Xavier de Gaye added the comment: It seems that the comment placed above the definition of _MAXLINE in the nntplib module is not correct: "RFC 3977 limits NNTP line length to 512 characters, including CRLF. We have selected 2048 just to be on the safe side." The 512 characters limit in RFC 3977 only applies to command lines and to the initial line of a response.
RC 3977 says instead: "This document does not place any limit on the length of a line in a multi-line block. However, the standards that define the format of articles may do so." So I think _MAXLINE should have a large value (64 K ?) and its semantic is that a line whose length is above that value is considered by nntplib as a Dos attack (and not a protocol violation). In that case nntplib should behave in consequence and prevent any further reads from that connection (either by closing the connection or raising an exception on each of these attempts). IMHO this should be handled in the same issue because it is one single problem, and this may possibly be handled in two different changesets. ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue28971> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com