Message 352725 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	webknjaz
Recipients	eric.snow, jaraco, mcepl, ned.deily, orsenthil, tburke, webknjaz, xtreak
Date	2019-09-18.13:05:57
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1568811958.21.0.186820161295.issue36274@roundup.psfhosted.org>
In-reply-to

Content
@xtreak the encoded null-byte test would be an extra test case to consider. It is reasonable to test as many known invalid sequences as possible. Changing that byte to encoded notation would just replace one test with another effectively changing the semantics of it. To me, it's quite weird that it's considered a CVE at all: it's happening on the client side and it doesn't prevent the user from just feeding the proper bytes right into the socket so why overcomplicate things?

@xtreak the encoded null-byte test would be an extra test case to consider. It is reasonable to test as many known invalid sequences as possible. Changing that byte to encoded notation would just replace one test with another effectively changing the semantics of it.

To me, it's quite weird that it's considered a CVE at all: it's happening on the client side and it doesn't prevent the user from just feeding the proper bytes right into the socket so why overcomplicate things?

History
Date	User	Action	Args
2019-09-18 13:05:58	webknjaz	set	recipients: + webknjaz, jaraco, orsenthil, ned.deily, mcepl, eric.snow, tburke, xtreak
2019-09-18 13:05:58	webknjaz	set	messageid: <1568811958.21.0.186820161295.issue36274@roundup.psfhosted.org>
2019-09-18 13:05:58	webknjaz	link	issue36274 messages
2019-09-18 13:05:57	webknjaz	create