Message236659
This is a patch I originally posted at Issue 15955, but am moving it to a separate issue so there is less confusion. GzipFile.read(<size>) etc is susceptible to decompression bombing. My patch tests and fixes that, making use of the existing “max_length” parameter in the “zlib” module.
The rest of Issue 15955 is about enhancing the bzip and LZMA modules to support limited decompression, but since the zlib module can already limit the decompressed data, I think this gzip patch should be considered as a bug fix rather than enhancement, e.g. the fix for Issue 16043 (gzip decoding for XML RPC module) assumed GzipFile.read(<size>) is limited. |
|
Date |
User |
Action |
Args |
2015-02-26 10:22:07 | martin.panter | set | recipients:
+ martin.panter, nikratio |
2015-02-26 10:22:06 | martin.panter | set | messageid: <1424946126.98.0.486244279604.issue23528@psf.upfronthosting.co.za> |
2015-02-26 10:22:06 | martin.panter | link | issue23528 messages |
2015-02-26 10:22:06 | martin.panter | create | |
|