[issue17980] CVE-2013-2099 ssl.match_hostname() trips over crafted wildcard names

Changes by Bohuslav "Slavek" Kabrda : -- nosy: +bkabrda ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: http://

[issue17996] socket module should expose AF_LINK

Changes by Antoine Pitrou : -- nosy: +neologix ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.pyth

[issue9566] Compilation warnings under x64 Windows

Terry J. Reedy added the comment: Just a note: Today I got warnings for 4 or 5 files when compiling with VC express (32 bit) on 64-bit Win 7. -- ___ Python tracker ___ _

[issue17996] socket module should expose AF_LINK

New submission from Giampaolo Rodola': I bumped into this while exposing getifaddrs() [1] in psutil: https://code.google.com/p/psutil/issues/detail?id=376 In that case AF_LINK would be useful to distinguish MAC addresses (see also: http://carnivore.it/2010/07/22/python_-_getifaddrs). [1] http:

[issue17980] CVE-2013-2099 ssl.match_hostname() trips over crafted wildcard names

Christian Heimes added the comment: Are multiple wildcards per fragment even specified? I'm unable to find information if the wildcard is supposed to be a greedy or a non-greedy match. By the way Chromium does more fancy checks. For example it requires * to match at least on character and it d

[issue9566] Compilation warnings under x64 Windows

Changes by Ezio Melotti : -- nosy: +terry.reedy priority: low -> normal stage: -> patch review versions: +Python 3.3, Python 3.4 -Python 3.2 ___ Python tracker ___ __

[issue17870] Python does not provide PyLong_FromIntMax_t() or PyLong_FromUintMax_t() function

STINNER Victor added the comment: Oh, the sqlite3 module has an interesting function: PyObject * _pysqlite_long_from_int64(sqlite_int64 value) { #ifdef HAVE_LONG_LONG # if SIZEOF_LONG_LONG < 8 if (value > PY_LLONG_MAX || value < PY_LLONG_MIN) { return _PyLong_FromByteArray(&value, si

[issue17981] SysLogHandler closes connection before using it

Roundup Robot added the comment: New changeset d91da96a55bf by Vinay Sajip in branch '2.7': Issue #17981: Closed socket on error in SysLogHandler. http://hg.python.org/cpython/rev/d91da96a55bf New changeset 590b865aa73c by Vinay Sajip in branch '3.3': Issue #17981: Closed socket on error in SysL

[issue17952] editors-and-tools section of devguide does not appear to be accurate

Ned Deily added the comment: Thanks for the report. To resolve Issue17820, the target of the link in setup#editors-and-tools was changed from the "Key Resources" section to the "Additional Resources" section. However, because the "setup" page itself was not modified, it was not automatically

[issue17742] Add _PyBytesWriter API

STINNER Victor added the comment: _PyBytesWriter API makes the code slower and does not really reduce the number of lines, so I'm closing this issue as invalid. -- resolution: -> invalid status: open -> closed ___ Python tracker

[issue17931] PyLong_FromPid() is not correctly defined on Windows 64-bit

STINNER Victor added the comment: Oh, I just noticed the following check in pyport.h: #if SIZEOF_PID_T > SIZEOF_LONG # error "Python doesn't support sizeof(pid_t) > sizeof(long)" #endif I don't understand this test, longobject.h contains: #elif defined(SIZEOF_LONG_LONG) && SIZEOF_PID_T == SI

[issue17952] editors-and-tools section of devguide does not appear to be accurate

Roundup Robot added the comment: New changeset 3d523f0c0a9d by Ned Deily in branch 'default': Add comment about avoiding --enable-shared for uninstalled builds. This should also cause the resources ref link in the Editors and Tools section to be updated (Issue17952). http://hg.python.org/devgu

[issue17917] use PyModule_AddIntMacro() instead of PyModule_AddIntConstant() when applicable

STINNER Victor added the comment: ins_macro-2.diff looks good to me, go ahead! -- ___ Python tracker ___ ___ Python-bugs-list mailing

[issue17931] PyLong_FromPid() is not correctly defined on Windows 64-bit

Antoine Pitrou added the comment: Sounds fine to me, but perhaps better test the patch before committing? (or wait for the buildbots to crash) -- ___ Python tracker ___ _

[issue17931] PyLong_FromPid() is not correctly defined on Windows 64-bit

STINNER Victor added the comment: @Antoine (author of the commit fixing #1983): any opinion? -- nosy: +pitrou ___ Python tracker ___ _

[issue17700] Update Curses HOWTO for 3.4

STINNER Victor added the comment: > Applied to 3.3 and 3.4. I'll leave this issue open > for a week so that Victor can comment on Unicode/wide-characters. I don't know (n)curses, but I tried to improve the curses module of Python. I added an encoding attribute which is the locale encoding by d

[issue15758] FileIO.readall() has worst case O(n^2) complexity

Antoine Pitrou added the comment: I posted a couple of review comments. -- ___ Python tracker ___ ___ Python-bugs-list mailing list Un

[issue17980] CVE-2013-2099 ssl.match_hostname() trips over crafted wildcard names

Gregory P. Smith added the comment: Indeed, doing this _without a regexp_ is preferred. :) -- nosy: +gregory.p.smith ___ Python tracker ___ __

[issue17964] os.sysconf(): return type of the C function sysconf() is long, not int

STINNER Victor added the comment: The bug does also exist in Python 2.7, 3.2 and 3.3, but I prefer to not fix it in these versions because I'm not 100% sure that the return type is long on all platforms and because nobody noticed the issue since years. So if I broke something, I prefer to only

[issue1662581] the re module can perform poorly: O(2**n) versus O(n**2)

Gregory P. Smith added the comment: The recommendation for anyone using regular expressions on hostile input is to (a) don't do that. (b) use a better regexp without this possible behavior and (c) use something like re2 (there's a Python binding at https://github.com/axiak/pyre2) which is a re

[issue17964] os.sysconf(): return type of the C function sysconf() is long, not int

Roundup Robot added the comment: New changeset 7c60cf756097 by Victor Stinner in branch 'default': Issue #17964: Fix os.sysconf(): the return type of the C sysconf() function http://hg.python.org/cpython/rev/7c60cf756097 -- nosy: +python-dev ___ Pytho

[issue17980] CVE-2013-2099 ssl.match_hostname() trips over crafted wildcard names

Changes by STINNER Victor : -- nosy: +haypo ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.

[issue17981] SysLogHandler closes connection before using it

Richard Oudkerk added the comment: Rather than self.sock = None I would do self.sock.close() which should work better for non-refcounted Pythons. Of course it would be better to do this immediately after forking (i.e. before any more fds are created), otherwise you could still accid

[issue17545] os.listdir and os.path.join inconsistent on empty path

W. Owen Parry added the comment: I started working on a patch for this, but the more I think about it the less I am convinced it is wanted. The issue requests that os.listdir('') be equal to os.listdir('.') The given example of os.path.join doesn't follow this: >>> os.path.join('','aaa') 'aaa

[issue17980] CVE-2013-2099 ssl.match_hostname() trips over crafted wildcard names

Georg Brandl added the comment: It's certainly a security fix, but probably not one that warrants an immediate release. If you commit it to the 3.2 branch, that's fine, it will get picked up by coming releases. -- ___ Python tracker

[issue17981] SysLogHandler closes connection before using it

Vinay Sajip added the comment: > The old socket's destructor closes the fd of the new socket. Aha! Nice one. But what's the correct fix? I suppose a self.sock = None before every self.sock = socket.socket call would fix seem this, and while I can certainly make this change in SysLogHandler, i

[issue17980] CVE-2013-2099 ssl.match_hostname() trips over crafted wildcard names

Antoine Pitrou added the comment: Here is a patch allowing at most 2 wildcards per domain fragment. Georg, do you think this should go into 3.2? -- keywords: +patch nosy: +georg.brandl Added file: http://bugs.python.org/file30288/ssl_wildcard_dos.patch _

[issue17980] CVE-2013-2099 ssl.match_hostname() trips over crafted wildcard names

Antoine Pitrou added the comment: > Wildcard matching can easily be done in worst-case linear time, but > not with regexps. doctest.py's internal _ellipsis_match() shows one > way to do it (doctest can use "..." as a wildcard marker). Thanks, this may be a nice enhancement for 3.4. For 3.2 and

[issue17981] SysLogHandler closes connection before using it

Richard Oudkerk added the comment: The line sock = socket.socket(socket.AF_UNIX, socket.SOCK_DGRAM) overwrites the old broken socket with a new one with the same fd. The old socket's destructor closes the fd of the new socket. -- nosy: +sbt __

[issue17980] CVE-2013-2099 ssl.match_hostname() trips over crafted wildcard names

Christian Heimes added the comment: We could use an algorithm that doesn't need regexp for most cases. pseudo code: value = value.lower() hostname = hostname.lower() if '*' not in value: return value == hostname vparts = valuesplit(".") hparts = hostname.split(".") if len(vparts) != len(hp

[issue17928] PowerLinux getargs.c FETCH_SIZE endianness bug

jan matejek added the comment: hmm, but it's caused by a private patch claiming that _testcapimodule.c is PY_SSIZE_T_CLEAN. sorry for the noise. -- ___ Python tracker ___ __

[issue17943] AttributeError: 'long' object has no attribute 'release' in Queue.put()

Georg Brandl added the comment: We've now found a wrongful section in C code releasing the GIL in spite of calling Python malloc functions, and I'm going to blame this failure on that. -- resolution: -> rejected status: open -> closed ___ Python tra

[issue17732] distutils.cfg Can Break venv

Georg Brandl added the comment: Thanks for the attribution, that was definitely an oversight on my part. -- ___ Python tracker ___ ___

[issue17928] PowerLinux getargs.c FETCH_SIZE endianness bug

jan matejek added the comment: The fix causes regression on my 64bit little-endian machine. It seems that while parsing the arguments, the length value overwrites part of the string pointer. -- nosy: +matejcik ___ Python tracker

[issue17995] report，中　高　层　管　理　技　能158766

Changes by Fred L. Drake, Jr. : -- resolution: -> rejected status: open -> closed ___ Python tracker ___ ___ Python-bugs-list mailing

[issue17980] CVE-2013-2099 ssl.match_hostname() trips over crafted wildcard names

Tim Peters added the comment: Wildcard matching can easily be done in worst-case linear time, but not with regexps. doctest.py's internal _ellipsis_match() shows one way to do it (doctest can use "..." as a wildcard marker). -- nosy: +tim_one ___ P

[issue17995] report，中　高　层　管　理　技　能158766

New submission from Nobody/Anonymous: report，您好！ $$ 158766中 坚 力 量 6 堂 课158766 5月18-19日 北 京 05月25-26日 上 海 6月08-09日 深 圳 　热　线　电　话　：　４　０　０　７　０　５　０　５　１　９ $

[issue17981] SysLogHandler closes connection before using it

Vinay Sajip added the comment: We'll try this with a simple script which doesn't use logging at all: import os import socket MSG1 = '<14>Hi, \x00' MSG2 = '<14>there!\x00' sock = socket.socket(socket.AF_UNIX, socket.SOCK_DGRAM) sock.connect('/dev/log') sock.send(MSG1) os.close(sock.fileno()) #

[issue17222] py_compile.compile() explicitly sets st_mode for written files

Antoine Pitrou added the comment: > > Ah, right. Well, there would be an argument not to use os.replace() in > > py_compile, since it's an offline processing step which generally > > shouldn't race with another (online) processing step. > > But I think that's not necessarily true. > > http://

[issue17732] distutils.cfg Can Break venv

Roundup Robot added the comment: New changeset d62f71bd2192 by Brian Curtin in branch '3.3': Add Nick Sloan for his contribution to #17732 http://hg.python.org/cpython/rev/d62f71bd2192 -- ___ Python tracker ___

[issue17981] SysLogHandler closes connection before using it

Vinay Sajip added the comment: I see what you're saying now, but there's no explicit close in logging, so it's coming from somewhere lower down. Let's examine what happens when we try to emit the record: -> def emit(self, record): (Pdb) > /usr/lib/python2.7/logging/handlers.py(791)emit() -> m

[issue17222] py_compile.compile() explicitly sets st_mode for written files

Barry A. Warsaw added the comment: Antoine says: > Ah, right. Well, there would be an argument not to use os.replace() in > py_compile, since it's an offline processing step which generally > shouldn't race with another (online) processing step. But I think that's not necessarily true. http:

[issue17222] py_compile.compile() explicitly sets st_mode for written files

Changes by Barry A. Warsaw : -- nosy: +barry ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python

[issue17980] CVE-2013-2099 ssl.match_hostname() trips over crafted wildcard names

Changes by Jeffrey C. Jacobs : -- nosy: +timehorse ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.

[issue15758] FileIO.readall() has worst case O(n^2) complexity

Changes by Richard Oudkerk : Removed file: http://bugs.python.org/file26986/readall-benchmark.py ___ Python tracker ___ ___ Python-bugs-list m

[issue15758] FileIO.readall() has worst case O(n^2) complexity

Richard Oudkerk added the comment: I have done an updated patch. It no longer special cases Windows, so realloc() is always used for enlarging the buffer (except when fstat() is missing). Antoine, do you think this is ready to commit? -- Added file: http://bugs.python.org/file30287/re

[issue17994] Change necessary in platform.py to support IronPython

Changes by Antoine Pitrou : -- nosy: +dino.viehland ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail

[issue17994] Change necessary in platform.py to support IronPython

Changes by Brian Curtin : -- nosy: +brian.curtin stage: -> test needed type: -> behavior ___ Python tracker ___ ___ Python-bugs-list

[issue17994] Change necessary in platform.py to support IronPython

New submission from Ian Cordasco: Stemming from a StackOverflow question[1] and a conversation with Marc-Andre Lemburg via email, I'm filing this issue without any easy way of confirming it myself. It seems that the logic in platform.python_implementation() has been obsoleted by a change made

[issue8604] Adding an atomic FS write API

Barry A. Warsaw added the comment: Of course, I have my own atomic-rename thing, but I'm not going to post the code here. It's fairly limited to my own use case and I have no interest in making it cross platform. That being said, I personally found that a context manager with a signature ide

[issue17989] ElementTree.Element broken attribute setting

Changes by Arfrever Frehtes Taifersar Arahesis : -- nosy: +Arfrever versions: +Python 3.4 ___ Python tracker ___ ___ Python-bugs-list

[issue17988] ElementTree.Element != ElementTree._ElementInterface

Changes by Arfrever Frehtes Taifersar Arahesis : -- nosy: +Arfrever ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscri

[issue17914] add os.cpu_count()

Giampaolo Rodola' added the comment: +1 for returning None. I haven't looked into patches but if needed feel free to borrow some code from psutil: Linux: https://code.google.com/p/psutil/source/browse/psutil/_pslinux.py?spec=svn30f3c67322f99ab30ed87205245dc8394f89f0ac&r=c970f35bc9640ac32eb9f09d

[issue17980] CVE-2013-2099 ssl.match_hostname() trips over crafted wildcard names

Antoine Pitrou added the comment: In GnuTLS, _gnutls_hostname_compare() (lib/gnutls_str.c) uses a trivial recursive approach with a maximum number of 5 wildcards. -- ___ Python tracker

[issue17206] Py_XDECREF() expands its argument multiple times

Amaury Forgeot d'Arc added the comment: The last patch (17206-3.diff) has tests for the 4 macros, and looks good to me. -- ___ Python tracker ___

[issue17992] test_asynchat hangs

Roundup Robot added the comment: New changeset 3ee61b048173 by Giampaolo Rodola' in branch 'default': Issue #17992: Add timeouts to asyncore and asynchat tests so that they won't accidentally hang. http://hg.python.org/cpython/rev/3ee61b048173 -- nosy: +python-dev _

[issue17992] test_asynchat hangs

Carlos Nepomuceno added the comment: Ok! Thanks a lot! -- ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: http:

[issue17981] SysLogHandler closes connection before using it

Julien Palard added the comment: I understand the files_preserve parameter, the bug I'm filling is the innability of SysLogHandler to reopen the socket, although it tries : // DaemonContext closing all FDs: close(3)= 0 close(2)= 0

[issue17992] test_asynchat hangs

Giampaolo Rodola' added the comment: Nevermind. It's an easy patch so I'm going to commit it anyway. -- ___ Python tracker ___ ___ Pyt

[issue17992] test_asynchat hangs

Carlos Nepomuceno added the comment: Tried to use the new files[1] but they use 'support' instead of 'test_support' from 'test' module. [1] test_asynchat.py, test_asyncore.py -- ___ Python tracker ___

[issue17980] CVE-2013-2099 ssl.match_hostname() trips over crafted wildcard names

Christian Heimes added the comment: I think a malicious user could abuse SNI to craft a longer host name and trigger the pathological case. -- ___ Python tracker ___ ___

[issue17989] ElementTree.Element broken attribute setting

Changes by Antoine Pitrou : -- nosy: +eli.bendersky ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail

[issue17992] test_asynchat hangs

Changes by Giampaolo Rodola' : Added file: http://bugs.python.org/file30286/test_asyncore.py ___ Python tracker ___ ___ Python-bugs-list maili

[issue17992] test_asynchat hangs

Changes by Giampaolo Rodola' : Added file: http://bugs.python.org/file30285/test_asynchat.py ___ Python tracker ___ ___ Python-bugs-list maili

[issue8604] Adding an atomic FS write API

Changes by Antoine Pitrou : -- stage: -> patch review ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: http://ma

[issue8604] Adding an atomic FS write API

Changes by Arfrever Frehtes Taifersar Arahesis : -- nosy: +Arfrever ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscrib

[issue17914] add os.cpu_count()

Yogesh Chaudhari added the comment: Typo fix -- Added file: http://bugs.python.org/file30284/issue17914-7.patch ___ Python tracker ___ ___

[issue17992] test_asynchat hangs

Carlos Nepomuceno added the comment: BTW, problem solved with: iptables -A INPUT -d 127.0.0.1 -j ACCEPT iptables -A INPUT -s 127.0.0.1 -j ACCEPT Thanks a lot! \o -- ___ Python tracker

[issue17589] Make documentation about macros in C API explicit about rvalue vs statement

Changes by Arfrever Frehtes Taifersar Arahesis : -- nosy: +Arfrever ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscri

[issue17206] Py_XDECREF() expands its argument multiple times

Changes by Arfrever Frehtes Taifersar Arahesis : -- nosy: +Arfrever ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscri

[issue17992] test_asynchat hangs

Carlos Nepomuceno added the comment: Yes, but I don't have the git clone. Can you send the complete file instead of the patch? -- ___ Python tracker ___ _

[issue17980] CVE-2013-2099 ssl.match_hostname() trips over crafted wildcard names

Florian Weimer added the comment: The host name is looked up to get the IP address to connect to. The lookup will fail if the host name is longer than 255 characters, and the crafted certificate is never retrieved. -- ___ Python tracker

[issue17980] CVE-2013-2099 ssl.match_hostname() trips over crafted wildcard names

Changes by Arfrever Frehtes Taifersar Arahesis : -- nosy: +Arfrever ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscri

[issue17980] CVE-2013-2099 ssl.match_hostname() trips over crafted wildcard names

Antoine Pitrou added the comment: > In my tests, I used a host name like > .example.org, and a dNSName > like a*a*a*a*a*a*a*a*a*a*a*a*a*a*a*a*a*a*a*a*a*a*a*a*a*.example.org. > Quadratic behavior wouldn't be too bad because the host name is > necessarily ra

[issue17992] test_asynchat hangs

Giampaolo Rodola' added the comment: Good catch! I think we better set a general timeout so that the tests fail instead of hanging though. Carlos can you try the patch in attachment and confirm you see failures instead of hangings? -- keywords: +patch Added file: http://bugs.python.org

[issue17980] CVE-2013-2099 ssl.match_hostname() trips over crafted wildcard names

Antoine Pitrou added the comment: Indeed, two wildcards seem to be ok with a 255-character domain name: $ ./python -m timeit -s "import ssl; cert = {'subject': ((('commonName', '*a*a.com'),),)}" "try: ssl.match_hostname(cert, 'a' * 250 +'z.com')" "except ssl.CertificateError: pass" 1000 loops,

[issue17980] CVE-2013-2099 ssl.match_hostname() trips over crafted wildcard names

Changes by Apostolis Bessas : -- nosy: +mpessas ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.pyt

[issue17992] test_asynchat hangs

Charles-François Natali added the comment: > What ports are needed? Many tests use random ephemeral ports on the loopback interface (e.g. 43785 above). You should update your rules to apply to external NIC, not on the loopback. -- resolution: -> invalid stage: -> committed/rejected

[issue17992] test_asynchat hangs

Carlos Nepomuceno added the comment: What ports are needed? [root@localhost Python-2.7.5]# iptables -L Chain INPUT (policy DROP) target prot opt source destination ACCEPT udp -- anywhere anywhereudp dpt:domain ACCEPT tcp -- anywhere

[issue17992] test_asynchat hangs

Charles-François Natali added the comment: That's what I thought: 08:01:24.824406 bind(3, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("127.0.0.1")}, 16) = 0 <0.24> [pid 1698] 08:01:24.825502 listen(3, 1) = 0 <0.35> [pid 1698] 08:01:24.825786 accept(3, [pid 1697] 08:01

[issue17206] Py_XDECREF() expands its argument multiple times

Illia Polosukhin added the comment: Amaury, I didn't update Py_INCREF macro in this patch (because it doesn't expand it's argument multiple times) - so the examples you are showing will be working fine. I've updated Py_XINCREF, but it can't be used as an expression anyway. --

[issue17980] CVE-2013-2099 ssl.match_hostname() trips over crafted wildcard names

Florian Weimer added the comment: OpenSSL supports only a single wildcard character. In my tests, I used a host name like .example.org, and a dNSName like a*a*a*a*a*a*a*a*a*a*a*a*a*a*a*a*a*a*a*a*a*a*a*a*a*.example.org. Quadratic behavior wouldn't be to

[issue17914] add os.cpu_count()

Yogesh Chaudhari added the comment: Minor modifications based on review comments. 1. Change mib array size to 2, 2. return value set to 0 consistently (in C code), and 3. removed IRIX #defines -- Added file: http://bugs.python.org/file30282/issue17914-6.patch _

[issue17992] test_asynchat hangs

Carlos Nepomuceno added the comment: Full output in the attached file. [root@localhost Python-2.7.5]# strace -ttT -f ./python Lib/test/test_asynchat.py [...] [pid 1697] 08:01:27.815179 select(6, [5], [5], [5], {0, 1}) = 0 (Timeout) <0.010095> [pid 1697] 08:01:27.825348 select(6, [5], [5],

[issue17992] test_asynchat hangs

Charles-François Natali added the comment: Could you provide the output of: strace -ttT -f ./python Lib/test/test_asynchat.py -- nosy: +neologix ___ Python tracker ___ _

[issue17980] CVE-2013-2099 ssl.match_hostname() trips over crafted wildcard names

Christian Heimes added the comment: RFC 2818 doesn't say anything about the maximum amount of wildcards. I'm going to check OpenSSL's implementation now. -- ___ Python tracker _

[issue17992] test_asynchat hangs

Carlos Nepomuceno added the comment: Thank you! But what's going on? Do my system have any limitation that is causing such hang? Here goes it's ulimit output just in case: [root@localhost Python-2.7.5]# ulimit -a core file size (blocks, -c) 0 data seg size (kbytes, -d) unlim

[issue17980] CVE-2013-2099 ssl.match_hostname() trips over crafted wildcard names

Changes by Antoine Pitrou : -- nosy: +christian.heimes ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: http://m

[issue17890] argparse: mutually exclusive groups full of suppressed args can cause AssertionErrors

R. David Murray added the comment: I've been observing the activity on the argparse issues and am appreciating the work, but I don't have time right now to review the patches. I should have more time next month, and expect to get to them then, if no one else gets to them before I do. ---

[issue17980] CVE-2013-2099 ssl.match_hostname() trips over crafted wildcard names

Antoine Pitrou added the comment: I would like to know what is the expected scenario: - does the attacker only control the certificate? - or does the attacker control both the certificate and the hostname being validated? The reason is that the matching cost for a domain name fragment seems to

[issue17980] CVE-2013-2099 ssl.match_hostname() trips over crafted wildcard names

Antoine Pitrou added the comment: This is caused by the regex engine's performance behaviour: http://bugs.python.org/issue1662581 http://bugs.python.org/issue1515829 http://bugs.python.org/issue212521 -- ___ Python tracker

[issue1662581] the re module can perform poorly: O(2**n) versus O(n**2)

Antoine Pitrou added the comment: Note this can be used for denials of service: see http://bugs.python.org/issue17980 -- nosy: +pitrou ___ Python tracker ___ _

[issue17992] test_asynchat hangs

Giampaolo Rodola' added the comment: Nosying Collin Winter as per rev 531d3023b48b. In the meantime you can try to specify a timeout for join() as in: diff --git a/Lib/test/test_asynchat.py b/Lib/test/test_asynchat.py --- a/Lib/test/test_asynchat.py +++ b/Lib/test/test_asynchat.py @@ -223,7 +223

[issue17980] CVE-2013-2099 ssl.match_hostname() trips over crafted wildcard names

Changes by Antoine Pitrou : -- stage: -> needs patch type: -> security versions: +Python 3.2, Python 3.4 ___ Python tracker ___ ___

[issue17992] test_asynchat hangs

Carlos Nepomuceno added the comment: ./python -m trace -t Lib/test/test_asynchat.py [...] --- modulename: asyncore, funcname: poll asyncore.py(126): if map is None: asyncore.py(128): if map: asyncore.py(129): r = []; w = []; e = [] asyncore.py(130): for fd, obj in map.it

[issue17992] test_asynchat hangs

Giampaolo Rodola' added the comment: Does it hang also if you run it directly as in "./python Lib/test/test_asynchat.py". Perhaps you ca try "./python -m trace -t Lib/test/test_asynchat.py"? Figuring this out should be relatively easy: you can also just put prints into test_asynchat.py yourself

[issue17980] CVE-2013-2099 ssl.match_hostname() trips over crafted wildcard names

Jan Lieskovsky added the comment: The CVE identifier of CVE-2013-2099 has been assigned: http://www.openwall.com/lists/oss-security/2013/05/16/6 to this issue. -- nosy: +iankko title: ssl.match_hostname() trips over crafted wildcard names -> CVE-2013-2099 ssl.match_hostname() trips o

[issue17992] test_asynchat hangs

Carlos Nepomuceno added the comment: I don't know what to do. I tried CTRL+C but it didn't stop. Then I pressed CTRL+Z and kill the python process and when i got back with 'fg' the make process had been terminated. No messages were printed. -- ___ P

[issue17981] SysLogHandler closes connection before using it

Vinay Sajip added the comment: The python-daemon documentation states, about files_preserve: "Elements of the list are file descriptors (as returned by a file object's `fileno()` method) or Python `file` objects. Each specifies a file that is not to be closed during daemon start." Notice that

[issue17992] test_asynchat hangs

Giampaolo Rodola' added the comment: Can you try to figure out where it hangs exactly? I can't reproduce the issue on Ubuntu and FreeBSD and don't have a Red Hat to test against. -- ___ Python tracker

  1   2   >