2012-12-24 12:07:34 |
Andrew Cooke |
bug |
|
|
added bug |
2012-12-24 12:07:59 |
Andrew Cooke |
information type |
Private Security |
Public Security |
|
2012-12-24 18:24:24 |
Andrew Cooke |
summary |
allow_wraparound misleadingly documented |
allow_wraparound incorrectly documented |
|
2012-12-24 21:32:55 |
Andrew Cooke |
information type |
Public Security |
Public |
|
2013-03-03 22:12:48 |
Debra Virden |
description |
The documentation for Counter says:
allow_wraparound (boolean) - If True, the function will raise an OverflowError exception as soon as the counter wraps around. If False (default), the counter will simply restart from zero.
which is confusing as all heck. If the text is correct then setting this to true (ie setting ALLOW to TRUE) then wraparound is DISALLOWED. The implementation is at the C level so I haven't looked or tested, but at the moment it's not clear if the docs are plain wrong the naming of the parameter is just monumentally dumb.
Marking this as a security vulnerability because if you get wraparound when you're not expecting it you could have duplicate streams. |
The documentation for Counter says:
allow_wraparound (boolean) - If True, the function will raise an Overflow Error exception as soon as the counter wraps around. If False (default), the counter will simply restart from zero.
Which is very confusing. If the text is correct then setting this to true (ie setting ALLOW to TRUE) then wraparound is DISALLOWED. The implementation is at the C level so I haven't looked or tested, but at the moment it's not clear if the docs are wrong. The naming of the parameter is just monumentally dumb.
Marking this as a security vulnerability because if you get wraparound when you're not expecting it you could have duplicate streams. |
|
2013-03-03 23:37:45 |
Andrew Cooke |
description |
The documentation for Counter says:
allow_wraparound (boolean) - If True, the function will raise an Overflow Error exception as soon as the counter wraps around. If False (default), the counter will simply restart from zero.
Which is very confusing. If the text is correct then setting this to true (ie setting ALLOW to TRUE) then wraparound is DISALLOWED. The implementation is at the C level so I haven't looked or tested, but at the moment it's not clear if the docs are wrong. The naming of the parameter is just monumentally dumb.
Marking this as a security vulnerability because if you get wraparound when you're not expecting it you could have duplicate streams. |
The documentation for Counter says:
allow_wraparound (boolean) - If True, the function will raise an Overflow Error exception as soon as the counter wraps around. If False (default), the counter will simply restart from zero.
Which is very confusing. If the text is correct then setting this to true (ie setting ALLOW to TRUE) means that wraparound is DISALLOWED. The implementation is at the C level so I haven't looked or tested, but at the moment it's not clear if the docs are wrong, or
if the naming of the parameter is just monumentally dumb.
Marking this as a security vulnerability because if you get wraparound when you're not expecting it you could have duplicate streams. |
|
2013-03-03 23:38:25 |
Andrew Cooke |
description |
The documentation for Counter says:
allow_wraparound (boolean) - If True, the function will raise an Overflow Error exception as soon as the counter wraps around. If False (default), the counter will simply restart from zero.
Which is very confusing. If the text is correct then setting this to true (ie setting ALLOW to TRUE) means that wraparound is DISALLOWED. The implementation is at the C level so I haven't looked or tested, but at the moment it's not clear if the docs are wrong, or
if the naming of the parameter is just monumentally dumb.
Marking this as a security vulnerability because if you get wraparound when you're not expecting it you could have duplicate streams. |
The documentation for Counter says:
allow_wraparound (boolean) - If True, the function will raise an OverflowError exception as soon as the counter wraps around. If False (default), the counter will simply restart from zero.
Which is very confusing. If the text is correct then setting this to true (ie setting ALLOW to TRUE) means that wraparound is DISALLOWED. The implementation is at the C level so I haven't looked or tested, but at the moment it's not clear if the docs are wrong, or
if the naming of the parameter is just monumentally dumb.
Marking this as a security vulnerability because if you get wraparound when you're not expecting it you could have duplicate streams. |
|
2013-07-15 06:39:58 |
Darsey Litzenberger |
pycrypto: status |
New |
Fix Committed |
|