summaryrefslogtreecommitdiffstats
path: root/Python/clinic/sysmodule.c.h
Commit message (Collapse)AuthorAgeFilesLines
* [3.7] gh-95778: CVE-2020-10735: Prevent DoS by very large int() (GH-96504)Gregory P. Smith2022-09-061-1/+49
| | | | | | | | | | | | | | | | Converting between `int` and `str` in bases other than 2 (binary), 4, 8 (octal), 16 (hexadecimal), or 32 such as base 10 (decimal) now raises a `ValueError` if the number of digits in string form is above a limit to avoid potential denial of service attacks due to the algorithmic complexity. This is a mitigation for CVE-2020-10735 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10735). This new limit can be configured or disabled by environment variable, command line flag, or :mod:`sys` APIs. See the `Integer String Conversion Length Limitation` documentation. The default limit is 4300 digits in string form. Patch by Gregory P. Smith [Google] and Christian Heimes [Red Hat] with feedback from Victor Stinner, Thomas Wouters, Steve Dower, Ned Deily, and Mark Dickinson.
* bpo-32591: Add native coroutine origin tracking (#5250)Nathaniel J. Smith2018-01-211-0/+66
* Add coro.cr_origin and sys.set_coroutine_origin_tracking_depth * Use coroutine origin information in the unawaited coroutine warning * Stop using set_coroutine_wrapper in asyncio debug mode * In BaseEventLoop.set_debug, enable debugging in the correct thread
generated by cgit v0.12 at 2026-01-01 14:50:42 (GMT)