[Twisted-Python] maintenance release - a security issue and a regression

Angelo Dell'Aera angelo.dellaera at gmail.com
Thu Jan 31 09:07:25 EST 2013


On Wed, 30 Jan 2013 23:32:34 +0100
Angelo Dell'Aera <angelo.dellaera at gmail.com> wrote:

> On Wed, 30 Jan 2013 11:04:36 -0800
> Glyph <glyph at twistedmatrix.com> wrote:
> 
> > Any volunteers for parts of this process?
> 
> I'm not familiar with Twisted patching process and for this reason
> I'm just attaching a small patch here for #6245 because I'd like to
> discuss about the approach. If correct I will move on in the process
> (hopefully in the right way)
> 
> The patch simply tries to encode the name argument properly if
> unicode. This is the same approach used by ralphm but applied to Name
> class initialization so it should be really generic.
> 
> Just about a doubt about how to handle an exception potentially
> raised during the name encoding. Any idea?
> 
> Ciao.
> 
> PS Attached a simple test code which forces the name to resolve to be
> unicode. It fails against 12.3.0 while it is correclty executed after
> patching.


I read documentation about Twisted testing and tested if the suggested patch 
introduces some regressions in the existing code

buffer at saiph ~/Twisted-12.3.0/twisted $ trial twisted.names
[..]
Ran 271 tests in 0.425s

PASSED (successes=271)

which seems like it's not happening.

Obviously this is not exhaustive because seems like there are no specific tests 
for that code path (name is always passed as byte) but I can try writing some 
additional ones if needed. 

Ciao,

-- 

Angelo Dell'Aera 'buffer'
Antifork Research, Inc.		http://buffer.antifork.org
Sysenter Honeynet Project	http://www.sysenter-honeynet.org



More information about the Twisted-Python mailing list