Change by Michele Orrù :
--
title: Integer overflow in the socket function parsing a Bluetooth address ->
Fix Bluetooth address parser
___
Python tracker
<https://bugs.python.org/issu
Michele Orrù added the comment:
"R. David Murray" writes:
> Since we want to encourage people to use the context, that sounds
> reasonable for 3.x at least.
Concerning this specific proposition, I really don't see the point in
having .starttls() not simply accepting a S
New submission from Michele Orrù:
hello! In
<https://docs.python.org/2/library/smtplib.html#smtplib.SMTP.starttls> I read::
"If keyfile and certfile are provided, these are passed to the socket
module’s ssl() function."
socket.ssl() exists, though it is not documented (n
Michele Orrù added the comment:
On Sun, Jun 29, 2014 at 03:15:44PM +, Mark Lawrence wrote:
>
> Mark Lawrence added the comment:
>
> @Michele as 8739 has been implemented would you like to put up a patch for
> this?
No, but setting keyword "easy" could help
Michele Orrù added the comment:
ping.
--
___
Python tracker
<http://bugs.python.org/issue18564>
___
___
Python-bugs-list mailing list
Unsubscribe:
Changes by Michele Orrù :
--
nosy: +maker
___
Python tracker
<http://bugs.python.org/issue21541>
___
___
Python-bugs-list mailing list
Unsubscribe:
Michele Orrù added the comment:
Interestingly, implements a function for parsing
bluetooth addresses, but it's completely broken.
<https://git.kernel.org/cgit/bluetooth/bluez.git/tree/lib/bluetooth.c#n83>
It would be much much more elegant to use str2ba() in our source code th
Changes by Michele Orrù :
Added file: http://bugs.python.org/file35146/issue18564.3.patch
___
Python tracker
<http://bugs.python.org/issue18564>
___
___
Python-bugs-list m
Changes by Michele Orrù :
Added file: http://bugs.python.org/file35112/issue18564.2.patch
___
Python tracker
<http://bugs.python.org/issue18564>
___
___
Python-bugs-list m
Changes by Michele Orrù :
--
nosy: -maker
___
Python tracker
<http://bugs.python.org/issue8402>
___
___
Python-bugs-list mailing list
Unsubscribe:
Changes by Michele Orrù :
--
nosy: -maker
___
Python tracker
<http://bugs.python.org/issue16113>
___
___
Python-bugs-list mailing list
Unsubscribe:
Michele Orrù added the comment:
> Is that you actual use case? That you *want* to store binary data in XML,
> instead of getting it properly rejected as non well-formed content?
No, Stefan.
What I was saying in my last message was just "you're right, the user shall
always
Michele Orrù added the comment:
Cool, thanks for pointing the correct library function.
Tested on my machine - Debian 3.9 x86_64 GNU/Linux.
--
___
Python tracker
<http://bugs.python.org/issue16
Michele Orrù added the comment:
Just pointed by a friend - <http://www.w3.org/TR/REC-xml/#sec-cdata-sect>
I suppose this is insanely used to put binary blobs inside xml until "only the
CDEnd string is recognized as markup".
That's
Michele Orrù added the comment:
>I said that (serialised) XML is defined as a sequence of bytes.
> Read the spec on that.
And I'm saying that's inexact. I have expectations that control chars are
escaped in the serialized xml, because the spec I'm reading says
Michele Orrù added the comment:
Does not seem to me just a "byte string" where you can put binary data.
Hence, I expect the xml tree to escape/reject those.
Hence, Is not an enhancement, but a bug. Unless we just want to document this.
(not going to change the metadata, otherwise we
Michele Orrù added the comment:
"""
Document authors are encouraged to avoid "compatibility characters", as defined
in section 2.3 of [Unicode]. The characters defined in the following ranges are
also discouraged. They are either control characters or permanently unde
Michele Orrù added the comment:
>>> XML is *defined* as a stream of bytes.
>> Can you *paste* the *source* proving what you are arguing, please?
> http://www.w3.org/TR/REC-xml/
"""
The first two suggestions are directly derived from the rules given for
identifie
Michele Orrù added the comment:
> XML is *defined* as a stream of bytes.
Can you *paste* the *source* proving what you are arguing, please?
> Regarding the API side in ElementTree, Py2 accepts byte strings and Py3
> requires Unicode strings.
"accepts"? python3 works wit
Michele Orrù added the comment:
> Incidentally I read today
> http://blastedbio.blogspot.co.uk/2012/05/blast-tabular-missing-descriptions.html
> mentioning ^A being used.
> Maybe that would stop working?
I don't see any problem in any xml output. Indeed:
"You can'
Michele Orrù added the comment:
> The parser *is* rejecting control characters. It's an XML parser. See the
> example in the link you posted.
Ehrm, my apologies.
> That's not an XML specific issue. You are printing a byte string here, so
> repr() would be the righ
Michele Orrù added the comment:
oops, didn't see :) thanks.
--
___
Python tracker
<http://bugs.python.org/issue18564>
___
___
Python-bugs-list mailing list
Michele Orrù added the comment:
Still is an issue, though. Exported on the current tip.
--
versions: +Python 3.5 -Python 2.7, Python 3.2, Python 3.3
Added file: http://bugs.python.org/file31486/issue16083.1.patch
___
Python tracker
<h
Michele Orrù added the comment:
Ping.
--
___
Python tracker
<http://bugs.python.org/issue18564>
___
___
Python-bugs-list mailing list
Unsubscribe:
Michele Orrù added the comment:
Ping.
--
___
Python tracker
<http://bugs.python.org/issue16201>
___
___
Python-bugs-list mailing list
Unsubscribe:
Michele Orrù added the comment:
> Michele, could you elaborate how you would exploit this issue as a security
> risk?
Sure. What I meant in my message is: assume you have a script that simply
stores each message it receives (from stdin, from a tcp stream, whatever)
inside an xml tre
Michele Orrù added the comment:
I suppose it is, David, if in 2 minutes flat I can change your terminal name.
--
Added file: http://bugs.python.org/file31484/inject.py
___
Python tracker
<http://bugs.python.org/issue18
Michele Orrù added the comment:
you mind if I try by myself to provide patch and unittest in the next few days?
--
___
Python tracker
<http://bugs.python.org/issue18
Changes by Michele Orrù :
--
components: +Library (Lib), XML
type: -> behavior
___
Python tracker
<http://bugs.python.org/issue18850>
___
___
Python-bugs-lis
New submission from Michele Orrù:
Got from irc;
python bug in xml.etree.ElementTree, from version 2.7 to 3.2
http://www.reddit.com/r/Python/comments/1l6cta/python_bug_in_xmletreeelementtree/
I think we should keep consistency with lxml and forbid control chars in
advance.
<ht
Michele Orrù added the comment:
Ping.
--
___
Python tracker
<http://bugs.python.org/issue18538>
___
___
Python-bugs-list mailing list
Unsubscribe:
Changes by Michele Orrù :
Added file: http://bugs.python.org/file31056/issue18564.1.patch
___
Python tracker
<http://bugs.python.org/issue18564>
___
___
Python-bugs-list m
Michele Orrù added the comment:
ping.
--
___
Python tracker
<http://bugs.python.org/issue8425>
___
___
Python-bugs-list mailing list
Unsubscribe:
http://mail.pyth
New submission from Michele Orrù:
In Modules/socketmodule.c , the bluetooth address supplied is vulnerable to
integer overflow.
Attaching patch and a couple of tests, which should be considered as a step
forward in #7687.
--
components: Extension Modules
files: btoverflow.patch
Changes by Michele Orrù :
--
keywords: +patch
Added file: http://bugs.python.org/file31024/issue18538.patch
___
Python tracker
<http://bugs.python.org/issue18
New submission from Michele Orrù:
I feel a little bit embarassed for this patch;
while reading the stdlib's Lib/dis.py file, I saw that the _test() function
parses by itself sys.argv.
I tried to clean it up using argparse; diff and "manual tests" attached.
--
title:
Changes by Michele Orrù :
--
components: Library (Lib)
nosy: maker
priority: normal
severity: normal
status: open
title: `python -m dis `
type: enhancement
versions: Python 3.5
___
Python tracker
<http://bugs.python.org/issue18
Changes by Michele Orrù :
--
nosy: +maker
___
Python tracker
<http://bugs.python.org/issue18369>
___
___
Python-bugs-list mailing list
Unsubscribe:
Changes by Michele Orrù :
--
nosy: +maker
___
Python tracker
<http://bugs.python.org/issue18233>
___
___
Python-bugs-list mailing list
Unsubscribe:
Changes by Michele Orrù :
--
nosy: +maker
___
Python tracker
<http://bugs.python.org/issue16308>
___
___
Python-bugs-list mailing list
Unsubscribe:
Michele Orrù added the comment:
Yes, http://bugs.python.org/file29845/dbldash.patch seems to fix this.
Attaching the unittests, and noisying on your issue.
--
keywords: +patch
Added file: http://bugs.python.org/file29938/issue14364.test.patch
Changes by Michele Orrù :
--
nosy: +maker
___
Python tracker
<http://bugs.python.org/issue13922>
___
___
Python-bugs-list mailing list
Unsubscribe:
Michele Orrù added the comment:
wow, I was just writing the unittests, thanks paul.
Shall I continue? I don't see any test case on tip.
--
___
Python tracker
<http://bugs.python.org/is
Changes by Michele Orrù :
Added file: http://bugs.python.org/file29587/issue16692.4.patch
___
Python tracker
<http://bugs.python.org/issue16692>
___
___
Python-bugs-list m
Michele Orrù added the comment:
.. sorry for all these trivialities.
--
Added file: http://bugs.python.org/file29584/issue16692.3.patch
___
Python tracker
<http://bugs.python.org/issue16
Michele Orrù added the comment:
synced with tip
> This decorator looks like it would be impressed in a simpler way,
> using unittest.skipIf (or unittest.skipUnless).
> It would be nice to check that connecting succeeds from a
> TLSv1_1 client on a SSLv23 server.
yep, thanks.
&g
Michele Orrù added the comment:
(ping)
--
___
Python tracker
<http://bugs.python.org/issue16692>
___
___
Python-bugs-list mailing list
Unsubscribe:
Changes by Michele Orrù :
--
nosy: +maker
___
Python tracker
<http://bugs.python.org/issue17267>
___
___
Python-bugs-list mailing list
Unsubscribe:
Changes by Michele Orrù :
--
nosy: -maker
___
Python tracker
<http://bugs.python.org/issue15767>
___
___
Python-bugs-list mailing list
Unsubscribe:
Michele Orrù added the comment:
Isn't this issue fixed and tested on Lib/test/test_urllib2.py:1304?
--
nosy: +maker
___
Python tracker
<http://bugs.python.org/iss
Changes by Michele Orrù :
Added file: http://bugs.python.org/file29066/issue16692.1.patch
___
Python tracker
<http://bugs.python.org/issue16692>
___
___
Python-bugs-list m
Changes by Michele Orrù :
--
nosy: +eric.araujo
___
Python tracker
<http://bugs.python.org/issue16692>
___
___
Python-bugs-list mailing list
Unsubscribe:
Changes by Michele Orrù :
--
keywords: +patch
nosy: +maker
Added file: http://bugs.python.org/file29022/issue16692.patch
___
Python tracker
<http://bugs.python.org/issue16
Changes by Michele Orrù :
--
nosy: +maker
___
Python tracker
<http://bugs.python.org/issue16728>
___
___
Python-bugs-list mailing list
Unsubscribe:
Michele Orrù added the comment:
Well, I specified the word ``files`` everywhere for that reason. Looking at
Doc/library/zlib.rst I see:
For reading and writing .gz files see the gzip module.
Also, I specified 'the gzip module' on the whatsnew section.
Is there anything more specif
Michele Orrù added the comment:
done!
--
Added file: http://bugs.python.org/file27943/issue6584_6.patch
___
Python tracker
<http://bugs.python.org/issue6
Michele Orrù added the comment:
> The patch should not unconditionally use `python2` since many distributions
> do not yet install a `python2` link
> to the interpreter nor is there one when running python2.7 from a build
> directory. The Makefile could
> conditionally tr
Michele Orrù added the comment:
Updated. Note that removing `eval` is necessary for the new logic of the
function.
--
Added file: http://bugs.python.org/file27586/issue5256.1.patch
___
Python tracker
<http://bugs.python.org/issue5
Changes by Michele Orrù :
--
assignee: -> docs@python
components: +Documentation -Interpreter Core
nosy: +docs@python
___
Python tracker
<http://bugs.python.org/issu
Changes by Michele Orrù :
--
keywords: +patch
Added file: http://bugs.python.org/file27576/issue16236.patch
___
Python tracker
<http://bugs.python.org/issue16
New submission from Michele Orrù:
On Arch/Linux, running `make html` fails with
$ make html
mkdir -p build/html build/doctrees
python tools/sphinx-build.py -b html -d build/doctrees -D latex_paper_size= .
build/html
Traceback (most recent call last):
File "tools/sphinx-build.py"
Michele Orrù added the comment:
Noblesse oblige :)
--
Added file: http://bugs.python.org/file27570/issue8402.1.patch
___
Python tracker
<http://bugs.python.org/issue8
Michele Orrù added the comment:
Updated with tip, and merged with documentation.
--
Added file: http://bugs.python.org/file27569/issue5256.patch
___
Python tracker
<http://bugs.python.org/issue5
Michele Orrù added the comment:
Well, it is a security issue IMO, but not particularly harmful. But certainly
that's not a RFC violation, since I'm not sending rfc-compliant packets.[0]
The best an attacker could do is to DDoS the server running HTTPServer:
tracebacks may
Michele Orrù added the comment:
Updated && tested on GNU/Linux (gcc).
--
Added file: http://bugs.python.org/file27558/issue16201.3.patch
___
Python tracker
<http://bugs.python.org
Michele Orrù added the comment:
The attached patch adds support for '\\' escaping to fnmatch, and consequently
to glob.
--
keywords: +patch
nosy: +maker
versions: +Python 3.4 -Python 3.2
Added file: http://bugs.python.org/file27551/issue
Michele Orrù added the comment:
Reviewed with Ezio.
--
Added file: http://bugs.python.org/file27550/issue16201.2.patch
___
Python tracker
<http://bugs.python.org/issue16
Michele Orrù added the comment:
>
>> Buggy due to the use of scanf at Modueles/socketmodule.c:868
>
> I don't think so. The following test fails because sscanf() returns 5
> instead of 4:
You are right, sorry for didn't notice.
> If you consider that '19
Changes by Michele Orrù :
Added file: http://bugs.python.org/file27540/issue16201.patch
___
Python tracker
<http://bugs.python.org/issue16201>
___
___
Python-bugs-list m
Michele Orrù added the comment:
> Attaching patch to trim leading and trailing whitespaces prior to
> processing.
Note that tests are incorrect: the parsing is of the form %d.%d.%d.%d%c, so the
parser should accept trailing spaces. That's the same for ping iirc:
$ ping "192.1
New submission from Michele Orrù:
Buggy due to the use of scanf at Modueles/socketmodule.c:868
Broken from python2.7 to tip on my machine (GNU/Linux)
>>> import socket
[64481 refs]
>>> socket.gethostbyname('4294967306.4294967296.4294967296.1')
'10.0.0.1'
Changes by Michele Orrù :
--
nosy: +maker
___
Python tracker
<http://bugs.python.org/issue16184>
___
___
Python-bugs-list mailing list
Unsubscribe:
Changes by Michele Orrù :
--
nosy: +maker
___
Python tracker
<http://bugs.python.org/issue16113>
___
___
Python-bugs-list mailing list
Unsubscribe:
New submission from Michele Orrù:
Follows from the discussion on python-dev:
http://mail.python.org/pipermail/python-dev/2012-September/121871.html
--
assignee: docs@python
components: Documentation
messages: 172182
nosy: docs@python, maker, terry.reedy
priority: normal
severity: normal
Changes by Michele Orrù :
--
nosy: +maker
___
Python tracker
<http://bugs.python.org/issue15767>
___
___
Python-bugs-list mailing list
Unsubscribe:
Michele Orrù added the comment:
As a reference, linking the discussion on python-dev.
http://mail.python.org/pipermail/python-dev/2012-October/122011.html
--
___
Python tracker
<http://bugs.python.org/issue13
Changes by Michele Orrù :
--
keywords: +patch
Added file: http://bugs.python.org/file27415/issue16009.patch
___
Python tracker
<http://bugs.python.org/issue16
Michele Orrù added the comment:
> A repr of what?
Of the variable "s" in Lib/json/decoder.py#l358
--
___
Python tracker
<http://bugs.pytho
Michele Orrù added the comment:
Since AFAIK json.loads runs through every simil-str object, I think that a
repr() is fine here. What do you think?
--
nosy: +maker
___
Python tracker
<http://bugs.python.org/issue16
Michele Orrù added the comment:
> The patch does not seem to walk the mro to look for slots in base
> classes. Also, an instance with a __dict__ attribute may also have
>attributes stored in slots.
Well, what I am doing is more or less the equivalent of
return object.__slots__ i
Michele Orrù added the comment:
Patch + unittests + documentation attached.
$ ./python -m test -R 3:2 test_builtin
[1/1] test_builtin
beginning 5 repetitions
12345
.
1 test OK.
[158296 refs]
--
keywords: +patch
nosy: +maker
Added file: http://bugs.python.org/file27395/issue13290
Changes by Michele Orrù :
--
nosy: +maker
___
Python tracker
<http://bugs.python.org/issue16106>
___
___
Python-bugs-list mailing list
Unsubscribe:
Changes by Michele Orrù :
--
nosy: +maker
___
Python tracker
<http://bugs.python.org/issue1052827>
___
___
Python-bugs-list mailing list
Unsubscribe:
Michele Orrù added the comment:
That's ok for me.
Tested with OSX 10.8 and clang.
--
nosy: +maker
___
Python tracker
<http://bugs.python.org/issue16081>
___
___
Michele Orrù added the comment:
Attaching tests that asserts the issue, and a patch for http.server.
Works on tip.
Should be ported also to 2.x?
Note: that 'f = None' is unnecessary, maybe an isolated commit for that?
--
keywords: +patch
Added file: http://bugs.python.org
Changes by Michele Orrù :
Added file: http://bugs.python.org/file27337/issue16083.patch
___
Python tracker
<http://bugs.python.org/issue16083>
___
___
Python-bugs-list m
Michele Orrù added the comment:
Note: on python3, the error is
File "/[...]/cpython/Lib/genericpath.py", line 41, in isdir
st = os.stat(s)
TypeError: embedded NUL character
(same exception but different message.)
I don't know where to start fixing, because the documentat
Changes by Michele Orrù :
--
nosy: -exarkun
___
Python tracker
<http://bugs.python.org/issue16083>
___
___
Python-bugs-list mailing list
Unsubscribe:
Changes by Michele Orrù :
--
nosy: +exarkun
___
Python tracker
<http://bugs.python.org/issue16083>
___
___
Python-bugs-list mailing list
Unsubscribe:
New submission from Michele Orrù:
Sending a "GET /\0" causes a TypeEror to be raised and the connection to be
unexpectedly closed.
$ python -m SimpleHTTPServer 8000
$ printf "GET /\00" | nc localhost 8000
TypeError: must be encoded string without
Michele Orrù added the comment:
"# Internal" appears only in HTMLParser's methods; how could __all__ fix this?
--
nosy: +maker
___
Python tracker
<http://bugs.pyt
Changes by Michele Orrù :
Added file: http://bugs.python.org/file27306/bench.py
___
Python tracker
<http://bugs.python.org/issue8425>
___
___
Python-bugs-list mailin
Changes by Michele Orrù :
Removed file: http://bugs.python.org/file27293/bench.py
___
Python tracker
<http://bugs.python.org/issue8425>
___
___
Python-bugs-list mailin
Michele Orrù added the comment:
> I'm not sure of the usefulness of this comment.
removing, then.
> "else" redundant here.
> Instead of using a local variable "intersected", you can simply add "else
> Py_INCREF(other)" here and then decref &q
Michele Orrù added the comment:
> I'm not sure of the usefulness of this comment.
removing, then.
> "else" redundant here.
> Instead of using a local variable "intersected", you can simply add "else
> Py_INCREF(other)" here and then decref &q
Michele Orrù added the comment:
Updated.
tumbolandia:cpython maker$ hg import --no-commit -f issue8425.2.patch && make
-j3 >/dev/null 2>/dev/null
sto applicando issue8425.2.patch
tumbolandia:cpython maker$ ./python.exe bench.py starting...
setting up te
Changes by Michele Orrù :
Added file: http://bugs.python.org/file27293/bench.py
___
Python tracker
<http://bugs.python.org/issue8425>
___
___
Python-bugs-list mailin
Michele Orrù added the comment:
What do you mean by "does not preserve set identity"? Because I see:
$ ./python.exe
Python 3.3.0rc2+ (default:178f9042af81+, Sep 24 2012, 18:54:31)
[GCC 4.2.1 Compatible Apple Clang 2.1 (tags/Apple/clang-163.7.1)] on darwin
Type "help", &
Michele Orrù added the comment:
woops, sry. Re-posting the benchmark, with three tests: the first one proposed
(@abacabadabacaba) with very large sets; another one with smaller sets.
$ ./python.exe -m timeit -n 100 -s "s= set(range(2000)); l =
set(range(2000))" "s-=l&q
Michele Orrù added the comment:
Reviewed with Ezio.
--
Added file: http://bugs.python.org/file27272/issue8425.1.patch
___
Python tracker
<http://bugs.python.org/issue8
1 - 100 of 198 matches
Mail list logo
