[Twisted-Python] maintenance release - a security issue and a regression

Angelo Dell'Aera angelo.dellaera at gmail.com
Wed Jan 30 17:32:34 EST 2013


On Wed, 30 Jan 2013 11:04:36 -0800
Glyph <glyph at twistedmatrix.com> wrote:

> Any volunteers for parts of this process?

I'm not familiar with Twisted patching process and for this reason I'm just attaching
a small patch here for #6245 because I'd like to discuss about the approach. If 
correct I will move on in the process (hopefully in the right way)

The patch simply tries to encode the name argument properly if unicode. This is
the same approach used by ralphm but applied to Name class initialization so it
should be really generic.

Just about a doubt about how to handle an exception potentially raised during the
name encoding. Any idea?

Ciao.

PS Attached a simple test code which forces the name to resolve to be unicode.
It fails against 12.3.0 while it is correclty executed after patching.

-- 

Angelo Dell'Aera 'buffer'
Antifork Research, Inc.		http://buffer.antifork.org
Sysenter Honeynet Project	http://www.sysenter-honeynet.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: gethostbyname.py
Type: text/x-python
Size: 569 bytes
Desc: not available
Url : http://twistedmatrix.com/pipermail/twisted-python/attachments/20130130/d9bd7167/attachment.py 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: patch.diff
Type: text/x-patch
Size: 642 bytes
Desc: not available
Url : http://twistedmatrix.com/pipermail/twisted-python/attachments/20130130/d9bd7167/attachment.bin 


More information about the Twisted-Python mailing list