Author corona10
Recipients corona10, giampaolo.rodola
Date 2017-04-29.02:58:35
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1493434716.14.0.785750556243.issue30119@psf.upfronthosting.co.za>
In-reply-to
Content
One of the purposes of the JDK patch is to prevent '\ r' and '\ n' from being inserted into the ftp command. In particular, it seems to assume that if another malice command is inserted after '\ n', the possibility of such an attack will be opened at a later time.
IMO, I think that we can block '\ r \ n' and '\ n' at the same time by blocking only '\ n'. Although '\ r' allows
History
Date User Action Args
2017-04-29 02:58:36corona10setrecipients: + corona10, giampaolo.rodola
2017-04-29 02:58:36corona10setmessageid: <1493434716.14.0.785750556243.issue30119@psf.upfronthosting.co.za>
2017-04-29 02:58:36corona10linkissue30119 messages
2017-04-29 02:58:35corona10create