Message236659
| Author |
martin.panter |
| Recipients |
martin.panter, nikratio |
| Date |
2015年02月26日.10:22:05 |
| SpamBayes Score |
-1.0 |
| Marked as misclassified |
Yes |
| Message-id |
<1424946126.98.0.486244279604.issue23528@psf.upfronthosting.co.za> |
| In-reply-to |
| Content |
This is a patch I originally posted at Issue 15955, but am moving it to a separate issue so there is less confusion. GzipFile.read(<size>) etc is susceptible to decompression bombing. My patch tests and fixes that, making use of the existing "max_length" parameter in the "zlib" module.
The rest of Issue 15955 is about enhancing the bzip and LZMA modules to support limited decompression, but since the zlib module can already limit the decompressed data, I think this gzip patch should be considered as a bug fix rather than enhancement, e.g. the fix for Issue 16043 (gzip decoding for XML RPC module) assumed GzipFile.read(<size>) is limited. |
|
History
|
|---|
| Date |
User |
Action |
Args |
| 2015年02月26日 10:22:07 | martin.panter | set | recipients:
+ martin.panter, nikratio |
| 2015年02月26日 10:22:06 | martin.panter | set | messageid: <1424946126.98.0.486244279604.issue23528@psf.upfronthosting.co.za> |
| 2015年02月26日 10:22:06 | martin.panter | link | issue23528 messages |
| 2015年02月26日 10:22:06 | martin.panter | create |
|