Message 298802 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	serhiy.storchaka
Recipients	christian.heimes, corona10, ecbftw, giampaolo.rodola, martin.panter, serhiy.storchaka, supl, vstinner
Date	2017-07-21.11:46:53
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1500637614.0.0.100526786079.issue29606@psf.upfronthosting.co.za>
In-reply-to

Content
What is wrong with an URL containing '\n'? I suppose that when format a request with a text protocol, embedded '\n' can split the request line on two lines and inject a new command. The most robust way would be to check whether the formatted line contains '\n', '\r', '\0' or other illegal characters.

What is wrong with an URL containing '\n'? I suppose that when format a request with a text protocol, embedded '\n' can split the request line on two lines and inject a new command. The most robust way would be to check whether the formatted line contains '\n', '\r', '\0' or other illegal characters.

History
Date	User	Action	Args
2017-07-21 11:46:54	serhiy.storchaka	set	recipients: + serhiy.storchaka, vstinner, giampaolo.rodola, christian.heimes, martin.panter, ecbftw, supl, corona10
2017-07-21 11:46:53	serhiy.storchaka	set	messageid: <1500637614.0.0.100526786079.issue29606@psf.upfronthosting.co.za>
2017-07-21 11:46:53	serhiy.storchaka	link	issue29606 messages
2017-07-21 11:46:53	serhiy.storchaka	create