[3.13] gh-119451: Fix a potential denial of service in http.client (GH-119454) (#142139)
gh-119451: Fix a potential denial of service in http.client (GH-119454)
Reading the whole body of the HTTP response could cause OOM if
the Content-Length value is too large even if the server does not send
a large amount of data. Now the HTTP client reads large data by chunks,
therefore the amount of consumed memory is proportional to the amount
of sent data.
(cherry picked from commit
5a4c4a033a4a54481be6870aa1896fad732555b5)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
Origin: upstream, https://github.com/python/cpython/commit/
289f29b0fe38baf2d7cb5854f4bb573cc34a6a15
Gbp-Pq: Name CVE-2025-13836.patch
projects / python3.9.git / commit