[issue39503] [security][CVE-2020-8492] Denial of service in urllib.request.AbstractBasicAuthHandler

2021-09-14 Thread STINNER Victor
STINNER Victor added the comment: This issue was a security vulnerability. It's now closed, please don't comment closed issues. If you consider that there is a regression, please open a new issue. -- ___ Python tracker

[issue39503] [security][CVE-2020-8492] Denial of service in urllib.request.AbstractBasicAuthHandler

2021-09-14 Thread tongxiaoge
tongxiaoge added the comment: At the beginning of the issue, there is the following reproduction code: from urllib.request import AbstractBasicAuthHandler auth_handler = AbstractBasicAuthHandler() auth_handler.http_error_auth_reqed( 'www-authenticate', 'unused', 'unused', {

[issue39503] [security][CVE-2020-8492] Denial of service in urllib.request.AbstractBasicAuthHandler

2021-09-14 Thread STINNER Victor
STINNER Victor added the comment: > "headers" is a dict object? If so, the dict object does not seem to have no > attribute "get_all". No, it's not a dict object. -- ___ Python tracker

[issue39503] [security][CVE-2020-8492] Denial of service in urllib.request.AbstractBasicAuthHandler

2021-09-14 Thread tongxiaoge
tongxiaoge added the comment: https://github.com/python/cpython/blob/9f93018b69d72cb48d3444554261ae3b0ea00c93/Lib/urllib/request.py#L989 "headers" is a dict object? If so, the dict object does not seem to have no attribute "get_all". -- nosy: +sxt1001 versions: +Python 3.10, Python

[issue39503] [security][CVE-2020-8492] Denial of service in urllib.request.AbstractBasicAuthHandler

2020-06-20 Thread Larry Hastings
Change by Larry Hastings : -- resolution: -> fixed stage: patch review -> resolved status: open -> closed ___ Python tracker ___

[issue39503] [security][CVE-2020-8492] Denial of service in urllib.request.AbstractBasicAuthHandler

2020-06-20 Thread Kubilay Kocak
Change by Kubilay Kocak : -- nosy: +koobs ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe:

[issue39503] [security][CVE-2020-8492] Denial of service in urllib.request.AbstractBasicAuthHandler

2020-06-20 Thread Larry Hastings
Larry Hastings added the comment: New changeset 37fe316479e0b6906a74b0c0a5e495c55037fdfd by Victor Stinner in branch '3.5': bpo-39503: CVE-2020-8492: Fix AbstractBasicAuthHandler (GH-18284) (#19305) https://github.com/python/cpython/commit/37fe316479e0b6906a74b0c0a5e495c55037fdfd

[issue39503] [security][CVE-2020-8492] Denial of service in urllib.request.AbstractBasicAuthHandler

2020-04-02 Thread Ned Deily
Ned Deily added the comment: New changeset 69cdeeb93e0830004a495ed854022425b93b3f3e by Victor Stinner in branch '3.6': bpo-39503: CVE-2020-8492: Fix AbstractBasicAuthHandler (GH-18284) (GH-19304) https://github.com/python/cpython/commit/69cdeeb93e0830004a495ed854022425b93b3f3e --

[issue39503] [security][CVE-2020-8492] Denial of service in urllib.request.AbstractBasicAuthHandler

2020-04-02 Thread STINNER Victor
Change by STINNER Victor : -- pull_requests: +18667 pull_request: https://github.com/python/cpython/pull/19305 ___ Python tracker ___

[issue39503] [security][CVE-2020-8492] Denial of service in urllib.request.AbstractBasicAuthHandler

2020-04-02 Thread STINNER Victor
Change by STINNER Victor : -- pull_requests: +18666 pull_request: https://github.com/python/cpython/pull/19304 ___ Python tracker ___

[issue39503] [security][CVE-2020-8492] Denial of service in urllib.request.AbstractBasicAuthHandler

2020-04-02 Thread STINNER Victor
Change by STINNER Victor : -- versions: -Python 2.7 ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe:

[issue39503] [security][CVE-2020-8492] Denial of service in urllib.request.AbstractBasicAuthHandler

2020-04-02 Thread Tapas Kundu
Change by Tapas Kundu : -- pull_requests: +18664 pull_request: https://github.com/python/cpython/pull/19302 ___ Python tracker ___

[issue39503] [security][CVE-2020-8492] Denial of service in urllib.request.AbstractBasicAuthHandler

2020-04-02 Thread STINNER Victor
STINNER Victor added the comment: New changeset b57a73694e26e8b2391731b5ee0b1be59437388e by Miss Islington (bot) in branch '3.7': bpo-39503: CVE-2020-8492: Fix AbstractBasicAuthHandler (GH-18284) (GH-19297) https://github.com/python/cpython/commit/b57a73694e26e8b2391731b5ee0b1be59437388e

[issue39503] [security][CVE-2020-8492] Denial of service in urllib.request.AbstractBasicAuthHandler

2020-04-02 Thread STINNER Victor
STINNER Victor added the comment: New changeset ea9e240aa02372440be8024acb110371f69c9d41 by Miss Islington (bot) in branch '3.8': bpo-39503: CVE-2020-8492: Fix AbstractBasicAuthHandler (GH-18284) (GH-19296) https://github.com/python/cpython/commit/ea9e240aa02372440be8024acb110371f69c9d41

[issue39503] [security][CVE-2020-8492] Denial of service in urllib.request.AbstractBasicAuthHandler

2020-04-02 Thread Tapas Kundu
Change by Tapas Kundu : -- pull_requests: +18663 pull_request: https://github.com/python/cpython/pull/19301 ___ Python tracker ___

[issue39503] [security][CVE-2020-8492] Denial of service in urllib.request.AbstractBasicAuthHandler

2020-04-02 Thread Tapas Kundu
Change by Tapas Kundu : -- nosy: +tapakund nosy_count: 6.0 -> 7.0 pull_requests: +18661 pull_request: https://github.com/python/cpython/pull/19299 ___ Python tracker ___

[issue39503] [security][CVE-2020-8492] Denial of service in urllib.request.AbstractBasicAuthHandler

2020-04-01 Thread miss-islington
Change by miss-islington : -- pull_requests: +18656 pull_request: https://github.com/python/cpython/pull/19297 ___ Python tracker ___

[issue39503] [security][CVE-2020-8492] Denial of service in urllib.request.AbstractBasicAuthHandler

2020-04-01 Thread miss-islington
Change by miss-islington : -- pull_requests: +18655 pull_request: https://github.com/python/cpython/pull/19296 ___ Python tracker ___

[issue39503] [security][CVE-2020-8492] Denial of service in urllib.request.AbstractBasicAuthHandler

2020-04-01 Thread STINNER Victor
STINNER Victor added the comment: New changeset 0b297d4ff1c0e4480ad33acae793fbaf4bf015b4 by Victor Stinner in branch 'master': bpo-39503: CVE-2020-8492: Fix AbstractBasicAuthHandler (GH-18284) https://github.com/python/cpython/commit/0b297d4ff1c0e4480ad33acae793fbaf4bf015b4 --

[issue39503] [security][CVE-2020-8492] Denial of service in urllib.request.AbstractBasicAuthHandler

2020-04-01 Thread miss-islington
Change by miss-islington : -- nosy: +miss-islington nosy_count: 5.0 -> 6.0 pull_requests: +18650 pull_request: https://github.com/python/cpython/pull/19291 ___ Python tracker

[issue39503] [security][CVE-2020-8492] Denial of service in urllib.request.AbstractBasicAuthHandler

2020-04-01 Thread miss-islington
Change by miss-islington : -- pull_requests: +18651 pull_request: https://github.com/python/cpython/pull/19292 ___ Python tracker ___

[issue39503] [security][CVE-2020-8492] Denial of service in urllib.request.AbstractBasicAuthHandler

2020-04-01 Thread Ben Caller
Change by Ben Caller : Removed file: https://bugs.python.org/file49022/bench_parser2.py ___ Python tracker ___ ___ Python-bugs-list mailing

[issue39503] [security][CVE-2020-8492] Denial of service in urllib.request.AbstractBasicAuthHandler

2020-04-01 Thread Ben Caller
Change by Ben Caller : Added file: https://bugs.python.org/file49023/bench_parser2.py ___ Python tracker ___ ___ Python-bugs-list mailing

[issue39503] [security][CVE-2020-8492] Denial of service in urllib.request.AbstractBasicAuthHandler

2020-04-01 Thread STINNER Victor
STINNER Victor added the comment: Ooooh, I see. I didn't measure the performance of the right header. I re-run a benchmark using the HTTP header (repeat=15): header = 'Basic ' + ', ' * 15 + 'A' Now I see a major performance difference. Comparison between master ("ref") and PR 18284

[issue39503] [security][CVE-2020-8492] Denial of service in urllib.request.AbstractBasicAuthHandler

2020-04-01 Thread Ben Caller
Ben Caller added the comment: Instead of repeat_10_3 = 'Basic ' + ', ' * (10 ** 3) + simple in the benchmark, try repeat_10_3 = 'Basic ' + ', ' * (10 ** 3) + 'A' -- Added file: https://bugs.python.org/file49022/bench_parser2.py ___ Python

[issue39503] [security][CVE-2020-8492] Denial of service in urllib.request.AbstractBasicAuthHandler

2020-03-30 Thread STINNER Victor
STINNER Victor added the comment: bench_parser.py: Benchmark for AbstractBasicAuthHandler.http_error_auth_reqed(). -- Added file: https://bugs.python.org/file49016/bench_parser.py ___ Python tracker

[issue39503] [security][CVE-2020-8492] Denial of service in urllib.request.AbstractBasicAuthHandler

2020-03-25 Thread STINNER Victor
STINNER Victor added the comment: > Isn't this a duplicate of bpo-38826 ? Oh right. I marked it as a duplicate of this issue. -- ___ Python tracker ___

[issue39503] [security][CVE-2020-8492] Denial of service in urllib.request.AbstractBasicAuthHandler

2020-03-04 Thread Ryan Ware
Change by Ryan Ware : -- nosy: +ware ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe:

[issue39503] [security][CVE-2020-8492] Denial of service in urllib.request.AbstractBasicAuthHandler

2020-03-02 Thread Michał Górny
Change by Michał Górny : -- nosy: +mgorny ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe:

[issue39503] [security][CVE-2020-8492] Denial of service in urllib.request.AbstractBasicAuthHandler

2020-02-04 Thread Ben Caller
Ben Caller added the comment: Isn't this a duplicate of bpo-38826 ? -- nosy: +bc ___ Python tracker ___ ___ Python-bugs-list

[issue39503] [security][CVE-2020-8492] Denial of service in urllib.request.AbstractBasicAuthHandler

2020-01-31 Thread Anselmo Melo
Change by Anselmo Melo : -- nosy: +Anselmo Melo ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe:

[issue39503] [security][CVE-2020-8492] Denial of service in urllib.request.AbstractBasicAuthHandler

2020-01-30 Thread STINNER Victor
STINNER Victor added the comment: CVE-2020-8492 has been assigned to this vulnerability: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-8492 -- title: [security] Denial of service in urllib.request.AbstractBasicAuthHandler -> [security][CVE-2020-8492] Denial of service in