gh-143241: Fix infinite loop DoS in zoneinfo._common.load_data

fatihhcelik · fatihhcelik · commit be2125409679 · 2025-12-28T15:20:27.000+03:00
diff --git a/Lib/test/test_zoneinfo/test_zoneinfo.py b/Lib/test/test_zoneinfo/test_zoneinfo.py
@@ -252,6 +252,8 @@ def test_bad_zones(self):
         bad_zones = [
             b"",  # Empty file
             b"AAAA3" + b" " * 15,  # Bad magic
+            # Truncated V2 file (infinite loop DoS)
+            b"TZif2" + (b"\x00" * 39) + b"TZif2" + (b"\x00" * 39) + b"\n" + b"Part",
         ]
 
         for bad_zone in bad_zones:
diff --git a/Lib/zoneinfo/_common.py b/Lib/zoneinfo/_common.py
@@ -119,8 +119,10 @@ def get_abbr(idx):
         assert c == b"\n", c
 
         tz_bytes = b""
-        while (c := fobj.read(1)) != b"\n":
-            tz_bytes += c
+        line = fobj.readline()
+        if not line.endswith(b"\n"):
+            raise ValueError("Invalid TZif file: unexpected end of file")
+        tz_bytes = line.rstrip(b"\n")
 
         tz_str = tz_bytes
     else:

Original file line number	Diff line number	Diff line change
`@@ -252,6 +252,8 @@ def test_bad_zones(self):`
`252`	`252`	`bad_zones = [`
`253`	`253`	`b"", # Empty file`
`254`	`254`	`b"AAAA3" + b" " * 15, # Bad magic`
	`255`	`+ # Truncated V2 file (infinite loop DoS)`
	`256`	`+ b"TZif2" + (b"\x00" * 39) + b"TZif2" + (b"\x00" * 39) + b"\n" + b"Part",`
`255`	`257`	`]`
`256`	`258`
`257`	`259`	`for bad_zone in bad_zones:`