[New-bugs-announce] [issue16038] ftplib: unlimited readline() from connection
Christian Heimes
report at bugs.python.org
Tue Sep 25 12:32:55 CEST 2012
New submission from Christian Heimes:
This bug is similar to #16037.
The ftplib module doesn't limit the amount of read data in its call to readline(). An erroneous or malicious FTP server can trick the ftplib module to consume large amounts of memory.
Suggestion:
The ftplib module should be modified to use limited readline() with _MAXLINE like the httplib module.
----------
components: Library (Lib)
messages: 171241
nosy: christian.heimes
priority: normal
severity: normal
status: open
title: ftplib: unlimited readline() from connection
type: resource usage
versions: Python 2.7, Python 3.2, Python 3.3
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue16038>
_______________________________________
More information about the New-bugs-announce
mailing list