[issue15955] gzip, bz2, lzma: add option to limit output size
Nikolaus Rath
report at bugs.python.org
Mon Apr 22 01:04:35 CEST 2013
Nikolaus Rath added the comment:
The lack of output size limiting has security implications as well.
Without being able to limit the size of the uncompressed data returned per call, it is not possible to decompress untrusted lzma or bz2 data without becoming susceptible to a DoS attack, as the attacker can force allocation of gigantic buffers by sending just a tiny amount of compressed data.
----------
nosy: +Nikratio
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue15955>
_______________________________________
More information about the Python-bugs-list
mailing list