Author martin.panter
Recipients Arfrever, christian.heimes, eric.araujo, martin.panter, nadeem.vawda, nikratio, pitrou, serhiy.storchaka, vstinner
Date 2015-01-08.14:38:35
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1420727917.23.0.932195199195.issue15955@psf.upfronthosting.co.za>
In-reply-to
Content
It turns out that GzipFile.read(<size>) etc is also susceptible to decompression bombing. Here is a patch to test and fix that, making use of the existing “max_length” parameter in the “zlib” module.
History
Date User Action Args
2015-01-08 14:38:37martin.pantersetrecipients: + martin.panter, pitrou, vstinner, christian.heimes, nadeem.vawda, eric.araujo, Arfrever, nikratio, serhiy.storchaka
2015-01-08 14:38:37martin.pantersetmessageid: <1420727917.23.0.932195199195.issue15955@psf.upfronthosting.co.za>
2015-01-08 14:38:37martin.panterlinkissue15955 messages
2015-01-08 14:38:37martin.pantercreate