languages/cpython
languages/cpython
1
0
Fork 0
mirror of https://github.com/python/cpython synced 2024-10-06 13:07:59 +00:00
Code Issues Packages Projects Releases Wiki Activity
cpython/Include
History
Gregory P. Smith 511ca94520
gh-95778: CVE-2020-10735: Prevent DoS by very large int() (#96499) 
Integer to and from text conversions via CPython's bignum `int` type is not safe against denial of service attacks due to malicious input. Very large input strings with hundred thousands of digits can consume several CPU seconds.

This PR comes fresh from a pile of work done in our private PSRT security response team repo.

Signed-off-by: Christian Heimes [Red Hat] <christian@python.org>
Tons-of-polishing-up-by: Gregory P. Smith [Google] <greg@krypto.org>
Reviews via the private PSRT repo via many others (see the NEWS entry in the PR).

<!-- gh-issue-number: gh-95778 -->
* Issue: gh-95778
<!-- /gh-issue-number -->

I wrote up [a one pager for the release managers](https://docs.google.com/document/d/1KjuF_aXlzPUxTK4BMgezGJ2Pn7uevfX7g0_mvgHlL7Y/edit#). Much of that text wound up in the Issue. Backports PRs already exist. See the issue for links.
2022-09-02 09:35:08 -07:00
..
cpython gh-96143: Allow Linux perf profiler to see Python calls (GH-96123) 2022-08-30 10:11:18 -07:00
internal gh-95778: CVE-2020-10735: Prevent DoS by very large int() (#96499) 2022-09-02 09:35:08 -07:00
abstract.h gh-93274: Expose receiving vectorcall in the Limited API (GH-95717) 2022-08-08 14:12:05 +02:00
bltinmodule.h
boolobject.h gh-87347: Add parenthesis around PyXXX_Check() arguments (#92815) 2022-06-16 13:49:43 +02:00
bytearrayobject.h gh-87347: Add parenthesis around PyXXX_Check() arguments (#92815) 2022-06-16 13:49:43 +02:00
bytesobject.h gh-87347: Add parenthesis around PyXXX_Check() arguments (#92815) 2022-06-16 13:49:43 +02:00
ceval.h gh-87347: Add parenthesis around macro arguments (#93915) 2022-06-20 16:04:52 +02:00
codecs.h bpo-41842: Add codecs.unregister() function (GH-22360) 2020-09-28 23:41:11 +02:00
compile.h bpo-35134: Add include/cpython/compile.h (GH-24922) 2021-03-22 09:32:11 +01:00
complexobject.h gh-87347: Add parenthesis around PyXXX_Check() arguments (#92815) 2022-06-16 13:49:43 +02:00
datetime.h gh-87347: Add parenthesis around macro arguments (#93915) 2022-06-20 16:04:52 +02:00
descrobject.h bpo-45459: C API uses type names rather than structure names (GH-31528) 2022-02-24 17:51:59 +01:00
dictobject.h gh-87347: Add parenthesis around PyXXX_Check() arguments (#92815) 2022-06-16 13:49:43 +02:00
dynamic_annotations.h fix instances of consecutive articles (closes #23221) 2015-01-13 09:17:24 -05:00
enumobject.h
errcode.h bpo-46521: Fix codeop to use a new partial-input mode of the parser (GH-31010) 2022-02-08 11:54:37 +00:00
exports.h bpo-11410: Standardize and use symbol visibility attributes across POSIX and Windows. (GH-16347) 2019-10-15 08:26:12 +01:00
fileobject.h gh-77782: Deprecate global configuration variable (#93943) 2022-06-17 16:12:00 +02:00
fileutils.h bpo-45434: Remove useless space in includes (GH-28963) 2021-10-15 01:50:04 +02:00
floatobject.h gh-87347: Add parenthesis around PyXXX_Check() arguments (#92815) 2022-06-16 13:49:43 +02:00
frameobject.h bpo-45434: Remove useless space in includes (GH-28963) 2021-10-15 01:50:04 +02:00
genericaliasobject.h bpo-44654: Refactor and clean up the union type implementation (GH-27196) 2021-07-17 22:44:10 +03:00
import.h gh-87347: Add parenthesis around macro arguments (#93915) 2022-06-20 16:04:52 +02:00
intrcheck.h bpo-41713: Remove PyOS_InitInterrupts() function (GH-23342) 2020-11-17 16:22:23 +01:00
iterobject.h gh-87347: Add parenthesis around PyXXX_Check() arguments (#92815) 2022-06-16 13:49:43 +02:00
listobject.h gh-87347: Add parenthesis around PyXXX_Check() arguments (#92815) 2022-06-16 13:49:43 +02:00
longobject.h gh-87347: Add parenthesis around PyXXX_Check() arguments (#92815) 2022-06-16 13:49:43 +02:00
marshal.h bpo-45474: Exclude all of marshal.h if Py_LIMITED_API is defined (GH-29061) 2021-10-20 02:32:14 -07:00
memoryobject.h gh-87347: Add parenthesis around PyXXX_Check() arguments (#92815) 2022-06-16 13:49:43 +02:00
methodobject.h gh-87347: Add parenthesis around PyXXX_Check() arguments (#92815) 2022-06-16 13:49:43 +02:00
modsupport.h gh-87347: Add parenthesis around macro arguments (#93915) 2022-06-20 16:04:52 +02:00
moduleobject.h gh-87347: Add parenthesis around PyXXX_Check() arguments (#92815) 2022-06-16 13:49:43 +02:00
object.h Fix Py_INCREF() statistics in limited C API 3.10 (#96120) 2022-08-29 14:55:46 +02:00
objimpl.h gh-87347: Fix PyObject_NEW() regression (#94234) 2022-06-26 12:40:17 +02:00
opcode.h gh-93554: Conditional jump opcodes only jump forward (GH-96318) 2022-09-01 21:36:47 +01:00
osdefs.h bpo-31904: Add cross-build support for VxWorks RTOS (GH-11968) 2019-02-27 12:09:28 +01:00
osmodule.h Issue #29058: All stable API extensions added after Python 3.2 are now 2016-12-27 14:57:39 +02:00
patchlevel.h Python 3.12.0a0 2022-05-08 03:40:52 +01:00
py_curses.h gh-87347: Add parenthesis around PyXXX_Check() arguments (#92815) 2022-06-16 13:49:43 +02:00
pybuffer.h bpo-45459: Add pytypedefs.h header file (GH-31527) 2022-02-24 17:07:12 +01:00
pycapsule.h gh-87347: Add parenthesis around PyXXX_Check() arguments (#92815) 2022-06-16 13:49:43 +02:00
pydtrace.d bpo-36842: Implement PEP 578 (GH-12613) 2019-05-23 08:45:22 -07:00
pydtrace.h bpo-36842: Implement PEP 578 (GH-12613) 2019-05-23 08:45:22 -07:00
pyerrors.h gh-87347: Add parenthesis around macro arguments (#93915) 2022-06-20 16:04:52 +02:00
pyexpat.h bpo-34623: Use XML_SetHashSalt in _elementtree (GH-9146) 2018-09-18 05:38:58 -07:00
pyframe.h gh-93937, C API: Move PyFrame_GetBack() to Python.h (#93938) 2022-06-19 12:02:33 +02:00
pyhash.h bpo-29410: Change the default hash algorithm to SipHash13. (GH-28752) 2021-10-10 17:29:46 +09:00
pylifecycle.h bpo-43931: Export Python version as API data (GH-25577) 2021-12-09 17:52:05 -08:00
pymacconfig.h gh-93202: Always use %zd printf formatter (#93201) 2022-05-25 14:21:36 +02:00
pymacro.h gh-91731: Don't define 'static_assert' in C++11 where is a keyword to avoid UB (GH-93700) 2022-06-13 15:49:08 +01:00
pymath.h bpo-46656: Remove Py_NO_NAN macro (GH-31160) 2022-02-25 01:32:57 +01:00
pymem.h gh-87347: Add parenthesis around macro arguments (#93915) 2022-06-20 16:04:52 +02:00
pyport.h gh-94731: Revert to C-style casts for _Py_CAST (GH-94782) 2022-07-14 11:57:18 +02:00
pystate.h bpo-45459: C API uses type names rather than structure names (GH-31528) 2022-02-24 17:51:59 +01:00
pystats.h GH-93841: Allow stats to be turned on and off, cleared and dumped at runtime. (GH-93843) 2022-06-21 15:40:54 +01:00
pystrcmp.h
pystrtod.h bpo-45995: add "z" format specifer to coerce negative 0 to zero (GH-30049) 2022-04-11 15:34:18 +01:00
Python.h bpo-35134: Remove the Include/code.h header file (GH-32385) 2022-04-07 02:29:52 +02:00
pythonrun.h Docs: Clarify availability of PyOS_CheckStack (GH-91816) 2022-04-22 12:44:43 +02:00
pythread.h bpo-42047: Add native thread ID for DragonFlyBSD (#22714) 2022-05-18 15:10:10 +02:00
pytypedefs.h bpo-45459: Fix PyModuleDef_Slot type in the limited C API (GH-31668) 2022-03-03 23:06:55 +01:00
rangeobject.h gh-87347: Add parenthesis around PyXXX_Check() arguments (#92815) 2022-06-16 13:49:43 +02:00
README.rst bpo-43795: PEP 652 user documentation (GH-25668) 2021-05-11 07:04:33 -07:00
setobject.h gh-87347: Add parenthesis around PyXXX_Check() arguments (#92815) 2022-06-16 13:49:43 +02:00
sliceobject.h gh-87347: Add parenthesis around PyXXX_Check() arguments (#92815) 2022-06-16 13:49:43 +02:00
structmember.h bpo-45459: C API uses type names rather than structure names (GH-31528) 2022-02-24 17:51:59 +01:00
structseq.h gh-87347: Add parenthesis around macro arguments (#93915) 2022-06-20 16:04:52 +02:00
sysmodule.h gh-88279: Deprecate PySys_SetArgvEx() (#92363) 2022-05-06 05:24:29 +02:00
traceback.h gh-87347: Add parenthesis around PyXXX_Check() arguments (#92815) 2022-06-16 13:49:43 +02:00
tracemalloc.h bpo-35053: Define _PyTraceMalloc_NewReference in object.h (GH-10107) 2018-10-26 00:01:56 +02:00
tupleobject.h gh-87347: Add parenthesis around PyXXX_Check() arguments (#92815) 2022-06-16 13:49:43 +02:00
typeslots.h bpo-45459: Add Py_buffer to limited API (GH-29991) 2022-02-02 07:03:10 -08:00
unicodeobject.h gh-87347: Add parenthesis around PyXXX_Check() arguments (#92815) 2022-06-16 13:49:43 +02:00
warnings.h bpo-35134: Split warnings.h and weakrefobject.h (GH-29042) 2021-10-19 01:31:57 +02:00
weakrefobject.h gh-87347: Add parenthesis around PyXXX_Check() arguments (#92815) 2022-06-16 13:49:43 +02:00

README.rst 

The Python C API
================

The C API is divided into three sections:

1. ``Include/``: Limited API
2. ``Include/cpython/``: CPython implementation details
3. ``Include/internal/``: The internal API

Information on changing the C API is available `in the developer guide`_

.. _in the developer guide: https://devguide.python.org/c-api/