[issue17239] XML vulnerabilities in Python
Martin Panter
report at bugs.python.org
Mon May 18 05:00:00 CEST 2015
Martin Panter added the comment:
I did a rough merge with current “default” (3.5 pre-release) branch so that I can have a closer look at this issue; see xmlbomb_20150518.patch for the result. There are some bits with Argument Clinit that need perfecting:
* Unsure how to convert the ElementTree.XMLParser.__init__() signature (varied depending on XML_BOMB_PROTECTION compile-time flag) to Argument Clinic. So I just hard-coded it as if XML_BOMB_PROTECTION is always enabled. Why do we have to have a variable signature in the first place?
* New pyexpat functions need porting to Argument Clinic.
----------
versions: +Python 3.5
Added file: http://bugs.python.org/file39415/xmlbomb_20150518.patch
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue17239>
_______________________________________
More information about the Python-bugs-list
mailing list