summaryrefslogtreecommitdiffstats
path: root/Lib/http
diff options
context:
space:
mode:
authorGeorg Brandl <georg@python.org>2014-09-30 12:08:04 (GMT)
committerGeorg Brandl <georg@python.org>2014-09-30 12:08:04 (GMT)
commitf0746ca46376647993a47e24051a80fdf679014a (patch)
tree55faff27b29f3afe16e29c56f382f1572b7e791f /Lib/http
parentec3c103520a5061e657581b388e2b8ba6f74602a (diff)
downloadcpython-f0746ca46376647993a47e24051a80fdf679014a.zip
cpython-f0746ca46376647993a47e24051a80fdf679014a.tar.gz
cpython-f0746ca46376647993a47e24051a80fdf679014a.tar.bz2
Issue #16037: HTTPMessage.readheaders() raises an HTTPException when more than
100 headers are read. Adapted from patch by Jyrki Pulliainen.
Diffstat (limited to 'Lib/http')
-rw-r--r--Lib/http/client.py4
1 files changed, 4 insertions, 0 deletions
diff --git a/Lib/http/client.py b/Lib/http/client.py
index 5466d06..f398a64 100644
--- a/Lib/http/client.py
+++ b/Lib/http/client.py
@@ -206,6 +206,8 @@ MAXAMOUNT = 1048576
# maximal line length when calling readline().
_MAXLINE = 65536
+_MAXHEADERS = 100
+
class HTTPMessage(email.message.Message):
# XXX The only usage of this method is in
@@ -253,6 +255,8 @@ def parse_headers(fp, _class=HTTPMessage):
if len(line) > _MAXLINE:
raise LineTooLong("header line")
headers.append(line)
+ if len(headers) > _MAXHEADERS:
+ raise HTTPException("got more than %d headers" % _MAXHEADERS)
if line in (b'\r\n', b'\n', b''):
break
hstring = b''.join(headers).decode('iso-8859-1')