On 2/14/19 7:13 AM, Pascal Christen wrote:
>
> Ok I got it. I've just reviewed the patch
> (https://launchpadlibrarian.net/379908276/patch.txt) for CVE-2018-13796
> and found that line:
>
> + longest = max([len(x) for x in list_names()])
>
>
> So at every request it gets ALL lists and saves the length of the
> longest list into "longest". This works well if you have 1 list, but
> what if you have about 10'000? Not very well guys :D
>
> Currently I have no smart idea how to rewrite the patch. Can you think
> of something?
Thank you for your analysis. I will try to come up with something better
than the current patch. I suspect that part of the issue is with a large
number of lists, Mailman's lists/ directory itself occupies several file
system blocks and the list_names() function, which the patch calls
twice, takes a long time, both in listing the names in the lists/
directory and then checking each name for a subordinate config.pck file.
We can cut that in half by replacing
# Get the longest listname or 20 if none.
if list_names():
longest = max([len(x) for x in list_names()])
else:
longest = 20
with
# Get the longest listname or 20 if none.
l_names = list_names()
if l_names:
longest = max([len(x) for x in l_names])
else:
longest = 20
That may help.
--
Mark Sapiro <m...@msapiro.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
------------------------------------------------------
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe:
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
