Issue #10714: Limit length of incoming request in http.server to 65536 bytes

for security reasons. Initial patch by Ross Lagerwall.
author: Antoine Pitrou <solipsis@pitrou.net> 2010-12-16 16:48:36 (GMT)
committer: Antoine Pitrou <solipsis@pitrou.net> 2010-12-16 16:48:36 (GMT)
commit: c492437922d82b21972a31184af24d15ec23eba8 (patch)
tree: d179e4aed041ebcb70ac9adbd9d37002b0aa6bcb /Lib/http
parent: 12de8ac215f2c5e5a4ed30033183fc34b5f1635f (diff)
download: cpython-c492437922d82b21972a31184af24d15ec23eba8.zip
cpython-c492437922d82b21972a31184af24d15ec23eba8.tar.gz
cpython-c492437922d82b21972a31184af24d15ec23eba8.tar.bz2
1 files changed, 7 insertions, 1 deletions
diff --git a/Lib/http/server.py b/Lib/http/server.py
index 2140710..f1538f4 100644
--- a/Lib/http/server.py
+++ b/Lib/http/server.py
@@ -358,7 +358,13 @@ class BaseHTTPRequestHandler(socketserver.StreamRequestHandler):
 
         """
         try:
-            self.raw_requestline = self.rfile.readline()
+            self.raw_requestline = self.rfile.readline(65537)
+            if len(self.raw_requestline) > 65536:
+                self.requestline = ''
+                self.request_version = ''
+                self.command = ''
+                self.send_error(414)
+                return
             if not self.raw_requestline:
                 self.close_connection = 1
                 return
author	Antoine Pitrou <solipsis@pitrou.net>	2010-12-16 16:48:36 (GMT)
committer	Antoine Pitrou <solipsis@pitrou.net>	2010-12-16 16:48:36 (GMT)
commit	c492437922d82b21972a31184af24d15ec23eba8 (patch)
tree	d179e4aed041ebcb70ac9adbd9d37002b0aa6bcb /Lib/http
parent	12de8ac215f2c5e5a4ed30033183fc34b5f1635f (diff)
download	cpython-c492437922d82b21972a31184af24d15ec23eba8.zip cpython-c492437922d82b21972a31184af24d15ec23eba8.tar.gz cpython-c492437922d82b21972a31184af24d15ec23eba8.tar.bz2