Xavier de Gaye added the comment:
It seems that the comment placed above the definition of _MAXLINE in the
nntplib module is not correct:
"RFC 3977 limits NNTP line length to 512 characters, including CRLF. We
have selected 2048 just to be on the safe side."
The 512 characters limit in RFC 3977 only applies to command lines and to the
initial line of a response.
RC 3977 says instead:
"This document does not place any limit on the length of a line in a
multi-line block. However, the standards that define the format of articles
may do so."
So I think _MAXLINE should have a large value (64 K ?) and its semantic is that
a line whose length is above that value is considered by nntplib as a Dos
attack (and not a protocol violation). In that case nntplib should behave in
consequence and prevent any further reads from that connection (either by
closing the connection or raising an exception on each of these attempts). IMHO
this should be handled in the same issue because it is one single problem, and
this may possibly be handled in two different changesets.
----------
_______________________________________
Python tracker <[email protected]>
<http://bugs.python.org/issue28971>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe:
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
