| |
@@ -0,0 +1,85 @@
|
| |
+ From d24304f014c2207365f691e60c868e0877ab5aa9 Mon Sep 17 00:00:00 2001
|
| |
+ From: "Miss Islington (bot)"
|
| |
+ <31488909+miss-islington@users.noreply.github.com>
|
| |
+ Date: Tue, 18 Sep 2018 06:14:13 -0700
|
| |
+ Subject: [PATCH 1/2] bpo-34623: Use XML_SetHashSalt in _elementtree (GH-9146)
|
| |
+
|
| |
+ The C accelerated _elementtree module now initializes hash randomization
|
| |
+ salt from _Py_HashSecret instead of libexpat's default CPRNG.
|
| |
+
|
| |
+ Signed-off-by: Christian Heimes <christian@python.org>
|
| |
+
|
| |
+ https://bugs.python.org/issue34623
|
| |
+ (cherry picked from commit cb5778f00ce48631c7140f33ba242496aaf7102b)
|
| |
+
|
| |
+ Co-authored-by: Christian Heimes <christian@python.org>
|
| |
+ ---
|
| |
+ Include/pyexpat.h | 4 +++-
|
| |
+ .../next/Security/2018-09-10-16-05-39.bpo-34623.Ua9jMv.rst | 2 ++
|
| |
+ Modules/_elementtree.c | 5 +++++
|
| |
+ Modules/pyexpat.c | 5 +++++
|
| |
+ 4 files changed, 15 insertions(+), 1 deletion(-)
|
| |
+ create mode 100644 Misc/NEWS.d/next/Security/2018-09-10-16-05-39.bpo-34623.Ua9jMv.rst
|
| |
+
|
| |
+ diff --git a/Include/pyexpat.h b/Include/pyexpat.h
|
| |
+ index 44259bf6d716..07020b5dc964 100644
|
| |
+ --- a/Include/pyexpat.h
|
| |
+ +++ b/Include/pyexpat.h
|
| |
+ @@ -3,7 +3,7 @@
|
| |
+
|
| |
+ /* note: you must import expat.h before importing this module! */
|
| |
+
|
| |
+ -#define PyExpat_CAPI_MAGIC "pyexpat.expat_CAPI 1.0"
|
| |
+ +#define PyExpat_CAPI_MAGIC "pyexpat.expat_CAPI 1.1"
|
| |
+ #define PyExpat_CAPSULE_NAME "pyexpat.expat_CAPI"
|
| |
+
|
| |
+ struct PyExpat_CAPI
|
| |
+ @@ -48,6 +48,8 @@ struct PyExpat_CAPI
|
| |
+ enum XML_Status (*SetEncoding)(XML_Parser parser, const XML_Char *encoding);
|
| |
+ int (*DefaultUnknownEncodingHandler)(
|
| |
+ void *encodingHandlerData, const XML_Char *name, XML_Encoding *info);
|
| |
+ + /* might be none for expat < 2.1.0 */
|
| |
+ + int (*SetHashSalt)(XML_Parser parser, unsigned long hash_salt);
|
| |
+ /* always add new stuff to the end! */
|
| |
+ };
|
| |
+
|
| |
+ diff --git a/Misc/NEWS.d/next/Security/2018-09-10-16-05-39.bpo-34623.Ua9jMv.rst b/Misc/NEWS.d/next/Security/2018-09-10-16-05-39.bpo-34623.Ua9jMv.rst
|
| |
+ new file mode 100644
|
| |
+ index 000000000000..31ad92ef8582
|
| |
+ --- /dev/null
|
| |
+ +++ b/Misc/NEWS.d/next/Security/2018-09-10-16-05-39.bpo-34623.Ua9jMv.rst
|
| |
+ @@ -0,0 +1,2 @@
|
| |
+ +The C accelerated _elementtree module now initializes hash randomization
|
| |
+ +salt from _Py_HashSecret instead of libexpat's default CSPRNG.
|
| |
+ diff --git a/Modules/_elementtree.c b/Modules/_elementtree.c
|
| |
+ index cf819e896c3e..cb6db7707bb6 100644
|
| |
+ --- a/Modules/_elementtree.c
|
| |
+ +++ b/Modules/_elementtree.c
|
| |
+ @@ -3259,6 +3259,11 @@ xmlparser_init(PyObject *self, PyObject *args, PyObject *kwds)
|
| |
+ PyErr_NoMemory();
|
| |
+ return -1;
|
| |
+ }
|
| |
+ + /* expat < 2.1.0 has no XML_SetHashSalt() */
|
| |
+ + if (EXPAT(SetHashSalt) != NULL) {
|
| |
+ + EXPAT(SetHashSalt)(self_xp->parser,
|
| |
+ + (unsigned long)_Py_HashSecret.expat.hashsalt);
|
| |
+ + }
|
| |
+
|
| |
+ if (target) {
|
| |
+ Py_INCREF(target);
|
| |
+ diff --git a/Modules/pyexpat.c b/Modules/pyexpat.c
|
| |
+ index 53d34459d152..824c49ba1efa 100644
|
| |
+ --- a/Modules/pyexpat.c
|
| |
+ +++ b/Modules/pyexpat.c
|
| |
+ @@ -1857,6 +1857,11 @@ MODULE_INITFUNC(void)
|
| |
+ capi.SetStartDoctypeDeclHandler = XML_SetStartDoctypeDeclHandler;
|
| |
+ capi.SetEncoding = XML_SetEncoding;
|
| |
+ capi.DefaultUnknownEncodingHandler = PyUnknownEncodingHandler;
|
| |
+ +#if XML_COMBINED_VERSION >= 20100
|
| |
+ + capi.SetHashSalt = XML_SetHashSalt;
|
| |
+ +#else
|
| |
+ + capi.SetHashSalt = NULL;
|
| |
+ +#endif
|
| |
+
|
| |
+ /* export using capsule */
|
| |
+ capi_object = PyCapsule_New(&capi, PyExpat_CAPSULE_NAME, NULL);
|
| |