Message 283508 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	serhiy.storchaka
Recipients	christian.heimes, martin.panter, python-dev, serhiy.storchaka, xdegaye, xiang.zhang, zach.ware
Date	2016-12-17.19:30:35
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1482003035.93.0.530686009876.issue28971@psf.upfronthosting.co.za>
In-reply-to

Content
If sender sends a lot of empty lines and file is not None, LF or CRLF is stripped from lines, and len(line) is 0. Every empty line increases the size of the lines list by 4 or 8 bytes. Since count is not changed, the loop is not bounded. Every LF byte sent by malicious sender increases memory consumption by 4 or 8 bytes.

If sender sends a lot of empty lines and file is not None, LF or CRLF is stripped from lines, and len(line) is 0. Every empty line increases the size of the lines list by 4 or 8 bytes. Since count is not changed, the loop is not bounded. Every LF byte sent by malicious sender increases memory consumption by 4 or 8 bytes.

History
Date	User	Action	Args
2016-12-17 19:30:35	serhiy.storchaka	set	recipients: + serhiy.storchaka, christian.heimes, xdegaye, python-dev, martin.panter, zach.ware, xiang.zhang
2016-12-17 19:30:35	serhiy.storchaka	set	messageid: <1482003035.93.0.530686009876.issue28971@psf.upfronthosting.co.za>
2016-12-17 19:30:35	serhiy.storchaka	link	issue28971 messages
2016-12-17 19:30:35	serhiy.storchaka	create