Commitbb38b39

authored

gh-95913: Forward-port int/str security change to 3.11 What's New in main (#98344)

Add int/str security change from issuegh-95778 PRsgh-96499 /gh-95800Co-authored-by: Gregory P. Smith <greg@krypto.org> [Google]

1 parentae19217 commitbb38b39Copy full SHA for bb38b39

File tree

+11

-0

lines changed

+11

-0

lines changed

Lines changed: 11 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -530,6 +530,17 @@ Other CPython Implementation Changes`
`530`	`530`	and with the new:option:`--help-all`.
`531`	`531`	(Contributed by Éric Araujo in:issue:`46142`.)
`532`	`532`
	`533`	+* Converting between:class:`int` and:class:`str` in bases other than 2
	`534`	`+ (binary), 4, 8 (octal), 16 (hexadecimal), or 32 such as base 10 (decimal)`
	`535`	+ now raises a:exc:`ValueError` if the number of digits in string form is
	`536`	`+ above a limit to avoid potential denial of service attacks due to the`
	`537`	+ algorithmic complexity. This is a mitigation for `CVE-2020-10735
	`538`	+<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10735>`_.
	`539`	`+ This limit can be configured or disabled by environment variable, command`
	`540`	+ line flag, or:mod:`sys` APIs. See the:ref:`integer string conversion
	`541`	+ length limitation <int_max_str_digits>` documentation. The default limit
	`542`	`+ is 4300 digits in string form.`
	`543`	`+`
`533`	`544`
`534`	`545`	`.. _whatsnew311-new-modules:`
`535`	`546`

Comments

(0)