[issue439993] infinite loop in re.match

[admin]

Change by admin :


--
github: None -> 34718

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue463359] Interpreter generates infinite loop

[admin]

Change by admin :


--
github: None -> 35211

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue473223] Fix infinite getattr loop in asyncore

[admin]

Change by admin :


--
github: None -> 35368

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue439997] infinite loop in re.match

[admin]

Change by admin :


--
github: None -> 34720

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue216267] zlib.decompress memory allocation "infinite" loop

[admin]

Change by admin :


___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue212943] infinite recursion bug

[admin]

Change by admin :


___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue216267] zlib.decompress memory allocation "infinite" loop

[admin]

Change by admin :


--
github: None -> 33300

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue212943] infinite recursion bug

[admin]

Change by admin :


--
github: None -> 32997

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue47210] './configure --help' causes infinite loop

[ripspin]

ripspin  added the comment:

Bug closed because I get the same loop with python-3.10.4

--
stage:  -> resolved
status: open -> closed

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue47210] './configure --help' causes infinite loop

[Ned Deily]

Ned Deily  added the comment:

Python 3.9.6 is no longer supported, 3.9.12 is the most recent 3.9.x release. 
Do you get the same results with 3.9.12? But, for what it's worth, ./configure 
--help of that 3.9.6 tarball works just fine on other current Linux systems I 
have available.

--
nosy: +ned.deily

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue47210] './configure --help' causes infinite loop

[ripspin]

ripspin  added the comment:

GNU bash, version 4.3.42(1)-release (x86_64-unknown-linux-gnu)
uname -a
Linux xenial64-sda1 4.9.58 #1 SMP PREEMPT Mon Nov 13 15:54:01 GMT 2017 x86_64 
x86_64 x86_64 GNU/Linux

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue47210] './configure --help' causes infinite loop

[ripspin]

New submission from ripspin :

wget https://www.python.org/ftp/python/3.9.6/Python-3.9.6.tgz
unpacked & cd to /GS/FLP/pool/common-apps/Python-3.9.6/
./configure --help  (appears to hang but ps gives truth)

see attached file of ps output

--
components: Build
files: ttt1
messages: 416654
nosy: ripspin5
priority: normal
severity: normal
status: open
title: './configure --help' causes infinite loop
type: compile error
versions: Python 3.9
Added file: https://bugs.python.org/file50717/ttt1

___
Python tracker 
<https://bugs.python.org/issue47210>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue46223] asyncio cause infinite loop during debug

[Andrew Svetlov]

Andrew Svetlov  added the comment:

Fixed by #47039

--
resolution:  -> duplicate
stage:  -> resolved
status: open -> closed
superseder:  -> Normalize asyncio future and task repr()

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue42941] Infinite loop in asyncio sslproto

[Andrew Svetlov]

Andrew Svetlov  added the comment:

sslproto was rewritten from scratch in Python 3.11

--
resolution:  -> out of date
stage: patch review -> resolved
status: open -> closed

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue34781] infinite waiting in multiprocessing.Pool

[Antonio Vázquez Blanco]

Change by Antonio Vázquez Blanco :


--
nosy: +antonio.vazquez

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue38487] expat infinite loop

[sping]

sping  added the comment:

Hi StyXman,

I had a closer look at the files you shared, thanks for those, very helpful!

What I found is that expat_test.py uses a single scalar variable
(_DictSAXHandler.parser) to keep track of the related parser, while it would
need a stack to allow recursion.  In a way, the current approach is equivalent
to walking up the stack as expected but never going back down.
Once I make the code use a stack, the loop goes away.  I'm pasting the patch
inline (with two spaces indented globally) below.

During debugging, these are commands I used to compare internal libexpat 
behavior,
that may be of interest:

  EXPAT_ACCOUNTING_DEBUG=2 python expat_test.py |& sed 's,0x[0-9a-f]\+,XXX,' | 
tee pyexpat.txt

  EXPAT_ACCOUNTING_DEBUG=2 xmlwf -x test1.xml |& sed 's,0x[0-9a-f]\+,XXX,' | 
tee xmlwf.txt

  diff -u xmlwf.txt pyexpat.txt

Here's how I quick-fixed expat_test.py to make things work:

  # diff -u expat_test.py_ORIG expat_test.py
  --- expat_test.py_ORIG  2022-01-26 21:15:27.506458671 +0100
  +++ expat_test.py   2022-01-26 22:15:08.741384932 +0100
  @@ -7,11 +7,21 @@
   
   parser.ExternalEntityRefHandler = handler.externalEntityRef
   
  -# store the parser in the handler so we can recurse
  -handler.parser = parser
  -
   
   class _DictSAXHandler(object):
  +def __init__(self):
  +self._parsers = []
  +
  +def push_parser(self, parser):
  +self._parsers.append(parser)
  +
  +def pop_parser(self):
  +self._parsers.pop()
  +
  +@property
  +def parser(self):
  +return self._parsers[-1]
  +
   def externalEntityRef(self, context, base, sysId, pubId):
   print(context, base, sysId, pubId)
   external_parser = self.parser.ExternalEntityParserCreate(context)
  @@ -19,7 +29,9 @@
   setup_parser(external_parser, self)
   f = open(sysId, 'rb')
   print(f)
  +self.push_parser(external_parser)
   external_parser.ParseFile(f)
  +self.pop_parser()
   print(f)
   
   # all OK
  @@ -36,12 +48,13 @@
   namespace_separator
   )
   setup_parser(parser, handler)
  +handler.push_parser(parser)
   
   if hasattr(xml_input, 'read'):
   parser.ParseFile(xml_input)
   else:
   parser.Parse(xml_input, True)
  -return handler.item
  +# return handler.item  # there is no .item
   
   
   parse(open('test1.xml', 'rb'))
   
What do you tink?

PS: Please note that processing external entities has security implications
(see https://en.wikipedia.org/wiki/XML_external_entity_attack).

Best, Sebastian

--
nosy: +sping

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue46223] asyncio cause infinite loop during debug

[aaron]

aaron  added the comment:

'@reprlib.recursive_repr' decorator to 'events.Handle.__repr__()'

could you tell me which file should I change? and why?

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue46223] asyncio cause infinite loop during debug

[aaron]

aaron  added the comment:

"When running code in debug mode" means we're debug the code. We have used both 
vscode and pycharm. Same result.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue46223] asyncio cause infinite loop during debug

[Kumar Aditya]

Change by Kumar Aditya :


--
nosy: +kumaraditya303

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue46223] asyncio cause infinite loop during debug

[Andrew Svetlov]

Andrew Svetlov  added the comment:

I guess applying '@reprlib.recursive_repr' decorator to 
'events.Handle.__repr__()' function can help.

Could you check, please?

--
versions: +Python 3.10, Python 3.11

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue46223] asyncio cause infinite loop during debug

[Nikita Sobolev]

Nikita Sobolev  added the comment:

Just to clarify.

What do you mean by "When running code in debug mode"?
Do you use some debugger like `pdb` or pycharm?

--
nosy: +sobolevn

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue46223] asyncio cause infinite loop during debug

[Terry J. Reedy]

Change by Terry J. Reedy :


--
components: +asyncio
nosy: +asvetlov, yselivanov

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue42259] pprint: infinite recursion for saferepr() when using nested objects, but str() works

[Irit Katriel]

Irit Katriel  added the comment:

The documentation change in the PR clarifies the current state of things. 

@serhiy.storchaka - do you have a view on whether we should aim for an actual 
fix, or just document and close?

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue46223] asyncio cause infinite loop during debug

[aaron]

New submission from aaron :

When running code in debug mode, asyncio sometimes enter into infinite loop, 
shows as the following:

```
Current thread 0x7f1c15fc5180 (most recent call first):
  File "/root/miniconda3/envs/omicron/lib/python3.9/asyncio/events.py", line 58 
in __repr__
  File "/root/miniconda3/envs/omicron/lib/python3.9/reprlib.py", line 139 in 
repr_instance
  File "/root/miniconda3/envs/omicron/lib/python3.9/reprlib.py", line 62 in 
repr1
  File "/root/miniconda3/envs/omicron/lib/python3.9/reprlib.py", line 52 in repr
  File "/root/miniconda3/envs/omicron/lib/python3.9/asyncio/format_helpers.py", 
line 40 in 
  File "/root/miniconda3/envs/omicron/lib/python3.9/asyncio/format_helpers.py", 
line 40 in _format_args_and_kwargs
  File "/root/miniconda3/envs/omicron/lib/python3.9/asyncio/format_helpers.py", 
line 56 in _format_callback
  File "/root/miniconda3/envs/omicron/lib/python3.9/asyncio/format_helpers.py", 
line 47 in _format_callback
  File "/root/miniconda3/envs/omicron/lib/python3.9/asyncio/format_helpers.py", 
line 23 in _format_callback_source
  File "/root/miniconda3/envs/omicron/lib/python3.9/asyncio/base_futures.py", 
line 32 in format_cb
  File "/root/miniconda3/envs/omicron/lib/python3.9/asyncio/base_futures.py", 
line 37 in _format_callbacks
  File "/root/miniconda3/envs/omicron/lib/python3.9/asyncio/base_futures.py", 
line 76 in _future_repr_info
  File "/root/miniconda3/envs/omicron/lib/python3.9/reprlib.py", line 139 in 
repr_instance
  File "/root/miniconda3/envs/omicron/lib/python3.9/reprlib.py", line 62 in 
repr1
  File "/root/miniconda3/envs/omicron/lib/python3.9/reprlib.py", line 52 in repr
  File "/root/miniconda3/envs/omicron/lib/python3.9/asyncio/format_helpers.py", 
line 38 in 
  File "/root/miniconda3/envs/omicron/lib/python3.9/asyncio/format_helpers.py", 
line 38 in _format_args_and_kwargs
  File "/root/miniconda3/envs/omicron/lib/python3.9/asyncio/format_helpers.py", 
line 56 in _format_callback
  File "/root/miniconda3/envs/omicron/lib/python3.9/asyncio/format_helpers.py", 
line 23 in _format_callback_source
  File "/root/miniconda3/envs/omicron/lib/python3.9/asyncio/events.py", line 51 
in _repr_info
  File "/root/miniconda3/envs/omicron/lib/python3.9/asyncio/events.py", line 61 
in __repr__
  File "/root/miniconda3/envs/omicron/lib/python3.9/reprlib.py", line 139 in 
repr_instance
  File "/root/miniconda3/envs/omicron/lib/python3.9/reprlib.py", line 62 in 
repr1
  File "/root/miniconda3/envs/omicron/lib/python3.9/reprlib.py", line 52 in repr
  File "/root/miniconda3/envs/omicron/lib/python3.9/asyncio/format_helpers.py", 
line 40 in 
  File "/root/miniconda3/envs/omicron/lib/python3.9/asyncio/format_helpers.py", 
line 40 in _format_args_and_kwargs
  File "/root/miniconda3/envs/omicron/lib/python3.9/asyncio/format_helpers.py", 
line 56 in _format_callback
  File "/root/miniconda3/envs/omicron/lib/python3.9/asyncio/format_helpers.py", 
line 47 in _format_callback
  File "/root/miniconda3/envs/omicron/lib/python3.9/asyncio/format_helpers.py", 
line 23 in _format_callback_source
  File "/root/miniconda3/envs/omicron/lib/python3.9/asyncio/base_futures.py", 
line 32 in format_cb
  File "/root/miniconda3/envs/omicron/lib/python3.9/asyncio/base_futures.py", 
line 37 in _format_callbacks
  File "/root/miniconda3/envs/omicron/lib/python3.9/asyncio/base_futures.py", 
line 76 in _future_repr_info
  File "/root/miniconda3/envs/omicron/lib/python3.9/reprlib.py", line 139 in 
repr_instance
  File "/root/miniconda3/envs/omicron/lib/python3.9/reprlib.py", line 62 in 
repr1
  File "/root/miniconda3/envs/omicron/lib/python3.9/reprlib.py", line 52 in repr
  File "/root/miniconda3/envs/omicron/lib/python3.9/asyncio/format_helpers.py", 
line 38 in 
  File "/root/miniconda3/envs/omicron/lib/python3.9/asyncio/format_helpers.py", 
line 38 in _format_args_and_kwargs
  File "/root/miniconda3/envs/omicron/lib/python3.9/asyncio/format_helpers.py", 
line 56 in _format_callback
  File "/root/miniconda3/envs/omicron/lib/python3.9/asyncio/format_helpers.py", 
line 23 in _format_callback_source
  File "/root/miniconda3/envs/omicron/lib/python3.9/asyncio/events.py", line 51 
in _repr_info
  File "/root/miniconda3/envs/omicron/lib/python3.9/asyncio/events.py", line 61 
in __repr__
  File "/root/miniconda3/envs/omicron/lib/python3.9/reprlib.py", line 139 in 
repr_instance
  File "/root/miniconda3/envs/omicron/lib/python3.9/reprlib.py", line 62 in 
repr1
  File "/root/miniconda3/envs/omicron/lib/python3.9/reprlib.py", line 52 in repr
  File "/root/minic

[issue42259] pprint: infinite recursion for saferepr() when using nested objects, but str() works

[Irit Katriel]

Change by Irit Katriel :


--
nosy: +serhiy.storchaka

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue42259] pprint: infinite recursion for saferepr() when using nested objects, but str() works

[Andrei Kulakov]

Andrei Kulakov  added the comment:

The recursion protection in `saferepr` applies when two conditions are met: 

- the structure is subclassed from list, tuple or dict
- __repr__ is not overriden

In this case neither condition is met.

However, the recursion is caused by the `__repr__` so when it's removed, 
recursion doesn't happen (but not due to recursion protection).

Btw also note that recursive path must be continuous for recursion detection to 
apply, e.g. if it's list[cust_obj[list[cust_obj...]]], detection also won't 
work.

I don't think we can fix this in code in a straightforward way, because  we 
want to avoid recursively calling saferepr in case __repr__ does not recurse.

In other words, if we knew __repr__ DOES recurse, we could call saferepr 
recursively and apply recursion detection without any problems, but __repr__ 
might intentionally say something like "", and then 
recursively calling saferepr would be undesirable.

So unfortunately we lose the recursion detection because of that.

One possible option would be to add an optional param like *force_recursion*, 
to recurse with detection even on overridden *__repr__*. I'm not sure it's 
worth it. But that's something users can consider: subclass PrettyPrinter and 
override saferepr() and either remove the checks for __repr__ override or add a 
param to do just that.

Current docs really make it sound like any recursion that shows up in repr() 
will be protected; it's really much more limited than that. Adding PR to 
clarify the limitations.

--
versions: +Python 3.11 -Python 3.8

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue42259] pprint: infinite recursion for saferepr() when using nested objects, but str() works

[Andrei Kulakov]

Change by Andrei Kulakov :


--
keywords: +patch
nosy: +andrei.avk
nosy_count: 2.0 -> 3.0
pull_requests: +28477
stage:  -> patch review
pull_request: https://github.com/python/cpython/pull/30256

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue44475] Dataclass Causes Infinite Recursion when using type of bytes

[Eric V. Smith]

Eric V. Smith  added the comment:

Closing due to lack of feedback.

--
resolution:  -> not a bug
stage:  -> resolved
status: pending -> closed

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue24851] infinite loop in faulthandler._stack_overflow

[Irit Katriel]

Change by Irit Katriel :


--
stage:  -> resolved
status: pending -> closed

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue24851] infinite loop in faulthandler._stack_overflow

[Irit Katriel]

Irit Katriel  added the comment:

I think this was fixed in issue38965.

--
nosy: +iritkatriel, ned.deily
resolution:  -> duplicate
status: open -> pending
superseder:  -> test_stack_overflow (test.test_faulthandler.FaultHandlerTests) 
is stuck with GCC10

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue45687] Infinite recursion in Pickler.persistent_id

[Serhiy Storchaka]

Change by Serhiy Storchaka :


--
components: +Interpreter Core
nosy: +serhiy.storchaka
versions: +Python 3.11 -Python 3.7, Python 3.8

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue45687] Infinite recursion in Pickler.persistent_id

[Michał Bartoszkiewicz]

New submission from Michał Bartoszkiewicz :

The following code, which seems reasonable:
import io
import pickle

class Pickler(pickle.Pickler):
  def persistent_id(self, obj):
return super().persistent_id(obj)

Pickler(io.BytesIO()).dump(42)

crashes with:
RecursionError: maximum recursion depth exceeded while calling a Python object

It works perfectly when inheriting from pickle._Pickler (the Python 
implementation).

--
components: Library (Lib)
files: pickle-bug.py
messages: 405494
nosy: embe-navalgo
priority: normal
severity: normal
status: open
title: Infinite recursion in Pickler.persistent_id
type: behavior
versions: Python 3.10, Python 3.7, Python 3.8, Python 3.9
Added file: https://bugs.python.org/file50418/pickle-bug.py

___
Python tracker 
<https://bugs.python.org/issue45687>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue34781] infinite waiting in multiprocessing.Pool

[Myles Steinhauser]

Change by Myles Steinhauser :


--
nosy: +myles.steinhauser

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue45156] mock.seal has infinite recursion with int class attributes

[STINNER Victor]

STINNER Victor  added the comment:

Thanks for the report and the fix!

--
resolution:  -> fixed
stage: patch review -> resolved
status: open -> closed

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue44022] CVE-2021-3737: urllib http client possible infinite loop on a 100 Continue response

[STINNER Victor]

STINNER Victor  added the comment:

I'm not sure why the fix in the main branch was not listed here:

commit 47895e31b6f626bc6ce47d175fe9d43c1098909d
Author: Gen Xu 
Date:   Wed May 5 15:42:41 2021 -0700

bpo-44022: Fix http client infinite line reading (DoS) after a HTTP 100 
Continue (GH-25916)

Fixes http.client potential denial of service where it could get stuck 
reading lines from a malicious server after a 100 Continue response.

Co-authored-by: Gregory P. Smith 

--

___
Python tracker 
<https://bugs.python.org/issue44022>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue44022] CVE-2021-3737: urllib http client possible infinite loop on a 100 Continue response

[STINNER Victor]

STINNER Victor  added the comment:

I created 
https://python-security.readthedocs.io/vuln/urllib-100-continue-loop.html to 
track the issue.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue44022] CVE-2021-3737: urllib http client possible infinite loop on a 100 Continue response

[STINNER Victor]

STINNER Victor  added the comment:

Matej Cepl: "Is there a CVE for this?"

Yes, CVE-2021-3737 was assigned to this issue.

* https://access.redhat.com/security/cve/CVE-2021-3737
* https://bugzilla.redhat.com/show_bug.cgi?id=1995162

--
nosy: +vstinner
title: urllib http client possible infinite loop on a 100 Continue response -> 
CVE-2021-3737: urllib http client possible infinite loop on a 100 Continue 
response

___
Python tracker 
<https://bugs.python.org/issue44022>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue45156] mock.seal has infinite recursion with int class attributes

[STINNER Victor]

STINNER Victor  added the comment:


New changeset fd74d2680ef96c0140bc02cf94d1cf1f2ef814c2 by Miss Islington (bot) 
in branch '3.10':
bpo-45156: Fixes inifite loop on unittest.mock.seal() (GH-28300) (GH-28326)
https://github.com/python/cpython/commit/fd74d2680ef96c0140bc02cf94d1cf1f2ef814c2


--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue45156] mock.seal has infinite recursion with int class attributes

[miss-islington]

miss-islington  added the comment:


New changeset 13257d9fca13dfa1bda5b802d68ddaec72f3a07e by Miss Islington (bot) 
in branch '3.9':
bpo-45156: Fixes inifite loop on unittest.mock.seal() (GH-28300)
https://github.com/python/cpython/commit/13257d9fca13dfa1bda5b802d68ddaec72f3a07e


--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue45156] mock.seal has infinite recursion with int class attributes

[miss-islington]

Change by miss-islington :


--
pull_requests: +26738
pull_request: https://github.com/python/cpython/pull/28327

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue45156] mock.seal has infinite recursion with int class attributes

[miss-islington]

Change by miss-islington :


--
nosy: +miss-islington
nosy_count: 5.0 -> 6.0
pull_requests: +26737
pull_request: https://github.com/python/cpython/pull/28326

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue45156] mock.seal has infinite recursion with int class attributes

[STINNER Victor]

STINNER Victor  added the comment:


New changeset 7f60c9e1c6e22cc0e846a872c318570926cd3094 by Nikita Sobolev in 
branch 'main':
bpo-45156: Fixes inifite loop on unittest.mock.seal() (GH-28300)
https://github.com/python/cpython/commit/7f60c9e1c6e22cc0e846a872c318570926cd3094


--
nosy: +vstinner

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue45156] mock.seal has infinite recursion with int class attributes

[Nikita Sobolev]

Nikita Sobolev  added the comment:

I've proposed a solution, based on the assumption that we don't need to recurse 
into `_SpecState` props:

```
if isinstance(m._mock_children.get(attr), _SpecState):
   continue
```

It seems like a simple and reasonable thing to do.
Link: https://github.com/python/cpython/pull/28300

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue45156] mock.seal has infinite recursion with int class attributes

[Nikita Sobolev]

Change by Nikita Sobolev :


--
keywords: +patch
nosy: +sobolevn
nosy_count: 3.0 -> 4.0
pull_requests: +26714
stage:  -> patch review
pull_request: https://github.com/python/cpython/pull/28300

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue45156] mock.seal has infinite recursion with int class attributes

[Irit Katriel]

Irit Katriel  added the comment:

Pdb) list
2916if m._mock_new_parent is mock:
2917  try:
2918seal(m)
2919  except:
2920breakpoint()
2921 -> raise
2922
2923
2924class _AsyncIterator:
2925"""
2926Wraps an iterator in an asynchronous iterator.
(Pdb) p m


--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue45156] mock.seal has infinite recursion with int class attributes

[Irit Katriel]

Irit Katriel  added the comment:

Reproduced on 3.11:

>>> foo = mock.create_autospec(Foo)
>>> mock.seal(foo)

^CTraceback (most recent call last):
  File "", line 1, in 
  File "/Users/iritkatriel/src/cpython-1/Lib/unittest/mock.py", line 2917, in 
seal
seal(m)
^^^
  File "/Users/iritkatriel/src/cpython-1/Lib/unittest/mock.py", line 2917, in 
seal
seal(m)
^^^
  File "/Users/iritkatriel/src/cpython-1/Lib/unittest/mock.py", line 2917, in 
seal
seal(m)
^^^
  [Previous line repeated 645 more times]
  File "/Users/iritkatriel/src/cpython-1/Lib/unittest/mock.py", line 2911, in 
seal
m = getattr(mock, attr)
^^^
  File "/Users/iritkatriel/src/cpython-1/Lib/unittest/mock.py", line 662, in 
__getattr__
result = create_autospec(
 
  File "/Users/iritkatriel/src/cpython-1/Lib/unittest/mock.py", line 2672, in 
create_autospec
mock = Klass(parent=_parent, _new_parent=_parent, _new_name=_new_name,
   ^^^
  File "/Users/iritkatriel/src/cpython-1/Lib/unittest/mock.py", line 416, in 
__new__
new = type(cls.__name__, bases, {'__doc__': cls.__doc__})
  ^^^
KeyboardInterrupt

--
nosy: +iritkatriel
versions: +Python 3.10, Python 3.11

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue45156] mock.seal has infinite recursion with int class attributes

[Karthikeyan Singaravelan]

Change by Karthikeyan Singaravelan :


--
nosy: +xtreak

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue45156] mock.seal has infinite recursion with int class attributes

[David Mandelberg]

New submission from David Mandelberg :

The code below seems to have infinite recursion in the mock.seal call with 
python 3.9.2.

from unittest import mock
class Foo:
  foo = 0
foo = mock.create_autospec(Foo)
mock.seal(foo)

--
components: Library (Lib)
messages: 401525
nosy: dseomn
priority: normal
severity: normal
status: open
title: mock.seal has infinite recursion with int class attributes
type: crash
versions: Python 3.9

___
Python tracker 
<https://bugs.python.org/issue45156>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue35901] json.dumps infinite recurssion

[Irit Katriel]

Change by Irit Katriel :


--
resolution:  -> not a bug
stage:  -> resolved
status: open -> closed

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue44022] urllib http client possible infinite loop on a 100 Continue response

[Matej Cepl]

Matej Cepl  added the comment:

Is there a CVE for this?

--
nosy: +mcepl

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue44022] urllib http client possible infinite loop on a 100 Continue response

[Łukasz Langa]

Łukasz Langa  added the comment:


New changeset 0389426fa4af4dfc8b1d7f3f291932d928392d8b by Miss Islington (bot) 
in branch '3.8':
bpo-44022: Improve the regression test. (GH-26503) (#26506)
https://github.com/python/cpython/commit/0389426fa4af4dfc8b1d7f3f291932d928392d8b


--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue44022] urllib http client possible infinite loop on a 100 Continue response

[miss-islington]

miss-islington  added the comment:


New changeset 7ac7a0c0f03c60934bc924ee144db170a0e0161f by Sergey Fedoseev in 
branch 'main':
bpo-44022: Fix Sphinx role in NEWS entry (GH-27033)
https://github.com/python/cpython/commit/7ac7a0c0f03c60934bc924ee144db170a0e0161f


--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue44022] urllib http client possible infinite loop on a 100 Continue response

[Sergey Fedoseev]

Change by Sergey Fedoseev :


--
nosy: +sir-sigurd
nosy_count: 8.0 -> 9.0
pull_requests: +25593
pull_request: https://github.com/python/cpython/pull/27033

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue44475] Dataclass Causes Infinite Recursion when using type of bytes

[Eric V. Smith]

Change by Eric V. Smith :


--
assignee:  -> eric.smith
status: open -> pending

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue44475] Dataclass Causes Infinite Recursion when using type of bytes

[Eric V. Smith]

Eric V. Smith  added the comment:

Please give a complete example that we can execute.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue44475] Dataclass Causes Infinite Recursion when using type of bytes

[Karthikeyan Singaravelan]

Change by Karthikeyan Singaravelan :


--
nosy: +eric.smith

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue44475] Dataclass Causes Infinite Recursion when using type of bytes

[Andrew C]

New submission from Andrew C :

Hello,

When given a `Field` on a Dataclass, the `__repr__` throws an infinite 
recursive error when the data type is bytes.

In the `Field` class, the __repr__ is as follows:

```
def __repr__(self):
return (
'Field('
f'name={self.name!r},'
f'type={self.type!r},'
f'default={self.default!r},'
f'default_factory={self.default_factory!r},'
f'init={self.init!r},'
f'repr={self.repr!r},'
f'hash={self.hash!r},'
f'compare={self.compare!r},'
f'metadata={self.metadata!r},'
f'_field_type={self._field_type}'
')'
)
```

The issue is the f'type={self.type!r}, part of the code.

--
components: Windows
messages: 396250
nosy: andrewonboe, paul.moore, steve.dower, tim.golden, zach.ware
priority: normal
severity: normal
status: open
title: Dataclass Causes Infinite Recursion when using type of bytes
versions: Python 3.7, Python 3.8

___
Python tracker 
<https://bugs.python.org/issue44475>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue44022] urllib http client possible infinite loop on a 100 Continue response

[Ned Deily]

Ned Deily  added the comment:


New changeset 1b6f4e5e13ebd1f957b47f7415b53d0869bdbac6 by Miss Islington (bot) 
in branch '3.6':
bpo-44022: Improve the regression test. (GH-26503) (GH-26508)
https://github.com/python/cpython/commit/1b6f4e5e13ebd1f957b47f7415b53d0869bdbac6


--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue44022] urllib http client possible infinite loop on a 100 Continue response

[Ned Deily]

Ned Deily  added the comment:


New changeset fee96422e6f0056561cf74fef2012cc066c9db86 by Miss Islington (bot) 
in branch '3.7':
bpo-44022: Improve the regression test. (GH-26503) (GH-26507)
https://github.com/python/cpython/commit/fee96422e6f0056561cf74fef2012cc066c9db86


--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue44022] urllib http client possible infinite loop on a 100 Continue response

[miss-islington]

miss-islington  added the comment:


New changeset 5df4abd6b033a5f1e48945c6988b45e35e76f647 by Miss Islington (bot) 
in branch '3.9':
bpo-44022: Improve the regression test. (GH-26503)
https://github.com/python/cpython/commit/5df4abd6b033a5f1e48945c6988b45e35e76f647


--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue44022] urllib http client possible infinite loop on a 100 Continue response

[miss-islington]

miss-islington  added the comment:


New changeset 98e5a7975d99b58d511f171816ecdfb13d5cca18 by Miss Islington (bot) 
in branch '3.10':
bpo-44022: Improve the regression test. (GH-26503)
https://github.com/python/cpython/commit/98e5a7975d99b58d511f171816ecdfb13d5cca18


--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue44022] urllib http client possible infinite loop on a 100 Continue response

[miss-islington]

Change by miss-islington :


--
pull_requests: +25104
pull_request: https://github.com/python/cpython/pull/26508

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue44022] urllib http client possible infinite loop on a 100 Continue response

[Gregory P. Smith]

Gregory P. Smith  added the comment:


New changeset e60ab843cbb016fb6ff8b4f418641ac05a9b2fcc by Gregory P. Smith in 
branch 'main':
bpo-44022: Improve the regression test. (GH-26503)
https://github.com/python/cpython/commit/e60ab843cbb016fb6ff8b4f418641ac05a9b2fcc


--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue44022] urllib http client possible infinite loop on a 100 Continue response

[miss-islington]

Change by miss-islington :


--
pull_requests: +25103
pull_request: https://github.com/python/cpython/pull/26507

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue44022] urllib http client possible infinite loop on a 100 Continue response

[miss-islington]

Change by miss-islington :


--
pull_requests: +25102
pull_request: https://github.com/python/cpython/pull/26506

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue44022] urllib http client possible infinite loop on a 100 Continue response

[miss-islington]

Change by miss-islington :


--
pull_requests: +25100
pull_request: https://github.com/python/cpython/pull/26504

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue44022] urllib http client possible infinite loop on a 100 Continue response

[miss-islington]

Change by miss-islington :


--
pull_requests: +25101
pull_request: https://github.com/python/cpython/pull/26505

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue44022] urllib http client possible infinite loop on a 100 Continue response

[Gregory P. Smith]

Gregory P. Smith  added the comment:

Great catch!  The new PR should address that.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue44022] urllib http client possible infinite loop on a 100 Continue response

[Gregory P. Smith]

Change by Gregory P. Smith :


--
pull_requests: +25099
pull_request: https://github.com/python/cpython/pull/26503

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue44022] urllib http client possible infinite loop on a 100 Continue response

[Michał Górny]

Michał Górny  added the comment:

The test added for this bug is insufficient to verify the fix.  If I revert the 
Lib/http/client.py change, the test still passes.  This is because a subclass 
of client.HTTPException is still raised.

If I add an explicit begin() call to trigger the exception, then without the 
fix I get:

  File "/tmp/cpython/Lib/test/test_httplib.py", line 1189, in 
test_overflowing_header_limit_after_100
resp.begin()
  File "/tmp/cpython/Lib/http/client.py", line 308, in begin
version, status, reason = self._read_status()
  File "/tmp/cpython/Lib/http/client.py", line 277, in _read_status
raise RemoteDisconnected("Remote end closed connection without"
http.client.RemoteDisconnected: Remote end closed connection without response


With the fix, I get (correctly):

test test_httplib failed -- Traceback (most recent call last):
  File "/tmp/cpython/Lib/test/test_httplib.py", line 1189, in 
test_overflowing_header_limit_after_100
resp.begin()
  File "/tmp/cpython/Lib/http/client.py", line 321, in begin
skipped_headers = _read_headers(self.fp)
  File "/tmp/cpython/Lib/http/client.py", line 218, in _read_headers
raise HTTPException("got more than %d headers" % _MAXHEADERS)
http.client.HTTPException: got more than 100 headers


However, the test considers both exceptions to match.

--
nosy: +mgorny

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue38593] Python 3.7 does not catch infinite recursion for some values of sys.getrecursionlimit()

[Irit Katriel]

Irit Katriel  added the comment:

3.7 is no longer getting bugfixes.

--
nosy: +iritkatriel
resolution:  -> out of date
stage:  -> resolved
status: open -> closed

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue44022] urllib http client possible infinite loop on a 100 Continue response

[Łukasz Langa]

Change by Łukasz Langa :


--
Removed message: https://bugs.python.org/msg393236

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue44022] urllib http client possible infinite loop on a 100 Continue response

[guangli dong]

guangli dong  added the comment:

i am intersting in "stdlib security", do you has any recommended info about 
this topic?

what i know is "https://python-security.readthedocs.io; and "cve list".

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue44022] urllib http client possible infinite loop on a 100 Continue response

[Gregory P. Smith]

Gregory P. Smith  added the comment:

httplib.py is a Python 2 concept.  Python 2 is end of life.  bugs.python.org no 
longer tracks issues with its code.  I don't doubt that Python 2.7 has bugs.  
As a matter of policy, we don't care - 
https://www.python.org/doc/sunset-python-2/.  Python 3.6 as that is the oldest 
branch still open for security fixes.

The PRs associated with this issue fixed a codepath in Python 3 that only 
happened after a '100' response.  That codepath did not accumulate headers:

```
if status != CONTINUE:
break
# skip the header from the 100 response
while True:
skip = self.fp.readline(_MAXLINE + 1)
if len(skip) > _MAXLINE:
raise LineTooLong("header line")
skip = skip.strip()
if not skip:
break
```

CONTINUE = 100; meaning that loop only runs after receiving what appears to be 
a 100 continue response.  And it does not accumulate data.

There is no `hlist` in the original pre-fix Python 3.6+ code.  Nor any header 
accumulation caused by this the client.py talking to evil_server.py as 
described in this issues opening message.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue44022] urllib http client possible infinite loop on a 100 Continue response

[guangli dong]

guangli dong  added the comment:

@Gregory P. Smith

yes, i agree that there are many other ways to make "urllib" or "httplib" such 
http client hang, because "timeout" is not global read timeout, this "timeout" 
has effects when every "read socket" operation.

why you think it will not result in memory exhaustion?

the "hlist" list will not be more and more larger? i use "top" command to 
observe, and find the "client.py" process's memory is more and more larger 
slowly.
```
httplib.py

while True:
...
line = self.fp.readline(_MAXLINE + 1)
...
hlist.append(line)
```


the last, would you mind remove "100 Continue" in this bug title? i think it 
will maybe make others misunderstand that this bug only occur when response 
status code is "100".

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue44022] urllib http client possible infinite loop on a 100 Continue response

[Ned Deily]

Change by Ned Deily :


--
versions: +Python 3.10, Python 3.8, Python 3.9

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue44022] urllib http client possible infinite loop on a 100 Continue response

[Gregory P. Smith]

Gregory P. Smith  added the comment:

If anyone wants a CVE for it, that's up to them.  This bug is in the CPython 
http.client module which is what urllib uses for http/https.  I'd rate it low 
severity.  A malicious server can hold a http connection from this library open 
as a network traffic sink.  There are other ways to do that.  ex: Just use omit 
a content-length header in a server response and start streaming an infinite 
response.

The difference in this case being that since the data is thrown away, it isn't 
going to result in memory exhaustion and kill the unfortunate process as trying 
to read an infinite response would.  That's the primary DoS potential from my 
point of view.

--

___
Python tracker 
<https://bugs.python.org/issue44022>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue44022] urllib http client possible infinite loop on a 100 Continue response

[Ned Deily]

Change by Ned Deily :


--
stage: commit review -> resolved
versions: +Python 3.6, Python 3.7 -Python 3.10, Python 3.11, Python 3.8, Python 
3.9

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue44022] urllib http client possible infinite loop on a 100 Continue response

[Ned Deily]

Ned Deily  added the comment:


New changeset 078b146f062d212919d0ba25e34e658a8234aa63 by Miss Islington (bot) 
in branch '3.7':
bpo-44022: Fix http client infinite line reading (DoS) after a HTTP 100 
Continue (GH-25916) (GH-25934)
https://github.com/python/cpython/commit/078b146f062d212919d0ba25e34e658a8234aa63


--

___
Python tracker 
<https://bugs.python.org/issue44022>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue44022] urllib http client possible infinite loop on a 100 Continue response

[Ned Deily]

Ned Deily  added the comment:


New changeset f68d2d69f1da56c2aea1293ecf93ab69a6010ad7 by Miss Islington (bot) 
in branch '3.6':
bpo-44022: Fix http client infinite line reading (DoS) after a HTTP 100 
Continue (GH-25916) (GH-25935)
https://github.com/python/cpython/commit/f68d2d69f1da56c2aea1293ecf93ab69a6010ad7


--
nosy: +ned.deily

___
Python tracker 
<https://bugs.python.org/issue44022>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue44022] urllib http client possible infinite loop on a 100 Continue response

[guangli dong]

guangli dong  added the comment:

@Christian Heimes 

this bug is about "urllib" client library, the key point is not "http.server" 
module.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue44022] urllib http client possible infinite loop on a 100 Continue response

[Łukasz Langa]

Change by Łukasz Langa :


--
versions: +Python 3.8

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue44022] urllib http client possible infinite loop on a 100 Continue response

[Łukasz Langa]

Łukasz Langa  added the comment:


New changeset f396864ddfe914531b5856d7bf852808ebfc01ae by Miss Islington (bot) 
in branch '3.8':
bpo-44022: Fix http client infinite line reading (DoS) after a HTTP 100 
Continue (GH-25916) (#25933)
https://github.com/python/cpython/commit/f396864ddfe914531b5856d7bf852808ebfc01ae


--
nosy: +lukasz.langa

___
Python tracker 
<https://bugs.python.org/issue44022>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue44022] urllib http client possible infinite loop on a 100 Continue response

[Christian Heimes]

Christian Heimes  added the comment:

http.server is out of scope for CVEs. The module is not designed for 
security-sensitive usage and explicitly documented as insecure and not suitable 
for production use:

https://docs.python.org/3/library/http.server.html#module-http.server

> Warning: http.server is not recommended for production. It only implements 
> basic security checks.

--
nosy: +christian.heimes

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue44022] urllib http client possible infinite loop on a 100 Continue response

[guangli dong]

guangli dong  added the comment:

can you assign "cve" for this security bug?

i will review the patch later.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue44022] urllib http client possible infinite loop on a 100 Continue response

[Gregory P. Smith]

Gregory P. Smith  added the comment:


New changeset 60ba0b68470a584103e28958d91e93a6db37ec92 by Miss Islington (bot) 
in branch '3.10':
bpo-44022: Fix http client infinite line reading (DoS) after a HTTP 100 
Continue (GH-25916) (GH-25931)
https://github.com/python/cpython/commit/60ba0b68470a584103e28958d91e93a6db37ec92


--

___
Python tracker 
<https://bugs.python.org/issue44022>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue44022] urllib http client possible infinite loop on a 100 Continue response

[miss-islington]

miss-islington  added the comment:


New changeset ea9327036680acc92d9f89eaf6f6a54d2f8d78d9 by Miss Islington (bot) 
in branch '3.9':
bpo-44022: Fix http client infinite line reading (DoS) after a HTTP 100 
Continue (GH-25916)
https://github.com/python/cpython/commit/ea9327036680acc92d9f89eaf6f6a54d2f8d78d9


--

___
Python tracker 
<https://bugs.python.org/issue44022>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue44022] urllib http client possible infinite loop on a 100 Continue response

[Gregory P. Smith]

Gregory P. Smith  added the comment:

Thanks guangli dong (leveryd)!

This is in and the 3.10-3.6 PRs should automerge (thru 3.9) after the CI runs, 
or be merged by the release managers (3.6-3.8).

--
resolution:  -> fixed
stage: patch review -> commit review
status: open -> closed

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue44022] urllib http client possible infinite loop on a 100 Continue response

[miss-islington]

Change by miss-islington :


--
pull_requests: +24601
pull_request: https://github.com/python/cpython/pull/25934

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue44022] urllib http client possible infinite loop on a 100 Continue response

[miss-islington]

Change by miss-islington :


--
pull_requests: +24600
pull_request: https://github.com/python/cpython/pull/25933

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue44022] urllib http client possible infinite loop on a 100 Continue response

[miss-islington]

Change by miss-islington :


--
pull_requests: +24602
pull_request: https://github.com/python/cpython/pull/25935

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue44022] urllib http client possible infinite loop on a 100 Continue response

[miss-islington]

Change by miss-islington :


--
pull_requests: +24599
pull_request: https://github.com/python/cpython/pull/25932

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue44022] urllib http client possible infinite loop on a 100 Continue response

[miss-islington]

Change by miss-islington :


--
nosy: +miss-islington
nosy_count: 3.0 -> 4.0
pull_requests: +24598
pull_request: https://github.com/python/cpython/pull/25931

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue44022] urllib http client possible infinite loop on a 100 Continue response

[Gregory P. Smith]

Gregory P. Smith  added the comment:

The bug: Our http client can get stuck infinitely reading len(line) < 64k lines 
after receiving a '100 Continue' http response.  So yes, this could lead to our 
client being a bandwidth sink for anyone in control of a server.

Clear issue: That's a denial of network bandwidth and the denial of service in 
terms of CPU needed to process read and skip such lines.  The infinite lines 
are size bounded and are not buffered so there is no memory based DoS.

Maybe issue: If a the underlying socket has a timeout set on it, it can be used 
to prevent the timeout from triggering by sending a line more often than the 
timeout.  this is a denial of service by making a http client connection that 
an author may have assumed would timeout based on their 
socket.setdefaulttimeout() settings hang forever.

I expect there are plenty of other ways to accomplish the latter in our http 
client code though.  Ex: A regular response with a huge content length where 
one byte is transmitted occasionally could also effectively accomplish that.  
The stdlib http stack doesn't have its own overall http transaction timeout as 
a feature.

--

___
Python tracker 
<https://bugs.python.org/issue44022>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue44022] urllib http client possible infinite loop on a 100 Continue response

[Gregory P. Smith]

Change by Gregory P. Smith :


--
assignee:  -> gregory.p.smith
nosy: +gregory.p.smith
title: "urllib" will result to deny of service -> urllib http client possible 
infinite loop on a 100 Continue response
versions: +Python 3.10, Python 3.11, Python 3.9

___
Python tracker 
<https://bugs.python.org/issue44022>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue29842] Make Executor.map work with infinite/large inputs correctly

[Leonard Lausen]

Change by Leonard Lausen :


--
nosy: +leezu

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue43924] print unexpected values in infinite loop

[Steven D'Aprano]

Steven D'Aprano  added the comment:

I'm closing this as "Works for me".

rafihassan190041234, if you still think it is a bug in the language, rather 
than a bug in your code or a mistake in your understanding, you can re-open 
this with more details. As Zach already commented, you need to give us an 
explanation of:

- what you expected the code to do;

- why you expected that;

- what it actually did instead;

- your environment (did you run this in an IDE, the plain Python interactive 
interpreter, from a script, something else?);

- and your operating system.

--
nosy: +steven.daprano
resolution:  -> works for me
stage:  -> resolved
status: open -> closed

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue43924] print unexpected values in infinite loop

[Zachary Ware]

New submission from Zachary Ware :

Without a description, it is impossible to tell what you're trying to report.  
You'll need to provide some details, such as what you're trying to do, what you 
expected to happen, what actually happened, and how you ran the code to get 
that result.

As is, I don't see anything wrong here.

--
nosy: +zach.ware
type:  -> behavior

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue43924] print unexpected values in infinite loop

[Rafi Hassan Chowdhury]

Change by Rafi Hassan Chowdhury :


Added file: https://bugs.python.org/file49978/main.py

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue43924] print unexpected values in infinite loop

[Rafi Hassan Chowdhury]

Change by Rafi Hassan Chowdhury :


Removed file: https://bugs.python.org/file49977/main.py

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com