Message 171245 - Python tracker

➜

This issue tracker has been migrated to GitHub , and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

In-reply-to
Author	christian.heimes
Recipients	christian.heimes
Date	2012年09月25日.10:40:09
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1348569609.82.0.499861906556.issue16042@psf.upfronthosting.co.za>

Content
This bug is similar to #16037 and a modified copy of #16038. The smtplib module doesn't limit the amount of read data in its call to readline(). An erroneous or malicious SMTP server can trick the smtplib module to consume large amounts of memory. Suggestion: The smtplib module should be modified to use limited readline() with _MAXLINE like the httplib module.

Content

This bug is similar to #16037 and a modified copy of #16038.
The smtplib module doesn't limit the amount of read data in its call to readline(). An erroneous or malicious SMTP server can trick the smtplib module to consume large amounts of memory.
Suggestion:
The smtplib module should be modified to use limited readline() with _MAXLINE like the httplib module.

History
Date	User	Action	Args
2012年09月25日 10:40:09	christian.heimes	set	recipients: + christian.heimes
2012年09月25日 10:40:09	christian.heimes	set	messageid: <1348569609.82.0.499861906556.issue16042@psf.upfronthosting.co.za>
2012年09月25日 10:40:09	christian.heimes	link	issue16042 messages
2012年09月25日 10:40:09	christian.heimes	create

homepage