Ross Lagerwall <[email protected]> added the comment:
Attached is a unit test which tests the issue.
Unfortunately, since it uses the resource module to limit memory to a workable
size, it will only work on Unix.
The given patch appears to fix the issue well.
I think this should be taken as a security issue (even if a rather odd one)
since a malicious http server could be set up in place of the normal one and
crash any http python clients that connect to it.
Eg:
Run: dd if=/dev/zero bs=10M count=1000 | nc -l 8888
And then:
import httplib
h = httplib.HTTPConnection('localhost', 8888)
h.connect()
h.request('GET', '/')
r = h.getresponse()
This should cause python to use up all the memory available.
----------
nosy: +rosslagerwall
Added file: http://bugs.python.org/file20048/i6791_unittest.patch
_______________________________________
Python tracker <[email protected]>
<http://bugs.python.org/issue6791>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe:
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
