[Twisted-Python] maintenance release - a security issue and a regression
Angelo Dell'Aera
angelo.dellaera at gmail.com
Thu Jan 31 07:07:25 MST 2013
On Wed, 30 Jan 2013 23:32:34 +0100
Angelo Dell'Aera <angelo.dellaera at gmail.com> wrote:
> On Wed, 30 Jan 2013 11:04:36 -0800
> Glyph <glyph at twistedmatrix.com> wrote:
>
> > Any volunteers for parts of this process?
>
> I'm not familiar with Twisted patching process and for this reason
> I'm just attaching a small patch here for #6245 because I'd like to
> discuss about the approach. If correct I will move on in the process
> (hopefully in the right way)
>
> The patch simply tries to encode the name argument properly if
> unicode. This is the same approach used by ralphm but applied to Name
> class initialization so it should be really generic.
>
> Just about a doubt about how to handle an exception potentially
> raised during the name encoding. Any idea?
>
> Ciao.
>
> PS Attached a simple test code which forces the name to resolve to be
> unicode. It fails against 12.3.0 while it is correclty executed after
> patching.
I read documentation about Twisted testing and tested if the suggested patch
introduces some regressions in the existing code
buffer at saiph ~/Twisted-12.3.0/twisted $ trial twisted.names
[..]
Ran 271 tests in 0.425s
PASSED (successes=271)
which seems like it's not happening.
Obviously this is not exhaustive because seems like there are no specific tests
for that code path (name is always passed as byte) but I can try writing some
additional ones if needed.
Ciao,
--
Angelo Dell'Aera 'buffer'
Antifork Research, Inc. http://buffer.antifork.org
Sysenter Honeynet Project http://www.sysenter-honeynet.org
More information about the Twisted-Python
mailing list