Andrei Kulakov <andrei....@gmail.com> added the comment:

According to this: 
https://stackoverflow.com/questions/19852/maximum-length-of-a-mime-content-type-header-field

(with links to RFCs 4288 and 6838), this header should not be longer than 255 
chars.

To fix this issue while maximizing backwards compatibility, I propose to do:
- if content-type > 255 AND count of ';' is > 127 => raise 
HeaderParseError('Appears to be a spam header: length > 255 and large number of 
`;`'

Choosing 127 to be conservatively high, can be adjusted to 20-30 to make 
processing even faster.

----------
nosy: +andrei.avk

_______________________________________
Python tracker <rep...@bugs.python.org>
<https://bugs.python.org/issue42909>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

Reply via email to