Message 128914 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	socketpair
Recipients	socketpair
Date	2011-02-20.16:40:01
SpamBayes Score	0.012760989
Marked as misclassified	No
Message-id	<1298220002.68.0.352394054223.issue11259@psf.upfronthosting.co.za>
In-reply-to

Content
asynchat does not check if terminator is negative integer. so constructions like self.ac_in_buffer[:n] will lead to misbehaviour. When that integer goes from net, attack can be crafted. For example, on Content-Length field.

asynchat does not check if terminator is negative integer. so constructions like self.ac_in_buffer[:n] will lead to misbehaviour.

When that integer goes from net, attack can be crafted. For example, on Content-Length field.

History
Date	User	Action	Args
2011-02-20 16:40:02	socketpair	set	recipients: + socketpair
2011-02-20 16:40:02	socketpair	set	messageid: <1298220002.68.0.352394054223.issue11259@psf.upfronthosting.co.za>
2011-02-20 16:40:01	socketpair	link	issue11259 messages
2011-02-20 16:40:01	socketpair	create