Author webknjaz
Recipients eric.snow, jaraco, mcepl, ned.deily, orsenthil, tburke, webknjaz, xtreak
Date 2019-09-18.13:05:57
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1568811958.21.0.186820161295.issue36274@roundup.psfhosted.org>
In-reply-to
Content
@xtreak the encoded null-byte test would be an extra test case to consider. It is reasonable to test as many known invalid sequences as possible. Changing that byte to encoded notation would just replace one test with another effectively changing the semantics of it.

To me, it's quite weird that it's considered a CVE at all: it's happening on the client side and it doesn't prevent the user from just feeding the proper bytes right into the socket so why overcomplicate things?
History
Date User Action Args
2019-09-18 13:05:58webknjazsetrecipients: + webknjaz, jaraco, orsenthil, ned.deily, mcepl, eric.snow, tburke, xtreak
2019-09-18 13:05:58webknjazsetmessageid: <1568811958.21.0.186820161295.issue36274@roundup.psfhosted.org>
2019-09-18 13:05:58webknjazlinkissue36274 messages
2019-09-18 13:05:57webknjazcreate