[pull] master from sqlmapproject:master

data/txt/sha256sums.txt

@@ -155,7 +155,7 @@ ca86d61d3349ed2d94a6b164d4648cff9701199b5e32378c3f40fca0f517b128  extra/shutils/
 3893c13c6264dd71842a3d2b3509dd8335484f825b43ed2f14f8161905d1b214  extra/shutils/pycodestyle.sh
 0525e3f6004eb340b8a1361072a281f920206626f0c8f6d25e67c8cef7aee78a  extra/shutils/pydiatra.sh
 763240f767c3d025cefb70dede0598c134ea9a520690944ae16a734e80fd98a0  extra/shutils/pyflakes.sh
-d12fd5916e97b2034ba7fbfa8da48f590dc10807119b97a9d27347500c610c2d  extra/shutils/pypi.sh
+07c500a13c9fca3ee2915bf00db9f064fa7d4aa1631989ef86f87828bdf60c11  extra/shutils/pypi.sh
 df768bcb9838dc6c46dab9b4a877056cb4742bd6cfaaf438c4a3712c5cc0d264  extra/shutils/recloak.sh
 1972990a67caf2d0231eacf60e211acf545d9d0beeb3c145a49ba33d5d491b3f  extra/shutils/strip.sh
 1966ca704961fb987ab757f0a4afddbf841d1a880631b701487c75cef63d60c3  extra/vulnserver/__init__.py
@@ -188,7 +188,7 @@ d197388e8e2aabe19f2529bfcac780e18e22a905d01319080d7afe4cb2b1c4c9  lib/core/optio
 48797d6c34dd9bb8a53f7f3794c85f4288d82a9a1d6be7fcf317d388cb20d4b3  lib/core/replication.py
 0b8c38a01bb01f843d94a6c5f2075ee47520d0c4aa799cecea9c3e2c5a4a23a6  lib/core/revision.py
 888daba83fd4a34e9503fe21f01fef4cc730e5cde871b1d40e15d4cbc847d56c  lib/core/session.py
-399d2fb45efa471982eb1d43e4dfc8a965fbca2165f484e73c68071eebdbf267  lib/core/settings.py
+741a56271a03ce218a3956e2f915841993e3649c7314d01c3493f680276756fc  lib/core/settings.py
 cd5a66deee8963ba8e7e9af3dd36eb5e8127d4d68698811c29e789655f507f82  lib/core/shell.py
 bcb5d8090d5e3e0ef2a586ba09ba80eef0c6d51feb0f611ed25299fbb254f725  lib/core/subprocessng.py
 70ea3768f1b3062b22d20644df41c86238157ec80dd43da40545c620714273c6  lib/core/target.py
@@ -208,7 +208,7 @@ c5b258be7485089fac9d9cd179960e774fbd85e62836dc67cce76cc028bb6aeb  lib/parse/hand
 d2e771cdacef25ee3fdc0e0355b92e7cd1b68f5edc2756ffc19f75d183ba2c73  lib/parse/payloads.py
 455ab0ec63e55cd56ce4a884b85bdc089223155008cab0f3696da5a33118f95b  lib/parse/sitemap.py
 1be3da334411657461421b8a26a0f2ff28e1af1e28f1e963c6c92768f9b0847c  lib/request/basicauthhandler.py
-1d5972aba14e4e340e3dde4f1d39a671020187fb759f435ba8b7f522dd4498fa  lib/request/basic.py
+132abf563aeaaf0108b7e3932cfcc9680c8f445e992de4ee71ceed1ddf60bc29  lib/request/basic.py
 bc61bc944b81a7670884f82231033a6ac703324b34b071c9834886a92e249d0e  lib/request/chunkedhandler.py
 09c2d8786fb5280f5f14a7b4345ecb2e7c2ca836ee06a6cf9b51770df923d94c  lib/request/comparison.py
 86bfe2cef8d3fcdbadf3adc427f593ec638cf8953a37c68dd17691741bf9a950  lib/request/connect.py

extra/shutils/pypi.sh

@@ -63,6 +63,10 @@ setup(
     },
 )
 EOF
+cat > "$TMP_DIR/setup.cfg" << "EOF"
+[bdist_wheel]
+universal = 1
+EOF
 wget "https://github.com/sqlmapproject/sqlmap/archive/$VERSION.zip" -O sqlmap.zip
 unzip sqlmap.zip
 rm sqlmap.zip

lib/core/settings.py

@@ -20,7 +20,7 @@
 from thirdparty import six
 
 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.10.5.1"
+VERSION = "1.10.5.3"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)

lib/request/basic.py

@@ -297,6 +297,11 @@ def decodePage(page, contentEncoding, contentType, percentDecode=True):
             if contentEncoding == "deflate":
                 obj = zlib.decompressobj(-15)
                 page = obj.decompress(page, MAX_CONNECTION_TOTAL_SIZE + 1)
+
+                # catch the deflate bomb before flush() forcefully expands it into RAM
+                if len(page) > MAX_CONNECTION_TOTAL_SIZE:
+                    raise Exception("size too large")
+
                 page += obj.flush()
                 if len(page) > MAX_CONNECTION_TOTAL_SIZE:
                     raise Exception("size too large")