Skip to content

[3.13] gh-119452: Fix a potential virtual memory allocation denial of service in http.server (GH-119455) #142130

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Dec 1, 2025
Merged

[3.13] gh-119452: Fix a potential virtual memory allocation denial of service in http.server (GH-119455) #142130

merged 1 commit into from
Dec 1, 2025
+57 −1

Conversation

@miss-islington
Copy link
Contributor

@miss-islington miss-islington commented Dec 1, 2025
edited by bedevere-app bot
Loading

The CGI server on Windows could consume the amount of memory specified
in the Content-Length header of the request even if the client does not
send such much data. Now it reads the POST request body by chunks,
so that the memory consumption is proportional to the amount of sent
data.
(cherry picked from commit 29c657a)

Co-authored-by: Serhiy Storchaka storchaka@gmail.com

@serhiy-storchaka @miss-islington
[3.14] pythongh-119452: Fix a potential virtual memory allocation den…
3ed5bde 
…ial of service in http.server (pythonGH-119455)

The CGI server on Windows could consume the amount of memory specified
in the Content-Length header of the request even if the client does not
send such much data. Now it reads the POST request body by chunks,
so that the memory consumption is proportional to the amount of sent
data.
(cherry picked from commit 29c657a)

Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
This was referenced Dec 1, 2025
Open
Merged
@serhiy-storchaka serhiy-storchaka enabled auto-merge (squash) December 1, 2025 14:09
@serhiy-storchaka serhiy-storchaka merged commit 6c922bb into python:3.13 Dec 1, 2025
75 of 77 checks passed
@bedevere-app
Copy link

bedevere-app bot commented Dec 2, 2025

GH-142185 is a backport of this pull request to the 3.13 branch.

hugovk added a commit to hugovk/cpython that referenced this pull request Dec 2, 2025
@hugovk
Revert "[3.13] pythongh-119452: Fix a potential virtual memory alloca…
ed03c6b 
…tion denial of service in http.server (pythonGH-119455) (pythonGH-142130)"

This reverts commit 6c922bb.
Yhg1s pushed a commit that referenced this pull request Dec 2, 2025
@hugovk
[3.13] Revert "gh-119452: Fix a potential virtual memory allocation d…
a62caed 
…enial of service in http.server (GH-119455) (GH-142130)" (#142185)

Revert "[3.13] gh-119452: Fix a potential virtual memory allocation denial of service in http.server (GH-119455) (GH-142130)"

This reverts commit 6c922bb.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

type-security A security issue

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@miss-islington @serhiy-storchaka