Change by shuoz :
--
title: urllib may leak sensitive HTTP headers to a third-party web site ->
urllib may leak sensitive HTTP headers to a third-party web site
___
Python tracker
<https://bugs.python.org/issu
shuoz added the comment:
thank you for your reply.
--
resolution: -> not a bug
stage: -> resolved
status: open -> closed
type: security -> crash
___
Python tracker
<https://bugs.python
New submission from shuoz :
stack exhaustion in 3.6.7.
in python 3.6.7 set recursive depth 2 will exhaustion stack and get
Segmentation fault. But this dont happen in python 2.7
```
import sys
sys.setrecursionlimit(2)
def f():
f()
f()
```
--
components: 2to3 (2.x to 3
shuoz added the comment:
oh brother, maybe this worth open a cve.
--
___
Python tracker
<https://bugs.python.org/issue34922>
___
___
Python-bugs-list mailin
shuoz added the comment:
I send this to secur...@python.org.
Victor Stinner response me.
"import hashlib; hashlib.shake_128().hexdigest((-1)&2**64-1)" can crash
python3.7 and master
```
fan@fan:~/github/new$ ./py3.7/bin/python3
Python 3.7.1rc1+ (heads/3.7:c59e75c, Oct 8
New submission from shuoz :
python hashlib a signd overflow maybe cause a memory over read.
python version:
Python 3.6.7rc1+ (heads/3.6:cb0bec3, Oct 1 2018, 02:19:39)
[GCC 7.3.0] on linux
Type "help", "copyright", "credits" or
New submission from shuoz :
python _ctypes.dlclose(arg).
Never check the arg so we get a Segmentation fault (core dumped)
poc.py
```
import _ctypes
_ctypes.dlclose(3) # 3-4294967296
```
python poc.py
gdb info
```
--registers
shuoz added the comment:
[--registers---]
RAX: 0x7ff9d401e010 --> 0x0
RBX: 0x77f48d00 --> 0x1
RCX: 0x7ff8ab58c800 --> 0x77ea5d80 --> 0x2
RDX: 0x73ac47d8 --> 0x1
RSI: 0x25152303
RDI: 0xfff3a803c
Change by shuoz :
Added file: https://bugs.python.org/file47802/pk.py
___
Python tracker
<https://bugs.python.org/issue34656>
___
___
Python-bugs-list mailing list
Unsub
New submission from shuoz :
python version:
Python 3.8.0a0 (heads/master:4ae8ece, Sep 13 2018, 09:48:16)
[GCC 5.4.0 20160609] on linux
I found a bug in python pickle.load func. Can cause memory exhaustion DDOS.
./python pk.py poc
cat ./pk.py
import pickle
import sys
filename
10 matches
Mail list logo