Public bug reported: 2ping 3.2.0-1 (currently in xenial) contains a remote crash denial of service condition when the peer sends a notice with non-ASCII (e.g. Unicode) text. This cannot lead to a remote crash in the listener's default configuration (only when --debug is passed), but IMHO is serious enough that this fix should be included before xenial is released.
Please sync 2ping 3.2.1-1 from Debian unstable. 3.2.1-1 contains the following fix against 3.2.0-1 to properly render Unicode notices and filter invalid high characters: diff --git a/twoping/cli.py b/twoping/cli.py index 418f5b7..3e94573 100755 --- a/twoping/cli.py +++ b/twoping/cli.py @@ -335,7 +335,7 @@ class TwoPing(): (packets.OpcodeExtended.id in packet_in.opcodes) and (packets.ExtendedNotice.id in packet_in.opcodes[packets.OpcodeExtended.id].segments) ): - notice = str(packet_in.opcodes[packets.OpcodeExtended.id].segments[packets.ExtendedNotice.id].text) + notice = unicode(str(packet_in.opcodes[packets.OpcodeExtended.id].segments[packets.ExtendedNotice.id].text), 'UTF-8', 'replace') self.print_out(' ' + _('Peer notice: {notice}').format(notice=notice)) sock_class.courtesy_messages[peer_tuple][replied_message_id_int] = (time_begin, replied_message_id) ** Affects: 2ping (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1562455 Title: Please sync 2ping 3.2.1-1 (universe) from Debian unstable (main) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/2ping/+bug/1562455/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs