[Twisted-Python] ANN: Twisted 1.0.6 (includes security fixes)
Andrew Dalke
dalke at dalkescientific.com
Tue Jul 1 11:52:07 MDT 2003
Itamar Shtull-Trauring:
> IMPORTANT: This release includes security updates to twisted.web.
> It is strongly recommended that you upgrade to this version of
> Twisted.
>
> What's New in 1.0.6
> ===================
>
> - Security fixes for twisted.web.
Was the out-of-memory denial of service attack fixed?
http://www.twistedmatrix.com/pipermail/twisted-python/2003-June/
004462.html
Looking at the code, it looks like I can still keep adding headers
until the machine exhausts memory
def headerReceived(self, line):
"""Do pre-processing (for content-length) and store this header
away.
"""
header, data = line.split(':', 1)
header = header.lower()
data = data.strip()
if header == 'content-length':
self.length = int(data)
self.requests[-1].received_headers[header] = data
Andrew
dalke at dalkescientific.com
More information about the Twisted-Python
mailing list