subject:"\[issue42103\] \[security\] DoS \(MemError via CPU and RAM exhaustion\) when processing malformed Apple Property List files in binary format"

[issue42103] [security] DoS (MemError via CPU and RAM exhaustion) when processing malformed Apple Property List files in binary format

2020-11-10 Thread Serhiy Storchaka

Change by Serhiy Storchaka : -- resolution: -> fixed stage: patch review -> resolved status: open -> closed ___ Python tracker ___

[issue42103] [security] DoS (MemError via CPU and RAM exhaustion) when processing malformed Apple Property List files in binary format

2020-11-10 Thread Ned Deily

Ned Deily added the comment: New changeset a63234c49b2fbfb6f0aca32525e525ce3d43b2b4 by Serhiy Storchaka in branch '3.6': [3.6] bpo-42103: Improve validation of Plist files. (GH-22882) (GH-23118) https://github.com/python/cpython/commit/a63234c49b2fbfb6f0aca32525e525ce3d43b2b4 --

[issue42103] [security] DoS (MemError via CPU and RAM exhaustion) when processing malformed Apple Property List files in binary format

2020-11-10 Thread Ned Deily

Ned Deily added the comment: New changeset 225e3659556616ad70186e7efc02baeebfeb5ec4 by Serhiy Storchaka in branch '3.7': [3.7] bpo-42103: Improve validation of Plist files. (GH-22882) (#23117) https://github.com/python/cpython/commit/225e3659556616ad70186e7efc02baeebfeb5ec4 --

[issue42103] [security] DoS (MemError via CPU and RAM exhaustion) when processing malformed Apple Property List files in binary format

2020-11-02 Thread Serhiy Storchaka

Change by Serhiy Storchaka : -- nosy: +lukasz.langa priority: normal -> release blocker ___ Python tracker ___ ___ Python-bugs-list

[issue42103] [security] DoS (MemError via CPU and RAM exhaustion) when processing malformed Apple Property List files in binary format

2020-11-02 Thread Serhiy Storchaka

Serhiy Storchaka added the comment: New changeset 547d2bcc55e348043b2f338027c1acd9549ada76 by Serhiy Storchaka in branch '3.8': [3.8] bpo-42103: Improve validation of Plist files. (GH-22882) (GH-23116) https://github.com/python/cpython/commit/547d2bcc55e348043b2f338027c1acd9549ada76

[issue42103] [security] DoS (MemError via CPU and RAM exhaustion) when processing malformed Apple Property List files in binary format

2020-11-02 Thread Serhiy Storchaka

Change by Serhiy Storchaka : -- pull_requests: +22035 pull_request: https://github.com/python/cpython/pull/23118 ___ Python tracker ___

[issue42103] [security] DoS (MemError via CPU and RAM exhaustion) when processing malformed Apple Property List files in binary format

2020-11-02 Thread miss-islington

miss-islington added the comment: New changeset e277cb76989958fdbc092bf0b2cb55c43e86610a by Miss Skeleton (bot) in branch '3.9': bpo-42103: Improve validation of Plist files. (GH-22882) https://github.com/python/cpython/commit/e277cb76989958fdbc092bf0b2cb55c43e86610a --

[issue42103] [security] DoS (MemError via CPU and RAM exhaustion) when processing malformed Apple Property List files in binary format

2020-11-02 Thread Serhiy Storchaka

Change by Serhiy Storchaka : -- pull_requests: +22034 pull_request: https://github.com/python/cpython/pull/23117 ___ Python tracker ___

[issue42103] [security] DoS (MemError via CPU and RAM exhaustion) when processing malformed Apple Property List files in binary format

2020-11-02 Thread Serhiy Storchaka

Change by Serhiy Storchaka : -- pull_requests: +22033 pull_request: https://github.com/python/cpython/pull/23116 ___ Python tracker ___

[issue42103] [security] DoS (MemError via CPU and RAM exhaustion) when processing malformed Apple Property List files in binary format

2020-11-02 Thread miss-islington

Change by miss-islington : -- nosy: +miss-islington nosy_count: 4.0 -> 5.0 pull_requests: +22032 pull_request: https://github.com/python/cpython/pull/23115 ___ Python tracker

[issue42103] [security] DoS (MemError via CPU and RAM exhaustion) when processing malformed Apple Property List files in binary format

2020-11-02 Thread Serhiy Storchaka

Serhiy Storchaka added the comment: New changeset 34637a0ce21e7261b952fbd9d006474cc29b681f by Serhiy Storchaka in branch 'master': bpo-42103: Improve validation of Plist files. (GH-22882) https://github.com/python/cpython/commit/34637a0ce21e7261b952fbd9d006474cc29b681f --

[issue42103] [security] DoS (MemError via CPU and RAM exhaustion) when processing malformed Apple Property List files in binary format

2020-10-22 Thread Serhiy Storchaka

Serhiy Storchaka added the comment: No, with recursive collections all is good. Then I'll just add a NEWS entry and maybe few more tests. -- ___ Python tracker ___

[issue42103] [security] DoS (MemError via CPU and RAM exhaustion) when processing malformed Apple Property List files in binary format

2020-10-22 Thread Serhiy Storchaka

Serhiy Storchaka added the comment: PR 22882 fixes problem in _read_ints(), adds validation for string size, and adds many tests for mailformed binary Plists. There may be problems with recursive collections. I'll try to solve them too. -- ___

[issue42103] [security] DoS (MemError via CPU and RAM exhaustion) when processing malformed Apple Property List files in binary format

2020-10-22 Thread Ronald Oussoren

Ronald Oussoren added the comment: Serhiy, thanks. Just the change in the format string would fix this particular example. I see you're working on a PR with better validation. The current state of the draft looks good to me, but I haven't checked yet if there are other potential problems

[issue42103] [security] DoS (MemError via CPU and RAM exhaustion) when processing malformed Apple Property List files in binary format

2020-10-22 Thread Serhiy Storchaka

Change by Serhiy Storchaka : -- keywords: +patch pull_requests: +21822 stage: -> patch review pull_request: https://github.com/python/cpython/pull/22882 ___ Python tracker

[issue42103] [security] DoS (MemError via CPU and RAM exhaustion) when processing malformed Apple Property List files in binary format

2020-10-21 Thread Serhiy Storchaka

Serhiy Storchaka added the comment: There are two issues here. The simple one is building a large format string for struct.unpack(). It has simple solution: use f'>{n}{_BINARY_FORMAT[size]}'. The hard issue is that read(n) allocates n bytes in memory even if there are not so many bytes in

[issue42103] [security] DoS (MemError via CPU and RAM exhaustion) when processing malformed Apple Property List files in binary format

2020-10-21 Thread Ronald Oussoren

Ronald Oussoren added the comment: One Apple implementation of binary plist parsing is here: https://opensource.apple.com/source/CF/CF-550/CFBinaryPList.c. That seems to work from a buffer (or mmap) of the entire file, making consistency checks somewhat easier, and I don't think they have a

[issue42103] [security] DoS (MemError via CPU and RAM exhaustion) when processing malformed Apple Property List files in binary format

2020-10-21 Thread Ronald Oussoren

Ronald Oussoren added the comment: Thanks for the report. I can reproduce the issue. -- ___ Python tracker ___ ___

[issue42103] [security] DoS (MemError via CPU and RAM exhaustion) when processing malformed Apple Property List files in binary format

2020-10-20 Thread Ned Deily

Change by Ned Deily : -- components: +Library (Lib) -Interpreter Core keywords: +security_issue nosy: +ned.deily, ronaldoussoren, serhiy.storchaka title: DoS (MemError via CPU and RAM exhaustion) when processing malformed Apple Property List files in binary format -> [security] DoS

[issue42103] [security] DoS (MemError via CPU and RAM exhaustion) when processing malformed Apple Property List files in binary format

[issue42103] [security] DoS (MemError via CPU and RAM exhaustion) when processing malformed Apple Property List files in binary format

[issue42103] [security] DoS (MemError via CPU and RAM exhaustion) when processing malformed Apple Property List files in binary format

[issue42103] [security] DoS (MemError via CPU and RAM exhaustion) when processing malformed Apple Property List files in binary format

[issue42103] [security] DoS (MemError via CPU and RAM exhaustion) when processing malformed Apple Property List files in binary format

[issue42103] [security] DoS (MemError via CPU and RAM exhaustion) when processing malformed Apple Property List files in binary format

[issue42103] [security] DoS (MemError via CPU and RAM exhaustion) when processing malformed Apple Property List files in binary format

[issue42103] [security] DoS (MemError via CPU and RAM exhaustion) when processing malformed Apple Property List files in binary format

[issue42103] [security] DoS (MemError via CPU and RAM exhaustion) when processing malformed Apple Property List files in binary format

[issue42103] [security] DoS (MemError via CPU and RAM exhaustion) when processing malformed Apple Property List files in binary format

[issue42103] [security] DoS (MemError via CPU and RAM exhaustion) when processing malformed Apple Property List files in binary format

[issue42103] [security] DoS (MemError via CPU and RAM exhaustion) when processing malformed Apple Property List files in binary format

[issue42103] [security] DoS (MemError via CPU and RAM exhaustion) when processing malformed Apple Property List files in binary format

[issue42103] [security] DoS (MemError via CPU and RAM exhaustion) when processing malformed Apple Property List files in binary format

[issue42103] [security] DoS (MemError via CPU and RAM exhaustion) when processing malformed Apple Property List files in binary format

[issue42103] [security] DoS (MemError via CPU and RAM exhaustion) when processing malformed Apple Property List files in binary format

[issue42103] [security] DoS (MemError via CPU and RAM exhaustion) when processing malformed Apple Property List files in binary format

[issue42103] [security] DoS (MemError via CPU and RAM exhaustion) when processing malformed Apple Property List files in binary format

[issue42103] [security] DoS (MemError via CPU and RAM exhaustion) when processing malformed Apple Property List files in binary format

19 matches

Site Navigation

Mail list logo

Footer information