summaryrefslogtreecommitdiffstats
path: root/Lib/http
diff options
context:
space:
mode:
authorAntoine Pitrou <solipsis@pitrou.net>2010-12-18 18:04:38 (GMT)
committerAntoine Pitrou <solipsis@pitrou.net>2010-12-18 18:04:38 (GMT)
commitff1bbba92aad261df1ebd8fd8cc189c104e113b0 (patch)
treeef057b096c5c46b024919cdfcb32591725643fde /Lib/http
parenta2eb94b1cf65e422ec8e3fb3f417d496cf80167b (diff)
downloadcpython-ff1bbba92aad261df1ebd8fd8cc189c104e113b0.zip
cpython-ff1bbba92aad261df1ebd8fd8cc189c104e113b0.tar.gz
cpython-ff1bbba92aad261df1ebd8fd8cc189c104e113b0.tar.bz2
Merged revisions 87373,87381 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/branches/py3k ........ r87373 | senthil.kumaran | 2010-12-18 17:55:23 +0100 (sam., 18 déc. 2010) | 3 lines Fix Issue6791 - Limit the HTTP header readline with _MAXLENGTH. Patch by Antoine Pitrou ........ r87381 | antoine.pitrou | 2010-12-18 18:59:18 +0100 (sam., 18 déc. 2010) | 3 lines NEWS entry for r87373 ........
Diffstat (limited to 'Lib/http')
-rw-r--r--Lib/http/client.py29
-rw-r--r--Lib/http/server.py8
2 files changed, 30 insertions, 7 deletions
diff --git a/Lib/http/client.py b/Lib/http/client.py
index bd092c2..296dafb 100644
--- a/Lib/http/client.py
+++ b/Lib/http/client.py
@@ -203,6 +203,9 @@ responses = {
# maximal amount of data to read at one time in _safe_read
MAXAMOUNT = 1048576
+# maximal line length when calling readline().
+_MAXLINE = 65536
+
class HTTPMessage(email.message.Message):
# XXX The only usage of this method is in
# http.server.CGIHTTPRequestHandler. Maybe move the code there so
@@ -245,7 +248,9 @@ def parse_headers(fp, _class=HTTPMessage):
"""
headers = []
while True:
- line = fp.readline()
+ line = fp.readline(_MAXLINE + 1)
+ if len(line) > _MAXLINE:
+ raise LineTooLong("header line")
headers.append(line)
if line in (b'\r\n', b'\n', b''):
break
@@ -349,7 +354,10 @@ class HTTPResponse(io.RawIOBase):
break
# skip the header from the 100 response
while True:
- skip = self.fp.readline().strip()
+ skip = self.fp.readline(_MAXLINE + 1)
+ if len(skip) > _MAXLINE:
+ raise LineTooLong("header line")
+ skip = skip.strip()
if not skip:
break
if self.debuglevel > 0:
@@ -525,7 +533,9 @@ class HTTPResponse(io.RawIOBase):
value = []
while True:
if chunk_left is None:
- line = self.fp.readline()
+ line = self.fp.readline(_MAXLINE + 1)
+ if len(line) > _MAXLINE:
+ raise LineTooLong("chunk size")
i = line.find(b";")
if i >= 0:
line = line[:i] # strip chunk-extensions
@@ -560,7 +570,9 @@ class HTTPResponse(io.RawIOBase):
# read and discard trailer up to the CRLF terminator
### note: we shouldn't have any trailers!
while True:
- line = self.fp.readline()
+ line = self.fp.readline(_MAXLINE + 1)
+ if len(line) > _MAXLINE:
+ raise LineTooLong("trailer line")
if not line:
# a vanishingly small number of sites EOF without
# sending the trailer
@@ -703,7 +715,9 @@ class HTTPConnection:
raise socket.error("Tunnel connection failed: %d %s" % (code,
message.strip()))
while True:
- line = response.fp.readline()
+ line = response.fp.readline(_MAXLINE + 1)
+ if len(line) > _MAXLINE:
+ raise LineTooLong("header line")
if line == b'\r\n':
break
@@ -1133,6 +1147,11 @@ class BadStatusLine(HTTPException):
self.args = line,
self.line = line
+class LineTooLong(HTTPException):
+ def __init__(self, line_type):
+ HTTPException.__init__(self, "got more than %d bytes when reading %s"
+ % (_MAXLINE, line_type))
+
# for backwards compatibility
error = HTTPException
diff --git a/Lib/http/server.py b/Lib/http/server.py
index 5ac6c0d..8de604a 100644
--- a/Lib/http/server.py
+++ b/Lib/http/server.py
@@ -314,8 +314,12 @@ class BaseHTTPRequestHandler(socketserver.StreamRequestHandler):
self.command, self.path, self.request_version = command, path, version
# Examine the headers and look for a Connection directive.
- self.headers = http.client.parse_headers(self.rfile,
- _class=self.MessageClass)
+ try:
+ self.headers = http.client.parse_headers(self.rfile,
+ _class=self.MessageClass)
+ except http.client.LineTooLong:
+ self.send_error(400, "Line too long")
+ return False
conntype = self.headers.get('Connection', "")
if conntype.lower() == 'close':