Author xdegaye
Recipients christian.heimes, martin.panter, serhiy.storchaka, xdegaye, zach.ware
Date 2016-12-15.12:51:34
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1481806294.67.0.0055580177102.issue28971@psf.upfronthosting.co.za>
In-reply-to
Content
It seems that the comment placed above the definition of _MAXLINE in the nntplib module is not correct:
    "RFC 3977 limits NNTP line length to 512 characters, including CRLF. We have selected 2048 just to be on the safe side."
The 512 characters limit in RFC 3977 only applies to command lines and to the initial line of a response.

RC 3977 says instead:
    "This document does not place any limit on the length of a line in a multi-line block.  However, the standards that define the format of articles may do so."

So I think _MAXLINE should have a large value (64 K ?) and its semantic is that a line whose length is above that value is considered by nntplib as a Dos attack (and not a protocol violation). In that case nntplib should behave in consequence and prevent any further reads from that connection (either by closing the connection or raising an exception on each of these attempts). IMHO this should be handled in the same issue because it is one single problem, and this may possibly be handled in two different changesets.
History
Date User Action Args
2016-12-15 12:51:34xdegayesetrecipients: + xdegaye, christian.heimes, martin.panter, zach.ware, serhiy.storchaka
2016-12-15 12:51:34xdegayesetmessageid: <1481806294.67.0.0055580177102.issue28971@psf.upfronthosting.co.za>
2016-12-15 12:51:34xdegayelinkissue28971 messages
2016-12-15 12:51:34xdegayecreate