[issue11671] Security hole in wsgiref.headers.Headers

2019-08-14 Thread Ashwin Ramaswami
Change by Ashwin Ramaswami : -- nosy: +martin.panter ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe:

[issue11671] Security hole in wsgiref.headers.Headers

2019-08-14 Thread Ashwin Ramaswami
Change by Ashwin Ramaswami : -- pull_requests: +15022 stage: needs patch -> patch review pull_request: https://github.com/python/cpython/pull/15299 ___ Python tracker ___

[issue11671] Security hole in wsgiref.headers.Headers

2019-08-14 Thread Ashwin Ramaswami
Change by Ashwin Ramaswami : -- nosy: +epicfaace versions: +Python 3.8, Python 3.9 ___ Python tracker ___ ___ Python-bugs-list

[issue11671] Security hole in wsgiref.headers.Headers

2016-09-08 Thread Christian Heimes
Changes by Christian Heimes : -- assignee: pje -> versions: +Python 3.5, Python 3.6, Python 3.7 -Python 2.6, Python 3.1, Python 3.2, Python 3.3 ___ Python tracker

[issue11671] Security hole in wsgiref.headers.Headers

2013-08-18 Thread Arfrever Frehtes Taifersar Arahesis
Changes by Arfrever Frehtes Taifersar Arahesis arfrever@gmail.com: -- nosy: +Arfrever ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue11671 ___

[issue11671] Security hole in wsgiref.headers.Headers

2013-08-17 Thread Christian Heimes
Christian Heimes added the comment: What do the RFCs for RFC-822 and HTTP 1.1 say about \r and \n in header names? -- nosy: +christian.heimes ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue11671

[issue11671] Security hole in wsgiref.headers.Headers

2013-08-17 Thread Devin Cook
Devin Cook added the comment: It looks like it's allowed for header line continuation. http://www.ietf.org/rfc/rfc2616.txt HTTP/1.1 header field values can be folded onto multiple lines if the continuation line begins with a space or horizontal tab. All linear white space, including folding,

[issue11671] Security hole in wsgiref.headers.Headers

2013-02-25 Thread STINNER Victor
STINNER Victor added the comment: +if bad_header_value_re.search(_value): +error_str = Bad header value: {0!r} (bad char: {1!r}) +raise AssertionError(error_str.format( +_value, bad_header_value_re.search(_value).group(0))) Why do you search the

[issue11671] Security hole in wsgiref.headers.Headers

2013-02-25 Thread Devin Cook
Changes by Devin Cook devin.c.c...@gmail.com: Removed file: http://bugs.python.org/file29182/header_newlines.patch ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue11671 ___

[issue11671] Security hole in wsgiref.headers.Headers

2013-02-25 Thread Devin Cook
Devin Cook added the comment: The spec doesn't say anything about the header name. It probably should though, as the same issue exists there. I used two searches because that's how it's done in wsgiref.validate, and it's not a huge deal to do that because the second one will only execute when

[issue11671] Security hole in wsgiref.headers.Headers

2013-02-25 Thread Devin Cook
Changes by Devin Cook devin.c.c...@gmail.com: Removed file: http://bugs.python.org/file29192/header_newlines_2.7.patch ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue11671 ___

[issue11671] Security hole in wsgiref.headers.Headers

2013-02-25 Thread Devin Cook
Changes by Devin Cook devin.c.c...@gmail.com: Removed file: http://bugs.python.org/file29193/header_newlines_2.6.patch ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue11671 ___

[issue11671] Security hole in wsgiref.headers.Headers

2013-02-23 Thread Devin Cook
Devin Cook added the comment: Should now be compliant with this part of the spec: Each header_value must not include any control characters, including carriage returns or linefeeds, either embedded or at the end. (These requirements are to minimize the complexity of any parsing that must be

[issue11671] Security hole in wsgiref.headers.Headers

2013-02-23 Thread Devin Cook
Devin Cook added the comment: backported patch to 2.7 -- Added file: http://bugs.python.org/file29192/header_newlines_2.7.patch ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue11671 ___

[issue11671] Security hole in wsgiref.headers.Headers

2013-02-23 Thread Devin Cook
Devin Cook added the comment: backported patch to 2.6 -- Added file: http://bugs.python.org/file29193/header_newlines_2.6.patch ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue11671 ___

[issue11671] Security hole in wsgiref.headers.Headers

2011-06-01 Thread Terry J. Reedy
Changes by Terry J. Reedy tjre...@udel.edu: -- versions: -Python 2.5 ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue11671 ___ ___ Python-bugs-list

[issue11671] Security hole in wsgiref.headers.Headers

2011-03-28 Thread Felix Gröbert
Felix Gröbert groeb...@google.com added the comment: If the spec forbids control characters in headers, the module should enforce that. The most frequent example of header injection is the redirect-case: an application is forwarding using the Location header to a user-supplied URL.

[issue11671] Security hole in wsgiref.headers.Headers

2011-03-25 Thread Éric Araujo
Changes by Éric Araujo mer...@netwok.org: -- assignee: - pje nosy: +pje stage: - needs patch title: Potential misuse of wsgiref.headers.Headers - Security hole in wsgiref.headers.Headers versions: +Python 2.5, Python 2.6, Python 2.7, Python 3.1, Python 3.2

[issue11671] Security hole in wsgiref.headers.Headers

2011-03-25 Thread Phillip J. Eby
Phillip J. Eby p...@telecommunity.com added the comment: It is not uncommon that developers provide web applications to the public in which the HTTP response headers are not filtered for newlines but are controlled by the user. Really? Which applications, and which response headers?