Message 200144 - Python tracker

➜

This issue tracker has been migrated to GitHub , and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

In-reply-to
Author	serhiy.storchaka
Recipients	barry, benjamin.peterson, ezio.melotti, georg.brandl, glebourgeois, larry, mrabarnett, ncoghlan, serhiy.storchaka, vstinner
Date	2013年10月17日.16:29:56
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1382027397.52.0.585251334128.issue19279@psf.upfronthosting.co.za>

Content
Here is a patch for 3.3+. Other versions are affected too. They don't raise SystemError, but produce illegal unicode string on wide build. E.g. in Python 2.7: >>> 'a+/,+IKw-b'.decode('utf-7', 'replace') u'a\ufffd\U003f20acb' \U003f20ac is illegal code. As encoding and encoded data can come from external source, this can be used in secure attacks.

Content

Here is a patch for 3.3+.
Other versions are affected too. They don't raise SystemError, but produce illegal unicode string on wide build.
E.g. in Python 2.7:
>>> 'a+/,+IKw-b'.decode('utf-7', 'replace')
u'a\ufffd\U003f20acb'
\U003f20ac is illegal code.
As encoding and encoded data can come from external source, this can be used in secure attacks.

History
Date	User	Action	Args
2013年10月17日 16:29:57	serhiy.storchaka	set	recipients: + serhiy.storchaka, barry, georg.brandl, ncoghlan, vstinner, larry, benjamin.peterson, ezio.melotti, mrabarnett, glebourgeois
2013年10月17日 16:29:57	serhiy.storchaka	set	messageid: <1382027397.52.0.585251334128.issue19279@psf.upfronthosting.co.za>
2013年10月17日 16:29:57	serhiy.storchaka	link	issue19279 messages
2013年10月17日 16:29:57	serhiy.storchaka	create

homepage