[issue30119] (ftplib) A remote attacker could possibly attack by containing the newline characters
Dong-hee Na
report at bugs.python.org
Fri Apr 28 22:58:36 EDT 2017
Dong-hee Na added the comment:
One of the purposes of the JDK patch is to prevent '\ r' and '\ n' from being inserted into the ftp command. In particular, it seems to assume that if another malice command is inserted after '\ n', the possibility of such an attack will be opened at a later time.
IMO, I think that we can block '\ r \ n' and '\ n' at the same time by blocking only '\ n'. Although '\ r' allows
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue30119>
_______________________________________
More information about the Python-bugs-list
mailing list