[issue14234] CVE-2012-0876 (hash table collisions CPU usage DoS) for embedded copy of expat
Gregory P. Smith
report at bugs.python.org
Wed Mar 14 21:13:14 CET 2012
Gregory P. Smith <greg at krypto.org> added the comment:
Replacing the generate_hash_secret_salt function with one containing assert(0) shows that it still gets called so there are apparently still ways that initialize parsers that do not call XML_SetHashSalt using the Python hash prefix.
./python Lib/test/test_xml_etree_c.pypython: /XXX/cpython/3.1/Modules/expat/xmlparse.c:687: generate_hash_secret_salt: Assertion `0' failed.
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue14234>
_______________________________________
More information about the Python-bugs-list
mailing list