On Mon, Sep 29, 2008 at 12:02 PM, Giampaolo Rodola' <gnewsg at gmail.com> wrote: > On 27 Set, 20:04, "Josiah Carlson" <josiah.carl... at gmail.com> wrote: >> On Sat, Sep 27, 2008 at 8:54 AM, Victor Stinner >> >> <victor.stin... at haypocalc.com> wrote: >> > Second, I would like to help to fix all Python security issues. It looks like >> > Python community isn't very reactive (proactive?) about security. Eg. a DoS >> > was reported in smtpd server (integrated to Python)... 15 months ago. A patch >> > is available but it's not applied in Python trunk. >> >> The smtpd module is not meant to be used without modification. It is >> the responsibility of the application writer to decide the limitations >> of the emails they want to allow sending, and subsequently handle the >> case where emails overrun that limit. > > The issue does not concern the emails but the buffer used internally > to store the received raw data sent by client. > The user who wants to fix the issue (#1745035) should override the > collect_incoming_data method which is usually not meant to be > modified. > Moreover, there are two RFCs which state that extremely long lines > must be truncated and an error reply must be returned. We can and should discuss the specifics of this item in the bug report itself. I should have replied there instead. - Josiah
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4