Message128914
asynchat does not check if terminator is negative integer. so constructions like self.ac_in_buffer[:n] will lead to misbehaviour.
When that integer goes from net, attack can be crafted. For example, on Content-Length field. |
|
Date |
User |
Action |
Args |
2011-02-20 16:40:02 | socketpair | set | recipients:
+ socketpair |
2011-02-20 16:40:02 | socketpair | set | messageid: <1298220002.68.0.352394054223.issue11259@psf.upfronthosting.co.za> |
2011-02-20 16:40:01 | socketpair | link | issue11259 messages |
2011-02-20 16:40:01 | socketpair | create | |
|