diff options
author | Antoine Pitrou <solipsis@pitrou.net> | 2010-12-16 16:48:36 (GMT) |
---|---|---|
committer | Antoine Pitrou <solipsis@pitrou.net> | 2010-12-16 16:48:36 (GMT) |
commit | c492437922d82b21972a31184af24d15ec23eba8 (patch) | |
tree | d179e4aed041ebcb70ac9adbd9d37002b0aa6bcb /Lib/http/server.py | |
parent | 12de8ac215f2c5e5a4ed30033183fc34b5f1635f (diff) | |
download | cpython-c492437922d82b21972a31184af24d15ec23eba8.zip cpython-c492437922d82b21972a31184af24d15ec23eba8.tar.gz cpython-c492437922d82b21972a31184af24d15ec23eba8.tar.bz2 |
Issue #10714: Limit length of incoming request in http.server to 65536 bytes
for security reasons. Initial patch by Ross Lagerwall.
Diffstat (limited to 'Lib/http/server.py')
-rw-r--r-- | Lib/http/server.py | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/Lib/http/server.py b/Lib/http/server.py index 2140710..f1538f4 100644 --- a/Lib/http/server.py +++ b/Lib/http/server.py @@ -358,7 +358,13 @@ class BaseHTTPRequestHandler(socketserver.StreamRequestHandler): """ try: - self.raw_requestline = self.rfile.readline() + self.raw_requestline = self.rfile.readline(65537) + if len(self.raw_requestline) > 65536: + self.requestline = '' + self.request_version = '' + self.command = '' + self.send_error(414) + return if not self.raw_requestline: self.close_connection = 1 return |