diff options
author | Antoine Pitrou <solipsis@pitrou.net> | 2010-12-18 18:04:38 (GMT) |
---|---|---|
committer | Antoine Pitrou <solipsis@pitrou.net> | 2010-12-18 18:04:38 (GMT) |
commit | ff1bbba92aad261df1ebd8fd8cc189c104e113b0 (patch) | |
tree | ef057b096c5c46b024919cdfcb32591725643fde /Lib/http | |
parent | a2eb94b1cf65e422ec8e3fb3f417d496cf80167b (diff) | |
download | cpython-ff1bbba92aad261df1ebd8fd8cc189c104e113b0.zip cpython-ff1bbba92aad261df1ebd8fd8cc189c104e113b0.tar.gz cpython-ff1bbba92aad261df1ebd8fd8cc189c104e113b0.tar.bz2 |
Merged revisions 87373,87381 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/branches/py3k
........
r87373 | senthil.kumaran | 2010-12-18 17:55:23 +0100 (sam., 18 déc. 2010) | 3 lines
Fix Issue6791 - Limit the HTTP header readline with _MAXLENGTH. Patch by Antoine Pitrou
........
r87381 | antoine.pitrou | 2010-12-18 18:59:18 +0100 (sam., 18 déc. 2010) | 3 lines
NEWS entry for r87373
........
Diffstat (limited to 'Lib/http')
-rw-r--r-- | Lib/http/client.py | 29 | ||||
-rw-r--r-- | Lib/http/server.py | 8 |
2 files changed, 30 insertions, 7 deletions
diff --git a/Lib/http/client.py b/Lib/http/client.py index bd092c2..296dafb 100644 --- a/Lib/http/client.py +++ b/Lib/http/client.py @@ -203,6 +203,9 @@ responses = { # maximal amount of data to read at one time in _safe_read MAXAMOUNT = 1048576 +# maximal line length when calling readline(). +_MAXLINE = 65536 + class HTTPMessage(email.message.Message): # XXX The only usage of this method is in # http.server.CGIHTTPRequestHandler. Maybe move the code there so @@ -245,7 +248,9 @@ def parse_headers(fp, _class=HTTPMessage): """ headers = [] while True: - line = fp.readline() + line = fp.readline(_MAXLINE + 1) + if len(line) > _MAXLINE: + raise LineTooLong("header line") headers.append(line) if line in (b'\r\n', b'\n', b''): break @@ -349,7 +354,10 @@ class HTTPResponse(io.RawIOBase): break # skip the header from the 100 response while True: - skip = self.fp.readline().strip() + skip = self.fp.readline(_MAXLINE + 1) + if len(skip) > _MAXLINE: + raise LineTooLong("header line") + skip = skip.strip() if not skip: break if self.debuglevel > 0: @@ -525,7 +533,9 @@ class HTTPResponse(io.RawIOBase): value = [] while True: if chunk_left is None: - line = self.fp.readline() + line = self.fp.readline(_MAXLINE + 1) + if len(line) > _MAXLINE: + raise LineTooLong("chunk size") i = line.find(b";") if i >= 0: line = line[:i] # strip chunk-extensions @@ -560,7 +570,9 @@ class HTTPResponse(io.RawIOBase): # read and discard trailer up to the CRLF terminator ### note: we shouldn't have any trailers! while True: - line = self.fp.readline() + line = self.fp.readline(_MAXLINE + 1) + if len(line) > _MAXLINE: + raise LineTooLong("trailer line") if not line: # a vanishingly small number of sites EOF without # sending the trailer @@ -703,7 +715,9 @@ class HTTPConnection: raise socket.error("Tunnel connection failed: %d %s" % (code, message.strip())) while True: - line = response.fp.readline() + line = response.fp.readline(_MAXLINE + 1) + if len(line) > _MAXLINE: + raise LineTooLong("header line") if line == b'\r\n': break @@ -1133,6 +1147,11 @@ class BadStatusLine(HTTPException): self.args = line, self.line = line +class LineTooLong(HTTPException): + def __init__(self, line_type): + HTTPException.__init__(self, "got more than %d bytes when reading %s" + % (_MAXLINE, line_type)) + # for backwards compatibility error = HTTPException diff --git a/Lib/http/server.py b/Lib/http/server.py index 5ac6c0d..8de604a 100644 --- a/Lib/http/server.py +++ b/Lib/http/server.py @@ -314,8 +314,12 @@ class BaseHTTPRequestHandler(socketserver.StreamRequestHandler): self.command, self.path, self.request_version = command, path, version # Examine the headers and look for a Connection directive. - self.headers = http.client.parse_headers(self.rfile, - _class=self.MessageClass) + try: + self.headers = http.client.parse_headers(self.rfile, + _class=self.MessageClass) + except http.client.LineTooLong: + self.send_error(400, "Line too long") + return False conntype = self.headers.get('Connection', "") if conntype.lower() == 'close': |