summaryrefslogtreecommitdiffstats
path: root/Lib/http
diff options
context:
space:
mode:
authorAntoine Pitrou <solipsis@pitrou.net>2010-12-16 17:03:16 (GMT)
committerAntoine Pitrou <solipsis@pitrou.net>2010-12-16 17:03:16 (GMT)
commit3022ce1a14b364a1d1d69405646aae892d827666 (patch)
treefd1d9c88c256dbb29762cc1e021da711e0a6c291 /Lib/http
parent0da0c48e2362d9ec7f5ef0ea4302728c1c7d56d8 (diff)
downloadcpython-3022ce1a14b364a1d1d69405646aae892d827666.zip
cpython-3022ce1a14b364a1d1d69405646aae892d827666.tar.gz
cpython-3022ce1a14b364a1d1d69405646aae892d827666.tar.bz2
Merged revisions 87317 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/branches/py3k ........ r87317 | antoine.pitrou | 2010-12-16 17:48:36 +0100 (jeu., 16 déc. 2010) | 4 lines Issue #10714: Limit length of incoming request in http.server to 65536 bytes for security reasons. Initial patch by Ross Lagerwall. ........ (also backport some tests)
Diffstat (limited to 'Lib/http')
-rw-r--r--Lib/http/server.py8
1 files changed, 7 insertions, 1 deletions
diff --git a/Lib/http/server.py b/Lib/http/server.py
index c5b00d6..5ac6c0d 100644
--- a/Lib/http/server.py
+++ b/Lib/http/server.py
@@ -333,7 +333,13 @@ class BaseHTTPRequestHandler(socketserver.StreamRequestHandler):
commands such as GET and POST.
"""
- self.raw_requestline = self.rfile.readline()
+ self.raw_requestline = self.rfile.readline(65537)
+ if len(self.raw_requestline) > 65536:
+ self.requestline = ''
+ self.request_version = ''
+ self.command = ''
+ self.send_error(414)
+ return
if not self.raw_requestline:
self.close_connection = 1
return
generated by cgit v0.12 at 2024-11-15 00:34:07 (GMT)