Message124138
On Thu, Dec 16, 2010 at 02:02:10PM +0000, Antoine Pitrou wrote:
> I don't think you understood the issue here. Calling readline() without
> a maximum length means the process memory potentially explodes, if the
> server sends gigabytes of data without a single "\n".
Yeah, I seem to have misunderstood the issue. Even if the response wa
s an *invalid* one but it was huge data without \n, the readline call
would just explode.
- reading chunked response is doing a readline call too.
Both this need to be addressed by having a limit on reading.
I thought readline() is being called only when parsing headers which
should almost always have CRLF (or at least LF) and thought valid
responses always start with headers. |
|
Date |
User |
Action |
Args |
2010-12-16 17:06:23 | orsenthil | set | recipients:
+ orsenthil, pitrou, vstinner, m.sucajtys, rosslagerwall |
2010-12-16 17:06:15 | orsenthil | link | issue6791 messages |
2010-12-16 17:06:15 | orsenthil | create | |
|