[issue1745035] DoS smtpd vulnerability

2010-12-02 Thread Georg Brandl
Georg Brandl added the comment: Committed in r86955. Thanks! -- resolution: -> fixed status: open -> closed ___ Python tracker ___ __

[issue1745035] DoS smtpd vulnerability

2010-11-23 Thread Georg Brandl
Changes by Georg Brandl : -- nosy: +georg.brandl ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.

[issue1745035] DoS smtpd vulnerability

2010-11-23 Thread Giampaolo Rodola'
Giampaolo Rodola' added the comment: AFAICT patch looks ok to me. -- ___ Python tracker ___ ___ Python-bugs-list mailing list Unsub

[issue1745035] DoS smtpd vulnerability

2010-11-23 Thread Savio Sena
Savio Sena added the comment: size_limits are not class attributes instead of instance attributes, as suggested by giampaolo.rodola. -- Added file: http://bugs.python.org/file19790/issue1745035-101123-saviosena.diff ___ Python tracker

[issue1745035] DoS smtpd vulnerability

2010-11-23 Thread Savio Sena
Savio Sena added the comment: Previous patch was incorrect. I'm attaching another one, I'm really sorry. @giampaolo, about making the limits class attributes, it's not a good idea IMHO. According to RFC1869 command sizes can change depending on which Service Extensions are supported. ---

[issue1745035] DoS smtpd vulnerability

2010-11-23 Thread Giampaolo Rodola'
Giampaolo Rodola' added the comment: I think data_size_limit and command_size_limit should be class attributes instead of instance attributes. -- ___ Python tracker ___ _

[issue1745035] DoS smtpd vulnerability

2010-11-23 Thread Savio Sena
Savio Sena added the comment: Attaching a more concise patch, as requested by georg.brandl. -- Added file: http://bugs.python.org/file19787/issue1745035-101123-saviosena.diff ___ Python tracker _

[issue1745035] DoS smtpd vulnerability

2010-11-21 Thread Savio Sena
Savio Sena added the comment: The attached patch adopts the minimalistic approach described in previous post. It pretends to implement Message Size Extension, defining a maximum message data size to 32M bytes and maximum command length to 512 bytes. In my opinion this is the best way to accom

[issue1745035] DoS smtpd vulnerability

2010-11-21 Thread Henrique Bastos
Changes by Henrique Bastos : -- nosy: +henriquebastos ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: http://

[issue1745035] DoS smtpd vulnerability

2010-11-20 Thread Savio Sena
Savio Sena added the comment: The definite (and only?) solution would be to implement 'Message Size Declaration[1]' Service Extension[2]. We can limit the size of commands and text lines, but not the message size as a whole[3]. RFC1870 was created exactly with the purpose of solving DoS issue

[issue1745035] DoS smtpd vulnerability

2010-11-20 Thread Savio Sena
Changes by Savio Sena : -- nosy: +saviosena ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.pytho

[issue1745035] DoS smtpd vulnerability

2010-09-17 Thread Mark Lawrence
Mark Lawrence added the comment: Given the title, type and severity shouldn't someone take a look at this? -- nosy: +BreamoreBoy ___ Python tracker ___ ___

[issue1745035] DoS smtpd vulnerability

2010-05-11 Thread Terry J. Reedy
Changes by Terry J. Reedy : -- versions: +Python 2.7, Python 3.1, Python 3.2 -Python 3.0 ___ Python tracker ___ ___ Python-bugs-list

[issue1745035] DoS smtpd vulnerability

2008-09-30 Thread Giampaolo Rodola'
Giampaolo Rodola' <[EMAIL PROTECTED]> added the comment: Yes, you're right. I mixed up SMTP with FTP which does not send data on the same connection used for receiving commands. ___ Python tracker <[EMAIL PROTECTED]> _

[issue1745035] DoS smtpd vulnerability

2008-09-29 Thread Josiah Carlson
Josiah Carlson <[EMAIL PROTECTED]> added the comment: The patch does not work as Giampaolo intends. If the patch were applied as-is, no emails longer than 998 bytes could be sent. Instead, incrementing linelen in the collect_incoming_data() method should only be performed if self.terminator =

[issue1745035] DoS smtpd vulnerability

2008-02-11 Thread Giampaolo Rodola'
Changes by Giampaolo Rodola': -- versions: +Python 2.6, Python 3.0 _ Tracker <[EMAIL PROTECTED]> _ ___ Python-bugs-list mailing list

[issue1745035] DoS smtpd vulnerability

2008-01-30 Thread Jesús Cea Avión
Changes by Jesús Cea Avión: -- nosy: +jcea _ Tracker <[EMAIL PROTECTED]> _ ___ Python-bugs-list mailing list Unsubscribe: http://ma

[issue1745035] DoS smtpd vulnerability

2008-01-23 Thread Giampaolo Rodola'
Giampaolo Rodola' added the comment: I update this bug as GvR requested here: http://groups.google.it/group/python-dev2/browse_thread/thread/33cad7b7c1cdb19f?hl=it The patch in attachment fixes what discussed before. In addition it sets a smaller timeout for asyncore.loop() for permitting to sto

[issue1745035] DoS smtpd vulnerability

2007-10-21 Thread billiejoex
Changes by billiejoex: Added file: http://bugs.python.org/file8587/smtpd.diff _ Tracker <[EMAIL PROTECTED]> _ ___ Python-bugs-list mailing li

[issue1745035] DoS smtpd vulnerability

2007-10-21 Thread billiejoex
billiejoex added the comment: > What does this do when a line longer than 4096 bytes > is found? Does it report an error to the SMTP client? > That's my only concern. Sorry for replying so late. No, it does not report the error and this is bad. I've searched through RFCs and I found that RF

[issue1745035] DoS smtpd vulnerability

2007-09-18 Thread Sean Reifschneider
Sean Reifschneider added the comment: Patch is inline above. RFC2822 says lines MUST be less than 998 bytes long, so this should be fine. What does this do when a line longer than 4096 bytes is found? Does it report an error to the SMTP client? That's my only concern. -- assignee: -