Message233661
It turns out that GzipFile.read(<size>) etc is also susceptible to decompression bombing. Here is a patch to test and fix that, making use of the existing “max_length” parameter in the “zlib” module. |
|
Date |
User |
Action |
Args |
2015-01-08 14:38:37 | martin.panter | set | recipients:
+ martin.panter, pitrou, vstinner, christian.heimes, nadeem.vawda, eric.araujo, Arfrever, nikratio, serhiy.storchaka |
2015-01-08 14:38:37 | martin.panter | set | messageid: <1420727917.23.0.932195199195.issue15955@psf.upfronthosting.co.za> |
2015-01-08 14:38:37 | martin.panter | link | issue15955 messages |
2015-01-08 14:38:37 | martin.panter | create | |
|