summaryrefslogtreecommitdiffstats
path: root/Lib/BaseHTTPServer.py
diff options
context:
space:
mode:
authorAntoine Pitrou <solipsis@pitrou.net>2010-12-16 17:11:34 (GMT)
committerAntoine Pitrou <solipsis@pitrou.net>2010-12-16 17:11:34 (GMT)
commit47d9b0e08aeea13ceb7ef7b41e1664f4c81a0958 (patch)
treed379f344ae0262c6161541e62069f646bae7fb95 /Lib/BaseHTTPServer.py
parentfd1cf6f8322eb34063ecad81422d0df032a8bcfc (diff)
downloadcpython-47d9b0e08aeea13ceb7ef7b41e1664f4c81a0958.zip
cpython-47d9b0e08aeea13ceb7ef7b41e1664f4c81a0958.tar.gz
cpython-47d9b0e08aeea13ceb7ef7b41e1664f4c81a0958.tar.bz2
Merged revisions 87317 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/branches/py3k ........ r87317 | antoine.pitrou | 2010-12-16 17:48:36 +0100 (jeu., 16 déc. 2010) | 4 lines Issue #10714: Limit length of incoming request in http.server to 65536 bytes for security reasons. Initial patch by Ross Lagerwall. ........ (also backported some tests)
Diffstat (limited to 'Lib/BaseHTTPServer.py')
-rw-r--r--Lib/BaseHTTPServer.py8
1 files changed, 7 insertions, 1 deletions
diff --git a/Lib/BaseHTTPServer.py b/Lib/BaseHTTPServer.py
index c97c762..da04315 100644
--- a/Lib/BaseHTTPServer.py
+++ b/Lib/BaseHTTPServer.py
@@ -310,7 +310,13 @@ class BaseHTTPRequestHandler(SocketServer.StreamRequestHandler):
"""
try:
- self.raw_requestline = self.rfile.readline()
+ self.raw_requestline = self.rfile.readline(65537)
+ if len(self.raw_requestline) > 65536:
+ self.requestline = ''
+ self.request_version = ''
+ self.command = ''
+ self.send_error(414)
+ return
if not self.raw_requestline:
self.close_connection = 1
return
generated by cgit v0.12 at 2024-12-04 06:58:06 (GMT)