From 3497f9c4e82153ac22c7f622a70f3d9120a8f0ee Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=89ric=20Araujo?= Date: Fri, 30 Dec 2022 15:30:46 -0500 Subject: [PATCH] add doc missing in some places for gh-95778 --- Misc/python.man | 9 +++++++++ Python/initconfig.c | 2 ++ 2 files changed, 11 insertions(+) diff --git a/Misc/python.man b/Misc/python.man index 1705eeb0c9c126..bf7cf767d164a6 100644 --- a/Misc/python.man +++ b/Misc/python.man @@ -358,6 +358,10 @@ Set implementation-specific option. The following options are available: -X frozen_modules=[on|off]: whether or not frozen modules should be used. The default is "on" (or "off" if you are running a local build). + -X int_max_str_digits=number: limit the size of int<->str conversions. + This helps avoid denial of service attacks when parsing untrusted data. + The default is sys.int_info.default_max_str_digits. 0 disables. + .TP .B \-x Skip the first line of the source. This is intended for a DOS @@ -531,6 +535,11 @@ values. The integer must be a decimal number in the range [0,4294967295]. Specifying the value 0 will disable hash randomization. +.IP PYTHONINTMAXSTRDIGITS +Limit the maximum digit characters in an int value +when converting from a string and when converting an int back to a str. +A value of 0 disables the limit. Conversions to or from bases 2, 4, 8, +16, and 32 are never limited. .IP PYTHONMALLOC Set the Python memory allocators and/or install debug hooks. The available memory allocators are diff --git a/Python/initconfig.c b/Python/initconfig.c index 64ae987b3f34d9..360254791a25f3 100644 --- a/Python/initconfig.c +++ b/Python/initconfig.c @@ -173,6 +173,8 @@ static const char usage_envvars[] = "PYTHONDEBUG : enable parser debug mode (-d)\n" "PYTHONDONTWRITEBYTECODE : don't write .pyc files (-B)\n" "PYTHONINSPECT : inspect interactively after running script (-i)\n" +"PYTHONINTMAXSTRDIGITS : limit max digit characters in an int value\n" +" (-X int_max_str_digits=number)\n" "PYTHONNOUSERSITE : disable user site directory (-s)\n" "PYTHONOPTIMIZE : enable level 1 optimizations (-O)\n" "PYTHONUNBUFFERED : disable stdout/stderr buffering (-u)\n"