Message200144
Here is a patch for 3.3+.
Other versions are affected too. They don't raise SystemError, but produce illegal unicode string on wide build.
E.g. in Python 2.7:
>>> 'a+/,+IKw-b'.decode('utf-7', 'replace')
u'a\ufffd\U003f20acb'
\U003f20ac is illegal code.
As encoding and encoded data can come from external source, this can be used in secure attacks. |
|
Date |
User |
Action |
Args |
2013-10-17 16:29:57 | serhiy.storchaka | set | recipients:
+ serhiy.storchaka, barry, georg.brandl, ncoghlan, vstinner, larry, benjamin.peterson, ezio.melotti, mrabarnett, glebourgeois |
2013-10-17 16:29:57 | serhiy.storchaka | set | messageid: <1382027397.52.0.585251334128.issue19279@psf.upfronthosting.co.za> |
2013-10-17 16:29:57 | serhiy.storchaka | link | issue19279 messages |
2013-10-17 16:29:57 | serhiy.storchaka | create | |
|