Message 306980 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	martin.panter
Recipients	martin.panter, orange, vstinner
Date	2017-11-26.01:00:28
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<[email protected]>
In-reply-to

Content
The square □ in the strings represents a space. Issue 1 (CRLF in HTTP request path): it looks like the %0D%0A would have to be decoded by an earlier step in the chain to "http://127.0.0.1:25/\r\nHELO . . .". This becomes like the header injection I mentioned in Issue 30458. Issue 2 (CRLF in HTTPS host): it seems this doesn’t work in Python as a side effect of Issue 22928 blocking generation of the Host field. But if you add a space you bypass that: "https://host%0D%0A%20SLAVEOF . . .:6379".

The square □ in the strings represents a space.

Issue 1 (CRLF in HTTP request path): it looks like the %0D%0A would have to be decoded by an earlier step in the chain to "http://127.0.0.1:25/\r\nHELO . . .". This becomes like the header injection I mentioned in Issue 30458.

Issue 2 (CRLF in HTTPS host): it seems this doesn’t work in Python as a side effect of Issue 22928 blocking generation of the Host field. But if you add a space you bypass that: "https://host%0D%0A%20SLAVEOF . . .:6379".

History
Date	User	Action	Args
2017-11-26 01:00:28	martin.panter	set	recipients: + martin.panter, vstinner, orange
2017-11-26 01:00:28	martin.panter	set	messageid: <[email protected]>
2017-11-26 01:00:28	martin.panter	link	issue32085 messages
2017-11-26 01:00:28	martin.panter	create