Author martin.panter
Recipients martin.panter, orange, vstinner
Date 2017-11-26.01:00:28
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1511658028.71.0.213398074469.issue32085@psf.upfronthosting.co.za>
In-reply-to
Content
The square □ in the strings represents a space.

Issue 1 (CRLF in HTTP request path): it looks like the %0D%0A would have to be decoded by an earlier step in the chain to "http://127.0.0.1:25/\r\nHELO . . .". This becomes like the header injection I mentioned in Issue 30458.

Issue 2 (CRLF in HTTPS host): it seems this doesn’t work in Python as a side effect of Issue 22928 blocking generation of the Host field. But if you add a space you bypass that: "https://host%0D%0A%20SLAVEOF . . .:6379".
History
Date User Action Args
2017-11-26 01:00:28martin.pantersetrecipients: + martin.panter, vstinner, orange
2017-11-26 01:00:28martin.pantersetmessageid: <1511658028.71.0.213398074469.issue32085@psf.upfronthosting.co.za>
2017-11-26 01:00:28martin.panterlinkissue32085 messages
2017-11-26 01:00:28martin.pantercreate