Issue #22421 - Secure pydoc server run. Bind it to localhost instead of all interfaces.

3 files changed, 7 insertions, 2 deletions

diff --git a/Lib/pydoc.py b/Lib/pydoc.py
index fa02eda..2a0cbf3 100755
--- a/Lib/pydoc.py
+++ b/Lib/pydoc.py
@@ -2431,8 +2431,8 @@ def _start_server(urlhandler, port):
     class DocServer(http.server.HTTPServer):
 
         def __init__(self, port, callback):
-            self.host = (sys.platform == 'mac') and '127.0.0.1' or 'localhost'
-            self.address = ('', port)
+            self.host = 'localhost'
+            self.address = (self.host, port)
             self.callback = callback
             self.base.__init__(self, self.address, self.handler)
             self.quit = False
diff --git a/Lib/test/test_pydoc.py b/Lib/test/test_pydoc.py
index 42a4089..b632434 100644
--- a/Lib/test/test_pydoc.py
+++ b/Lib/test/test_pydoc.py
@@ -510,6 +510,8 @@ class PydocServerTest(unittest.TestCase):
             return text
 
         serverthread = pydoc._start_server(my_url_handler, port=0)
+        self.assertIn('localhost', serverthread.docserver.address)
+
         starttime = time.time()
         timeout = 1  #seconds
 
diff --git a/Misc/NEWS b/Misc/NEWS
index 398ed29..60946e8 100644
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -10,6 +10,9 @@ What's New in Python 3.2.6?
 Library
 -------
 
+- Issue #22421: Fix a regression that caused the pydoc server to be bound to
+  all interfaces instead of only localhost.
+
 - Issue #22419: Limit the length of incoming HTTP request in wsgiref server to
   65536 bytes and send a 414 error code for higher lengths. Patch contributed
   by Devin Cook.