[New-bugs-announce] [issue19619] Blacklist base64, hex, ... codecs from bytes.decode() and str.encode()
STINNER Victor
report at bugs.python.org
Sat Nov 16 01:47:09 CET 2013
New submission from STINNER Victor:
I propose to add new input_type and output_type to CodecInfo. These attributes would only be defined for base64, hex, ... codecs which are not the classic encode: str=>bytes, decode: bytes=>str codecs.
I also propose to modify str.encode() and bytes.encode() to only accept codecs using the right types. If the type doesn't match, the codec raises a LookupError.
This issue should avoid the denial of service attack when a compression codec is used, see:
https://mail.python.org/pipermail/python-dev/2013-November/130188.html
----------
messages: 202996
nosy: haypo, lemburg, ncoghlan, serhiy.storchaka
priority: normal
severity: normal
status: open
title: Blacklist base64, hex, ... codecs from bytes.decode() and str.encode()
versions: Python 3.4
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue19619>
_______________________________________
More information about the New-bugs-announce
mailing list