[Python-ideas] Updated PEP 428 (pathlib)
Charles-François Natali
cf.natali at gmail.com
Wed Mar 6 18:08:52 CET 2013
>>>> fnmatch.fnmatch('a'*50, '*a*'*50) # weird how the pattern/string order is reversed from re.match
>
> That will take about 200 years to complete with CPython. Maybe a
> little less, if you're running a particularly fast computer. ;)
>
> Is that the sort of DoS issue you are looking for?
Exactly (the complexity of a typical ad-hoc fnmatch() implementation
is the reason some servers like vsftpd use their own version, and it's
even worse with a regex-based implementation as you notice).
Now, the question is whether we want to try to mitigate this or not...
More information about the Python-ideas
mailing list