Message 292556 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	corona10
Recipients	corona10, giampaolo.rodola
Date	2017-04-29.02:58:35
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1493434716.14.0.785750556243.issue30119@psf.upfronthosting.co.za>
In-reply-to

Content
One of the purposes of the JDK patch is to prevent '\ r' and '\ n' from being inserted into the ftp command. In particular, it seems to assume that if another malice command is inserted after '\ n', the possibility of such an attack will be opened at a later time. IMO, I think that we can block '\ r \ n' and '\ n' at the same time by blocking only '\ n'. Although '\ r' allows

One of the purposes of the JDK patch is to prevent '\ r' and '\ n' from being inserted into the ftp command. In particular, it seems to assume that if another malice command is inserted after '\ n', the possibility of such an attack will be opened at a later time.
IMO, I think that we can block '\ r \ n' and '\ n' at the same time by blocking only '\ n'. Although '\ r' allows

History
Date	User	Action	Args
2017-04-29 02:58:36	corona10	set	recipients: + corona10, giampaolo.rodola
2017-04-29 02:58:36	corona10	set	messageid: <1493434716.14.0.785750556243.issue30119@psf.upfronthosting.co.za>
2017-04-29 02:58:36	corona10	link	issue30119 messages
2017-04-29 02:58:35	corona10	create