diff options
author | Georg Brandl <georg@python.org> | 2014-09-30 12:08:04 (GMT) |
---|---|---|
committer | Georg Brandl <georg@python.org> | 2014-09-30 12:08:04 (GMT) |
commit | f0746ca46376647993a47e24051a80fdf679014a (patch) | |
tree | 55faff27b29f3afe16e29c56f382f1572b7e791f /Lib/http | |
parent | ec3c103520a5061e657581b388e2b8ba6f74602a (diff) | |
download | cpython-f0746ca46376647993a47e24051a80fdf679014a.zip cpython-f0746ca46376647993a47e24051a80fdf679014a.tar.gz cpython-f0746ca46376647993a47e24051a80fdf679014a.tar.bz2 |
Issue #16037: HTTPMessage.readheaders() raises an HTTPException when more than
100 headers are read. Adapted from patch by Jyrki Pulliainen.
Diffstat (limited to 'Lib/http')
-rw-r--r-- | Lib/http/client.py | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/Lib/http/client.py b/Lib/http/client.py index 5466d06..f398a64 100644 --- a/Lib/http/client.py +++ b/Lib/http/client.py @@ -206,6 +206,8 @@ MAXAMOUNT = 1048576 # maximal line length when calling readline(). _MAXLINE = 65536 +_MAXHEADERS = 100 + class HTTPMessage(email.message.Message): # XXX The only usage of this method is in @@ -253,6 +255,8 @@ def parse_headers(fp, _class=HTTPMessage): if len(line) > _MAXLINE: raise LineTooLong("header line") headers.append(line) + if len(headers) > _MAXHEADERS: + raise HTTPException("got more than %d headers" % _MAXHEADERS) if line in (b'\r\n', b'\n', b''): break hstring = b''.join(headers).decode('iso-8859-1') |