[issue1745035] DoS smtpd vulnerability

2010-12-02 Thread Georg Brandl
Georg Brandl ge...@python.org added the comment: Committed in r86955. Thanks! -- resolution: - fixed status: open - closed ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue1745035 ___

[issue1745035] DoS smtpd vulnerability

2010-11-23 Thread Savio Sena
Savio Sena savio.s...@acm.org added the comment: Attaching a more concise patch, as requested by georg.brandl. -- Added file: http://bugs.python.org/file19787/issue1745035-101123-saviosena.diff ___ Python tracker rep...@bugs.python.org

[issue1745035] DoS smtpd vulnerability

2010-11-23 Thread Giampaolo Rodola'
Giampaolo Rodola' g.rod...@gmail.com added the comment: I think data_size_limit and command_size_limit should be class attributes instead of instance attributes. -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue1745035

[issue1745035] DoS smtpd vulnerability

2010-11-23 Thread Savio Sena
Savio Sena savio.s...@acm.org added the comment: Previous patch was incorrect. I'm attaching another one, I'm really sorry. @giampaolo, about making the limits class attributes, it's not a good idea IMHO. According to RFC1869 command sizes can change depending on which Service Extensions are

[issue1745035] DoS smtpd vulnerability

2010-11-23 Thread Savio Sena
Savio Sena savio.s...@acm.org added the comment: size_limits are not class attributes instead of instance attributes, as suggested by giampaolo.rodola. -- Added file: http://bugs.python.org/file19790/issue1745035-101123-saviosena.diff ___ Python

[issue1745035] DoS smtpd vulnerability

2010-11-23 Thread Giampaolo Rodola'
Giampaolo Rodola' g.rod...@gmail.com added the comment: AFAICT patch looks ok to me. -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue1745035 ___

[issue1745035] DoS smtpd vulnerability

2010-11-23 Thread Georg Brandl
Changes by Georg Brandl ge...@python.org: -- nosy: +georg.brandl ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue1745035 ___ ___ Python-bugs-list

[issue1745035] DoS smtpd vulnerability

2010-11-21 Thread Henrique Bastos
Changes by Henrique Bastos henri...@bastos.net: -- nosy: +henriquebastos ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue1745035 ___ ___

[issue1745035] DoS smtpd vulnerability

2010-11-21 Thread Savio Sena
Savio Sena savio.s...@acm.org added the comment: The attached patch adopts the minimalistic approach described in previous post. It pretends to implement Message Size Extension, defining a maximum message data size to 32M bytes and maximum command length to 512 bytes. In my opinion this is

[issue1745035] DoS smtpd vulnerability

2010-11-20 Thread Savio Sena
Changes by Savio Sena savio.s...@acm.org: -- nosy: +saviosena ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue1745035 ___ ___ Python-bugs-list

[issue1745035] DoS smtpd vulnerability

2010-11-20 Thread Savio Sena
Savio Sena savio.s...@acm.org added the comment: The definite (and only?) solution would be to implement 'Message Size Declaration[1]' Service Extension[2]. We can limit the size of commands and text lines, but not the message size as a whole[3]. RFC1870 was created exactly with the purpose

[issue1745035] DoS smtpd vulnerability

2010-09-17 Thread Mark Lawrence
Mark Lawrence breamore...@yahoo.co.uk added the comment: Given the title, type and severity shouldn't someone take a look at this? -- nosy: +BreamoreBoy ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue1745035

[issue1745035] DoS smtpd vulnerability

2010-05-11 Thread Terry J. Reedy
Changes by Terry J. Reedy tjre...@udel.edu: -- versions: +Python 2.7, Python 3.1, Python 3.2 -Python 3.0 ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue1745035 ___

[issue1745035] DoS smtpd vulnerability

2008-09-29 Thread Josiah Carlson
Josiah Carlson [EMAIL PROTECTED] added the comment: The patch does not work as Giampaolo intends. If the patch were applied as-is, no emails longer than 998 bytes could be sent. Instead, incrementing linelen in the collect_incoming_data() method should only be performed if self.terminator ==

[issue1745035] DoS smtpd vulnerability

2008-02-11 Thread Giampaolo Rodola'
Changes by Giampaolo Rodola': -- versions: +Python 2.6, Python 3.0 _ Tracker [EMAIL PROTECTED] http://bugs.python.org/issue1745035 _ ___ Python-bugs-list mailing list

[issue1745035] DoS smtpd vulnerability

2008-01-30 Thread Jesús Cea Avión
Changes by Jesús Cea Avión: -- nosy: +jcea _ Tracker [EMAIL PROTECTED] http://bugs.python.org/issue1745035 _ ___ Python-bugs-list mailing list Unsubscribe:

[issue1745035] DoS smtpd vulnerability

2008-01-23 Thread Giampaolo Rodola'
Giampaolo Rodola' added the comment: I update this bug as GvR requested here: http://groups.google.it/group/python-dev2/browse_thread/thread/33cad7b7c1cdb19f?hl=it The patch in attachment fixes what discussed before. In addition it sets a smaller timeout for asyncore.loop() for permitting to

[issue1745035] DoS smtpd vulnerability

2007-10-21 Thread billiejoex
billiejoex added the comment: What does this do when a line longer than 4096 bytes is found? Does it report an error to the SMTP client? That's my only concern. Sorry for replying so late. No, it does not report the error and this is bad. I've searched through RFCs and I found that RFC

[issue1745035] DoS smtpd vulnerability

2007-10-21 Thread billiejoex
Changes by billiejoex: Added file: http://bugs.python.org/file8587/smtpd.diff _ Tracker [EMAIL PROTECTED] http://bugs.python.org/issue1745035 _ ___ Python-bugs-list mailing list

[issue1745035] DoS smtpd vulnerability

2007-09-18 Thread Sean Reifschneider
Sean Reifschneider added the comment: Patch is inline above. RFC2822 says lines MUST be less than 998 bytes long, so this should be fine. What does this do when a line longer than 4096 bytes is found? Does it report an error to the SMTP client? That's my only concern. -- assignee: