Sep. 16th, 2013

akuchling: Sherlock Hemlock (Default)
Last week the BACON-PIG decided to have an informal sprint to hack on core Python, and today we held it at my (newly-purchased!) house.

Barry Warsaw is the release manager for Python 2.6.9, so we looked at various release-blocking issues for 2.6.9. The bulk of them at this time are various DDoS possibilities where .readline() is called with no size limitation. An attacker can then feed large amounts of data and consuming an arbitrary amount of memory. The fixes all take the same general pattern: add a size limitation to the .readline() call that varies depending on the protocol, and then report an error if the line hits the limit.

I also committed the traceback.clear_frames() function that I was working on last week.

Profile

akuchling: Sherlock Hemlock (Default)
akuchling

September 2021

S M T W T F S
   1234
567891011
1213 1415161718
19202122232425
2627282930  

Most Popular Tags

Style Credit

Expand Cut Tags

No cut tags
Page generated Sep. 15th, 2025 06:10 pm
Powered by Dreamwidth Studios