[issue23528] Limit decompressed data when reading from GzipFile

2015-04-10 Thread Antoine Pitrou 

Changes by Antoine Pitrou pit...@free.fr:


--
resolution:  - duplicate
stage: patch review - resolved
status: open - closed
superseder:  - Limit decompressed data when reading from LZMAFile and BZ2File

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue23528
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue23528] Limit decompressed data when reading from GzipFile

2015-02-28 Thread Arfrever Frehtes Taifersar Arahesis 

Changes by Arfrever Frehtes Taifersar Arahesis arfrever@gmail.com:


--
nosy: +Arfrever

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue23528
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue23528] Limit decompressed data when reading from GzipFile

2015-02-27 Thread Martin Panter 

Martin Panter added the comment:

Perhaps we should move the discussion of a common base class to Issue 23529. I 
only opened this as a separate issue because I thought it might be appropriate 
as a bug fix for 3.4.

--

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue23528
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue23528] Limit decompressed data when reading from GzipFile

2015-02-26 Thread Antoine Pitrou 

Changes by Antoine Pitrou pit...@free.fr:


--
nosy: +pitrou

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue23528
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue23528] Limit decompressed data when reading from GzipFile

2015-02-26 Thread Nikolaus Rath 

Nikolaus Rath added the comment:

Especially now that this is only going to go into 3.5, I think it makes more 
sense to handle GzipFile, LZMAFile and BZ2File all in one go. Looking at the 
code, otherwise there's going to be a lot of duplication.

How about introducing a base class 'CompressedFile' that defines most of the 
logic that's currently in LZMAFile (including the max_size patch from issue 
23529), and having {LZMA,BZ2,Gzip}File all inherit from that base?

BZ2File and LZMAFile would probably only need to define their own constructor 
to instantiate the proper compressor/decompressor object.

GzipFile would need to additionally overwrite read() and write() in order to 
handle the CRC and gzip header. But I think both methods could still be written 
to call super().read/write().

Did I miss something?

--

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue23528
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue23528] Limit decompressed data when reading from GzipFile

2015-02-26 Thread Martin Panter 

New submission from Martin Panter:

This is a patch I originally posted at Issue 15955, but am moving it to a 
separate issue so there is less confusion. GzipFile.read(size) etc is 
susceptible to decompression bombing. My patch tests and fixes that, making use 
of the existing “max_length” parameter in the “zlib” module.

The rest of Issue 15955 is about enhancing the bzip and LZMA modules to support 
limited decompression, but since the zlib module can already limit the 
decompressed data, I think this gzip patch should be considered as a bug fix 
rather than enhancement, e.g. the fix for Issue 16043 (gzip decoding for XML 
RPC module) assumed GzipFile.read(size) is limited.

--
components: Library (Lib)
files: gzip-bomb.patch
keywords: patch
messages: 236659
nosy: nikratio, vadmium
priority: normal
severity: normal
status: open
title: Limit decompressed data when reading from GzipFile
type: behavior
versions: Python 3.4, Python 3.5
Added file: http://bugs.python.org/file38243/gzip-bomb.patch

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue23528
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue23528] Limit decompressed data when reading from GzipFile

2015-02-26 Thread Martin Panter 

Changes by Martin Panter vadmium...@gmail.com:


--
type: behavior - resource usage

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue23528
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue23528] Limit decompressed data when reading from GzipFile

2015-02-26 Thread Serhiy Storchaka 

Changes by Serhiy Storchaka storch...@gmail.com:


--
nosy: +serhiy.storchaka

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue23528
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue23528] Limit decompressed data when reading from GzipFile

2015-02-26 Thread Antoine Pitrou 

Changes by Antoine Pitrou pit...@free.fr:


--
stage:  - patch review
versions:  -Python 3.4

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue23528
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com