diff options
| author | Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com> | 2021-05-05 23:14:28 (GMT) |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-05-05 23:14:28 (GMT) |
| commit | 60ba0b68470a584103e28958d91e93a6db37ec92 (patch) | |
| tree | 45a48643d20bec4f6c2eebc109bb273b1ca525a9 /Lib/http/client.py | |
| parent | 24f1d1a8a2c4aa58a606b4b6d5fa4305a3b91705 (diff) | |
| download | cpython-60ba0b68470a584103e28958d91e93a6db37ec92.zip cpython-60ba0b68470a584103e28958d91e93a6db37ec92.tar.gz cpython-60ba0b68470a584103e28958d91e93a6db37ec92.tar.bz2 | |
bpo-44022: Fix http client infinite line reading (DoS) after a HTTP 100 Continue (GH-25916) (GH-25931)
Fixes http.client potential denial of service where it could get stuck reading lines from a malicious server after a 100 Continue response.
Co-authored-by: Gregory P. Smith <greg@krypto.org>
(cherry picked from commit 47895e31b6f626bc6ce47d175fe9d43c1098909d)
Co-authored-by: Gen Xu <xgbarry@gmail.com>
Diffstat (limited to 'Lib/http/client.py')
| -rw-r--r-- | Lib/http/client.py | 38 |
1 files changed, 21 insertions, 17 deletions
diff --git a/Lib/http/client.py b/Lib/http/client.py index 4b1f692..08cf2ed 100644 --- a/Lib/http/client.py +++ b/Lib/http/client.py @@ -202,15 +202,11 @@ class HTTPMessage(email.message.Message): lst.append(line) return lst -def parse_headers(fp, _class=HTTPMessage): - """Parses only RFC2822 headers from a file pointer. - - email Parser wants to see strings rather than bytes. - But a TextIOWrapper around self.rfile would buffer too many bytes - from the stream, bytes which we later need to read as bytes. - So we read the correct bytes here, as bytes, for email Parser - to parse. +def _read_headers(fp): + """Reads potential header lines into a list from a file pointer. + Length of line is limited by _MAXLINE, and number of + headers is limited by _MAXHEADERS. """ headers = [] while True: @@ -222,6 +218,19 @@ def parse_headers(fp, _class=HTTPMessage): raise HTTPException("got more than %d headers" % _MAXHEADERS) if line in (b'\r\n', b'\n', b''): break + return headers + +def parse_headers(fp, _class=HTTPMessage): + """Parses only RFC2822 headers from a file pointer. + + email Parser wants to see strings rather than bytes. + But a TextIOWrapper around self.rfile would buffer too many bytes + from the stream, bytes which we later need to read as bytes. + So we read the correct bytes here, as bytes, for email Parser + to parse. + + """ + headers = _read_headers(fp) hstring = b''.join(headers).decode('iso-8859-1') return email.parser.Parser(_class=_class).parsestr(hstring) @@ -309,15 +318,10 @@ class HTTPResponse(io.BufferedIOBase): if status != CONTINUE: break # skip the header from the 100 response - while True: - skip = self.fp.readline(_MAXLINE + 1) - if len(skip) > _MAXLINE: - raise LineTooLong("header line") - skip = skip.strip() - if not skip: - break - if self.debuglevel > 0: - print("header:", skip) + skipped_headers = _read_headers(self.fp) + if self.debuglevel > 0: + print("headers:", skipped_headers) + del skipped_headers self.code = self.status = status self.reason = reason.strip() |