Message 187534 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	nikratio
Recipients	Arfrever, christian.heimes, eric.araujo, nadeem.vawda, nikratio, pitrou, serhiy.storchaka
Date	2013-04-21.23:04:35
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1366585475.05.0.848948505443.issue15955@psf.upfronthosting.co.za>
In-reply-to

Content
The lack of output size limiting has security implications as well. Without being able to limit the size of the uncompressed data returned per call, it is not possible to decompress untrusted lzma or bz2 data without becoming susceptible to a DoS attack, as the attacker can force allocation of gigantic buffers by sending just a tiny amount of compressed data.

The lack of output size limiting has security implications as well.

Without being able to limit the size of the uncompressed data returned per call, it is not possible to decompress untrusted lzma or bz2 data without becoming susceptible to a DoS attack, as the attacker can force allocation of gigantic buffers by sending just a tiny amount of compressed data.

History
Date	User	Action	Args
2013-04-21 23:04:35	nikratio	set	recipients: + nikratio, pitrou, christian.heimes, nadeem.vawda, eric.araujo, Arfrever, serhiy.storchaka
2013-04-21 23:04:35	nikratio	set	messageid: <1366585475.05.0.848948505443.issue15955@psf.upfronthosting.co.za>
2013-04-21 23:04:35	nikratio	link	issue15955 messages
2013-04-21 23:04:35	nikratio	create