[issue46508] codec name acceptance became way too lenient in 3.9
Gregory P. Smith
report at bugs.python.org
Mon Jan 24 19:12:22 EST 2022
New submission from Gregory P. Smith <greg at krypto.org>:
in 3.8 this was not a valid codec name: "เ_เ_เ_iDnA"
in 3.9 it gets treated as idna and triggers the punycode decoder when passed to bytes.decode(codec).
Discovered by oss-fuzz.
_Likely_ a consequence of https://bugs.python.org/issue37751
The consequences of this change are that anyone can stuff heinous strings into codec names and get a non-LookupError behavior out of them. Anywhere codecs can be part of user input this has many interesting potential negative consequences.
<=3.8 gave `LookupError("unknown encoding: ...`
----------
keywords: 3.9regression
messages: 411535
nosy: gregory.p.smith
priority: normal
severity: normal
stage: needs patch
status: open
title: codec name acceptance became way too lenient in 3.9
type: behavior
versions: Python 3.10, Python 3.11, Python 3.9
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue46508>
_______________________________________
More information about the Python-bugs-list
mailing list