Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Stop buffering if extremely long lines are received #3

Closed
giampaolo opened this issue May 28, 2014 · 7 comments
Closed

Stop buffering if extremely long lines are received #3

giampaolo opened this issue May 28, 2014 · 7 comments
Assignees
Labels
bug Component-Library imported imported from old googlecode site and very likely outdated Priority-High Security

Comments

@giampaolo
Copy link
Owner

From billiej...@gmail.com on May 18, 2007 22:59:01

Method "collect_incoming_data" of "ftp_handler" class should stop buffering
if received lines are too long (possible Denial-of-Service attacks).
Patch:


class ftp_handler(asynchat.async_chat):

    [...]

    def collect_incoming_data(self, data):        
        self.in_buffer = self.in_buffer + data

+        if len(self.in_buffer) > 2048:

+            self.in_buffer = ""


    def found_terminator(self):        
        line = self.in_buffer.strip()

    [...]

Original issue: http://code.google.com/p/pyftpdlib/issues/detail?id=3

@giampaolo giampaolo self-assigned this May 28, 2014
@giampaolo
Copy link
Owner Author

From billiej...@gmail.com on July 19, 2007 19:07:25

Status: Finished
Cc: -aleaxit jloden yanraber

@giampaolo
Copy link
Owner Author

From billiej...@gmail.com on July 19, 2007 19:12:00

Fixed in SVN, revision #20

@giampaolo
Copy link
Owner Author

From billiej...@gmail.com on August 06, 2007 03:20:16

Labels: Milestone-0.2.0

@giampaolo
Copy link
Owner Author

From billiej...@gmail.com on September 17, 2007 09:29:53

Status: Fixed

@giampaolo
Copy link
Owner Author

From billiej...@gmail.com on May 02, 2008 11:27:42

Labels: Version-0.1.1

@giampaolo
Copy link
Owner Author

From billiej...@gmail.com on October 13, 2008 12:13:13

Labels: Component-Library

@giampaolo
Copy link
Owner Author

From g.rodola on August 11, 2010 15:20:00

Owner: g.rodola

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Component-Library imported imported from old googlecode site and very likely outdated Priority-High Security
Projects
None yet
Development

No branches or pull requests

1 participant