[Twisted-Python] ANN: Twisted 1.0.6 (includes security fixes)

Andrew Dalke dalke at dalkescientific.com
Tue Jul 1 13:52:07 EDT 2003

Itamar Shtull-Trauring:
>    IMPORTANT: This release includes security updates to twisted.web.
>    It is strongly recommended that you upgrade to this version of
>    Twisted.

> What's New in 1.0.6
> ===================
> - Security fixes for twisted.web.

Was the out-of-memory denial of service attack fixed?


Looking at the code, it looks like I can still keep adding headers
until the machine exhausts memory

     def headerReceived(self, line):
         """Do pre-processing (for content-length) and store this header  
         header, data = line.split(':', 1)
         header = header.lower()
         data = data.strip()
         if header == 'content-length':
             self.length = int(data)
         self.requests[-1].received_headers[header] = data

					dalke at dalkescientific.com

More information about the Twisted-Python mailing list