[Twisted-Python] ANN: Twisted 1.0.6 (includes security fixes)

Andrew Dalke dalke at dalkescientific.com
Tue Jul 1 13:52:07 EDT 2003


Itamar Shtull-Trauring:
>    IMPORTANT: This release includes security updates to twisted.web.
>    It is strongly recommended that you upgrade to this version of
>    Twisted.
>

> What's New in 1.0.6
> ===================
>
> - Security fixes for twisted.web.

Was the out-of-memory denial of service attack fixed?

    
http://www.twistedmatrix.com/pipermail/twisted-python/2003-June/ 
004462.html

Looking at the code, it looks like I can still keep adding headers
until the machine exhausts memory

     def headerReceived(self, line):
         """Do pre-processing (for content-length) and store this header  
away.
         """
         header, data = line.split(':', 1)
         header = header.lower()
         data = data.strip()
         if header == 'content-length':
             self.length = int(data)
         self.requests[-1].received_headers[header] = data

					Andrew
					dalke at dalkescientific.com





More information about the Twisted-Python mailing list