[issue28971] nntplib is broken when responses are longer than _MAXLINE
Xavier de Gaye
report at bugs.python.org
Thu Dec 15 07:51:34 EST 2016
Xavier de Gaye added the comment:
It seems that the comment placed above the definition of _MAXLINE in the nntplib module is not correct:
"RFC 3977 limits NNTP line length to 512 characters, including CRLF. We have selected 2048 just to be on the safe side."
The 512 characters limit in RFC 3977 only applies to command lines and to the initial line of a response.
RC 3977 says instead:
"This document does not place any limit on the length of a line in a multi-line block. However, the standards that define the format of articles may do so."
So I think _MAXLINE should have a large value (64 K ?) and its semantic is that a line whose length is above that value is considered by nntplib as a Dos attack (and not a protocol violation). In that case nntplib should behave in consequence and prevent any further reads from that connection (either by closing the connection or raising an exception on each of these attempts). IMHO this should be handled in the same issue because it is one single problem, and this may possibly be handled in two different changesets.
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue28971>
_______________________________________
More information about the Python-bugs-list
mailing list