[3.11] gh-98433: Fix quadratic time idna decoding. (GH-99092) #99222
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
There was an unnecessary quadratic loop in idna decoding. This restores the behavior to linear. This also adds an early length check in IDNA decoding to outright reject huge inputs early on given the ultimate result is defined to be 63 or fewer characters. (cherry picked from commit d315722) Co-authored-by: Gregory P. Smith <greg@krypto.org>
2 tasks
bedevere-bot
added
type-bug
gpshead
added
needs backport to 3.7
needs backport to 3.9
While I don't think anyone should have reasonable code depending on unbounded strings full of Nothing characters to silently be removed during idna decoding... this is the conservative choice for a bugfix backport.
gpshead
approved these changes
Nov 8, 2022
|
I went with the conservative choice of not adding the upfront length check in the backports. The quadratic algorithm fix remains. Manually inspecting Lib/encoding/punycode.py codec implementation, that looked to me like an O(NlogN) algorithm at worse for decoding, so not really a denial of service concern itself. If anyone disagrees, feel free to open a new issue with a demonstration. |
|
i'm using the no-not-merge label to prevent automerge so i can manually edit the commit message. |
|
Thanks @miss-islington for the PR, and @gpshead for merging it 🌮🎉.. I'm working now to backport this PR to: 3.7, 3.8, 3.9, 3.10. |
|
GH-99229 is a backport of this pull request to the 3.10 branch. |
|
GH-99230 is a backport of this pull request to the 3.9 branch. |
miss-islington
added a commit
to miss-islington/cpython
that referenced
this pull request
Nov 8, 2022
) (pythonGH-99222) There was an unnecessary quadratic loop in idna decoding. This restores the behavior to linear. (cherry picked from commit d315722) (cherry picked from commit a6f6c3a) Co-authored-by: Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com> Co-authored-by: Gregory P. Smith <greg@krypto.org>
|
GH-99231 is a backport of this pull request to the 3.8 branch. |
|
GH-99232 is a backport of this pull request to the 3.7 branch. |
miss-islington
added a commit
to miss-islington/cpython
that referenced
this pull request
Nov 8, 2022
) (pythonGH-99222) There was an unnecessary quadratic loop in idna decoding. This restores the behavior to linear. (cherry picked from commit d315722) (cherry picked from commit a6f6c3a) Co-authored-by: Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com> Co-authored-by: Gregory P. Smith <greg@krypto.org>
|
GH-99229 is a backport of this pull request to the 3.10 branch. |
|
GH-99230 is a backport of this pull request to the 3.9 branch. |
miss-islington
added a commit
to miss-islington/cpython
that referenced
this pull request
Nov 8, 2022
) (pythonGH-99222) There was an unnecessary quadratic loop in idna decoding. This restores the behavior to linear. (cherry picked from commit d315722) (cherry picked from commit a6f6c3a) Co-authored-by: Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com> Co-authored-by: Gregory P. Smith <greg@krypto.org>
|
GH-99231 is a backport of this pull request to the 3.8 branch. |
|
GH-99232 is a backport of this pull request to the 3.7 branch. |
miss-islington
added a commit
that referenced
this pull request
Nov 8, 2022
There was an unnecessary quadratic loop in idna decoding. This restores the behavior to linear. (cherry picked from commit d315722) (cherry picked from commit a6f6c3a) Co-authored-by: Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com> Co-authored-by: Gregory P. Smith <greg@krypto.org>
ambv
pushed a commit
that referenced
this pull request
Nov 10, 2022
… (GH-99231) There was an unnecessary quadratic loop in idna decoding. This restores the behavior to linear. (cherry picked from commit d315722) (cherry picked from commit a6f6c3a) Co-authored-by: Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com> Co-authored-by: Gregory P. Smith <greg@krypto.org>
ambv
pushed a commit
that referenced
this pull request
Nov 10, 2022
… (#99230) There was an unnecessary quadratic loop in idna decoding. This restores the behavior to linear. (cherry picked from commit d315722) (cherry picked from commit a6f6c3a) Co-authored-by: Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com> Co-authored-by: Gregory P. Smith <greg@krypto.org>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was an unnecessary quadratic loop in idna decoding. This restores
the behavior to linear.
(cherry picked from commit d315722)
Co-authored-by: Gregory P. Smith greg@krypto.org