Message 294360 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	orange
Recipients	orange
Date	2017-05-24.15:01:31
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1495638091.75.0.96439752743.issue30458@psf.upfronthosting.co.za>
In-reply-to

Content
Hi, the patch in CVE-2016-5699 can be broke by an addition space. http://www.cvedetails.com/cve/CVE-2016-5699/ https://hg.python.org/cpython/rev/bf3e1c9b80e9 https://hg.python.org/cpython/rev/1c45047c5102 import urllib, urllib2 urllib.urlopen('http://127.0.0.1\r\n\x20hihi\r\n :11211') urllib2.urlopen('http://127.0.0.1\r\n\x20hihi\r\n :11211')

Hi, the patch in CVE-2016-5699 can be broke by an addition space.
http://www.cvedetails.com/cve/CVE-2016-5699/
https://hg.python.org/cpython/rev/bf3e1c9b80e9
https://hg.python.org/cpython/rev/1c45047c5102

import urllib, urllib2

urllib.urlopen('http://127.0.0.1\r\n\x20hihi\r\n :11211')
urllib2.urlopen('http://127.0.0.1\r\n\x20hihi\r\n :11211')

History
Date	User	Action	Args
2017-05-24 15:01:31	orange	set	recipients: + orange
2017-05-24 15:01:31	orange	set	messageid: <1495638091.75.0.96439752743.issue30458@psf.upfronthosting.co.za>
2017-05-24 15:01:31	orange	link	issue30458 messages
2017-05-24 15:01:31	orange	create