[issue46508] codec name acceptance became way too lenient in 3.9

[Gregory P. Smith]

Gregory P. Smith  added the comment:

while figuring this issue out, it may also make sense to address 
https://bugs.python.org/issue44723 as well.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue46508] codec name acceptance became way too lenient in 3.9

[Gregory P. Smith]

New submission from Gregory P. Smith :

in 3.8 this was not a valid codec name: "เ_เ_เ_iDnA"
in 3.9 it gets treated as idna and triggers the punycode decoder when passed to 
bytes.decode(codec).

Discovered by oss-fuzz.

_Likely_ a consequence of https://bugs.python.org/issue37751

The consequences of this change are that anyone can stuff heinous strings into 
codec names and get a non-LookupError behavior out of them. Anywhere codecs can 
be part of user input this has many interesting potential negative consequences.

<=3.8 gave `LookupError("unknown encoding: ...`

--
keywords: 3.9regression
messages: 411535
nosy: gregory.p.smith
priority: normal
severity: normal
stage: needs patch
status: open
title: codec name acceptance became way too lenient in 3.9
type: behavior
versions: Python 3.10, Python 3.11, Python 3.9

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com