New submission from Jakub Wilk: It is possible to craft a MO file with Plural-Forms taking arbitrary amounts of CPU and memory to evaluate. A test case is attached.
I realize that opening unstrusted MO files is a rather unusual use case, but the module already contains some code to protect againt malicious Plural-Forms, so I thought you might want to fix this problem as well. ---------- components: Library (Lib) files: testcase.mo messages: 191963 nosy: jwilk priority: normal severity: normal status: open title: gettext: DoS via crafted Plural-Forms type: security Added file: http://bugs.python.org/file30715/testcase.mo _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue18317> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
