summaryrefslogtreecommitdiffstats
path: root/Lib/http/server.py
diff options
context:
space:
mode:
authorAntoine Pitrou <solipsis@pitrou.net>2010-12-16 16:48:36 (GMT)
committerAntoine Pitrou <solipsis@pitrou.net>2010-12-16 16:48:36 (GMT)
commitc492437922d82b21972a31184af24d15ec23eba8 (patch)
treed179e4aed041ebcb70ac9adbd9d37002b0aa6bcb /Lib/http/server.py
parent12de8ac215f2c5e5a4ed30033183fc34b5f1635f (diff)
downloadcpython-c492437922d82b21972a31184af24d15ec23eba8.zip
cpython-c492437922d82b21972a31184af24d15ec23eba8.tar.gz
cpython-c492437922d82b21972a31184af24d15ec23eba8.tar.bz2
Issue #10714: Limit length of incoming request in http.server to 65536 bytes
for security reasons. Initial patch by Ross Lagerwall.
Diffstat (limited to 'Lib/http/server.py')
-rw-r--r--Lib/http/server.py8
1 files changed, 7 insertions, 1 deletions
diff --git a/Lib/http/server.py b/Lib/http/server.py
index 2140710..f1538f4 100644
--- a/Lib/http/server.py
+++ b/Lib/http/server.py
@@ -358,7 +358,13 @@ class BaseHTTPRequestHandler(socketserver.StreamRequestHandler):
"""
try:
- self.raw_requestline = self.rfile.readline()
+ self.raw_requestline = self.rfile.readline(65537)
+ if len(self.raw_requestline) > 65536:
+ self.requestline = ''
+ self.request_version = ''
+ self.command = ''
+ self.send_error(414)
+ return
if not self.raw_requestline:
self.close_connection = 1
return