commit 470a435f3b42c9be5fdb7f7b04f3df5663ba7305
author Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com> Tue Sep 18 06:11:09 2018 -0700
committer GitHub <noreply@github.com> Tue Sep 18 06:11:09 2018 -0700
tree 4b9b2acd8f5230ff4f5bdc2ddc0f28e64fe9b0e5
parent 45452b738b7f94221a94e903fb5975222fbb7a8f

bpo-34623: Use XML_SetHashSalt in _elementtree (GH-9146)


The C accelerated _elementtree module now initializes hash randomization
salt from _Py_HashSecret instead of libexpat's default CPRNG.

Signed-off-by: Christian Heimes <christian@python.org>

https://bugs.python.org/issue34623
(cherry picked from commit cb5778f00ce48631c7140f33ba242496aaf7102b)

Co-authored-by: Christian Heimes <christian@python.org>

Modules/_elementtree.c

diff --git a/Modules/_elementtree.c b/Modules/_elementtree.c
index 1dfdb3c..4b86f96 100644
--- a/Modules/_elementtree.c
+++ b/Modules/_elementtree.c
@@ -3305,6 +3305,11 @@
         PyErr_NoMemory();
         return -1;
     }
+    /* expat < 2.1.0 has no XML_SetHashSalt() */
+    if (EXPAT(SetHashSalt) != NULL) {
+        EXPAT(SetHashSalt)(self->parser,
+                           (unsigned long)_Py_HashSecret.expat.hashsalt);
+    }
 
     if (target) {
         Py_INCREF(target);

Modules/pyexpat.c

diff --git a/Modules/pyexpat.c b/Modules/pyexpat.c
index c8a01d4..c52079e 100644
--- a/Modules/pyexpat.c
+++ b/Modules/pyexpat.c
@@ -1877,6 +1877,11 @@
     capi.SetStartDoctypeDeclHandler = XML_SetStartDoctypeDeclHandler;
     capi.SetEncoding = XML_SetEncoding;
     capi.DefaultUnknownEncodingHandler = PyUnknownEncodingHandler;
+#if XML_COMBINED_VERSION >= 20100
+    capi.SetHashSalt = XML_SetHashSalt;
+#else
+    capi.SetHashSalt = NULL;
+#endif
 
     /* export using capsule */
     capi_object = PyCapsule_New(&capi, PyExpat_CAPSULE_NAME, NULL);