Nikolaus Rath added the comment: The lack of output size limiting has security implications as well.
Without being able to limit the size of the uncompressed data returned per call, it is not possible to decompress untrusted lzma or bz2 data without becoming susceptible to a DoS attack, as the attacker can force allocation of gigantic buffers by sending just a tiny amount of compressed data. ---------- nosy: +Nikratio _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue15955> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
