
The justification for the current check. The C code check is:
```c
max_str_digits / (3 * PyLong_SHIFT) <= (size_a - 11) / 10
```
In GitHub markdown math-speak, writing $M$ for `max_str_digits`, $L$ for `PyLong_SHIFT` and $s$ for `size_a`, that check is:
$$\left\lfloor\frac{M}{3L}\right\rfloor \le \left\lfloor\frac{s - 11}{10}\right\rfloor$$
From this it follows that
$$\frac{M}{3L} < \frac{s-1}{10}$$
hence that
$$\frac{L(s-1)}{M} > \frac{10}{3} > \log_2(10).$$
So
$$2^{L(s-1)} > 10^M.$$
But our input integer $a$ satisfies $|a| \ge 2^{L(s-1)}$, so $|a|$ is larger than $10^M$. This shows that we don't accidentally capture anything _below_ the intended limit in the check.
<!-- gh-issue-number: gh-95778 -->
* Issue: gh-95778
<!-- /gh-issue-number -->
Co-authored-by: Gregory P. Smith [Google LLC] <greg@krypto.org>
Co-authored-by: Christian Heimes <christian@python.org>
Co-authored-by: Mark Dickinson <dickinsm@gmail.com>
|
| |
|
| |
Disallow control chars in http URLs in urllib.urlopen. This addresses a potential security problem for applications that do not sanity check their URLs where http request headers could be injected.
|
| | |
|
| |
|
| |
Allow to add HTTP headers to XML-RPC requests sent to the server.
|
| | |
|
| |
|
| |
It depended on a global variable set by other tests.
|
| |
|
|
|
|
| |
* Trivial cleanups following bpo-31370
* Also cleanup the "importlib._bootstrap_external" module
|
| |
|
|
| |
Call thread.join() on threads to prevent the "dangling threads"
warning.
|
| |
|
|
|
|
| |
* Remove Setup.config
* Always define WITH_THREAD for compatibility.
|
| |
|
|
|
|
|
|
| |
One test case of test_xmlrpc uses HTTPServer with a subclass of
BaseHTTPRequestHandler. The BaseRequestHandler class logs to
sys.stderr by default. Override log_message() to not clobber
test output.
Signed-off-by: Christian Heimes <christian@python.org>
|
| | |
|
| |
|
|
| |
(or any other exception) to exception(s) raised in the dispatched methods.
Patch by Petr Motejlek.
|
| |
|
|
| |
as decorator (GH-231)
|
| |
|
|
| |
by Apache XML-RPC implementation for numerics and None.
|
| |
|
|
|
|
|
| |
And most of the tools.
Patch by Emanual Barry, reviewed by me, Serhiy Storchaka, and
Martin Panter.
|
| | |
|
| | |
|
| |\
| |
| |
| | |
instead of silently return incorrect result.
|
| | |
| |
| |
| | |
instead of silently return incorrect result.
|
| | | |
|
| |/ |
|
| |
|
|
|
| |
This is a regression introduced in 3.5 by revision eba80326ba53. Fix by Jelte
Fennema, test case by me.
|
| |
|
|
| |
non-UTF-8 encoding.
|
| | |
|
| |\ |
|
| | | |
|
| | | |
|
| |\ \
| |/ |
|
| | |\ |
|
| | | |\ |
|
| | | | |
| | | |
| | | |
| | | | |
(closes #16043)
|
| |\ \ \ \
| |/ / / |
|
| | | | | |
|
| | | | |
| | | |
| | | |
| | | | |
when contain an id in form " at 0x...".
|
| |/ / /
| | |
| | |
| | | |
Patch by Claudiu Popa.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
time.xmlrpc.com has come and gone over the years, and has been gone again for
a while. The test did test one thing that the current xmlrpc tests don't: the
use of multiple levels of attribute names in the call. So in addition to
removing the network test, we add a test in xmlrpc of dotted name access.
There should also be a test for when dotted name access is disallowed, but
that requires more extensive test harness refactoring, and in any case was not
tested by the network test we are deleting, since it is a server-side setting.
This is a slightly simplified version of a patch by Vajrasky Kok.
|
| |\ \ \
| |/ / |
|
| | | | |
|
| | | | |
|
| | | |
| | |
| | |
| | | |
reaped in all situations.
|
| | | |
| | |
| | |
| | | |
unittest.main().
|
| |/ / |
|
| | | |
|
| |\ \
| |/
| |
| | |
upon malformed POST request.
|
| | |\
| | |
| | |
| | | |
upon malformed POST request.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
svn+ssh://pythondev@svn.python.org/python/branches/py3k
........
r86596 | ezio.melotti | 2010-11-20 21:04:17 +0200 (Sat, 20 Nov 2010) | 1 line
#9424: Replace deprecated assert* methods in the Python test suite.
........
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
svn+ssh://pythondev@svn.python.org/python/branches/py3k
........
r86533 | antoine.pitrou | 2010-11-19 21:07:52 +0100 (ven., 19 nov. 2010) | 3 lines
Fix test_ssl_presence when ssl is not present
........
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
svn+ssh://pythondev@svn.python.org/python/branches/py3k
........
r86523 | senthil.kumaran | 2010-11-19 01:08:48 +0800 (Fri, 19 Nov 2010) | 3 lines
Code Changes as per review comments by Antoine Pitrou.
........
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
svn+ssh://pythondev@svn.python.org/python/branches/py3k
........
r86514 | senthil.kumaran | 2010-11-18 23:00:53 +0800 (Thu, 18 Nov 2010) | 3 lines
Fix Issue 9991: xmlrpc client ssl check faulty
........
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
svn+ssh://svn.python.org/python/branches/py3k
........
r73715 | benjamin.peterson | 2009-07-01 01:06:06 +0200 (Mi, 01 Jul 2009) | 1 line
convert old fail* assertions to assert*
........
|
