merge heads

749f2a61 · Matthias Klose · 17ae6d77 · 5c8e648a · 749f2a61 · 749f2a61
Commit 749f2a61 authored Mar 14, 2012 by Matthias Klose
6 changed files
--- a/Doc/faq/programming.rst
+++ b/Doc/faq/programming.rst
@@ -794,9 +794,9 @@ My program is too slow. How do I speed it up?
 That's a tough one, in general.  First, here are a list of things to
 remember before diving further:

-* Performance characteristics vary accross Python implementations.  This FAQ
+* Performance characteristics vary across Python implementations.  This FAQ
  focusses on :term:`CPython`.
-* Behaviour can vary accross operating systems, especially when talking about
+* Behaviour can vary across operating systems, especially when talking about
  I/O or multi-threading.
 * You should always find the hot spots in your program *before* attempting to
  optimize any code (see the :mod:`profile` module).

--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -69,10 +69,23 @@ Extension Modules
  scanning, resulting in segfaults.


+What's New in Python 3.2.3 release candidate 2?
+===============================================
+
+*Release date: XX-Mar-2012*
+
+Library
+-------
+
+- Issue #14234: CVE-2012-0876: Randomize hashes of xml attributes in the hash
+  table internal to the pyexpat module's copy of the expat library to avoid a
+  denial of service due to hash collisions.  Patch by David Malcolm with some
+  modifications by the expat project.
+
 What's New in Python 3.2.3 release candidate 1?
 ===============================================

-*Release date: 24-Feb-2011*
+*Release date: 24-Feb-2012*

 Core and Builtins
 -----------------

--- a/Modules/expat/expat.h
+++ b/Modules/expat/expat.h
@@ -883,6 +883,15 @@ XMLPARSEAPI(int)
 XML_SetParamEntityParsing(XML_Parser parser,
                          enum XML_ParamEntityParsing parsing);

+/* Sets the hash salt to use for internal hash calculations.
+   Helps in preventing DoS attacks based on predicting hash
+   function behavior. This must be called before parsing is started.
+   Returns 1 if successful, 0 when called after parsing has started.
+*/
+XMLPARSEAPI(int)
+XML_SetHashSalt(XML_Parser parser,
+                unsigned long hash_salt);
+
 /* If XML_Parse or XML_ParseBuffer have returned XML_STATUS_ERROR, then
   XML_GetErrorCode returns information about the error.
 */

--- a/Modules/expat/pyexpatns.h
+++ b/Modules/expat/pyexpatns.h
@@ -97,6 +97,7 @@
 #define XML_SetEntityDeclHandler        PyExpat_XML_SetEntityDeclHandler
 #define XML_SetExternalEntityRefHandler PyExpat_XML_SetExternalEntityRefHandler
 #define XML_SetExternalEntityRefHandlerArg  PyExpat_XML_SetExternalEntityRefHandlerArg
+#define XML_SetHashSalt                 PyExpat_XML_SetHashSalt
 #define XML_SetNamespaceDeclHandler     PyExpat_XML_SetNamespaceDeclHandler
 #define XML_SetNotationDeclHandler      PyExpat_XML_SetNotationDeclHandler
 #define XML_SetNotStandaloneHandler     PyExpat_XML_SetNotStandaloneHandler

--- a/Modules/expat/xmlparse.c
+++ b/Modules/expat/xmlparse.c
--- a/Modules/pyexpat.c
+++ b/Modules/pyexpat.c
@@ -1150,6 +1150,8 @@ newxmlparseobject(char *encoding, char *namespace_separator, PyObject *intern)
    else {
        self->itself = XML_ParserCreate(encoding);
    }
+    XML_SetHashSalt(self->itself,
+                    (unsigned long)_Py_HashSecret.prefix);
    self->intern = intern;
    Py_XINCREF(self->intern);
    PyObject_GC_Track(self);