summaryrefslogtreecommitdiffstats
path: root/Lib/test/test_httpservers.py
diff options
context:
space:
mode:
authorAntoine Pitrou <solipsis@pitrou.net>2010-12-16 16:48:36 (GMT)
committerAntoine Pitrou <solipsis@pitrou.net>2010-12-16 16:48:36 (GMT)
commitc492437922d82b21972a31184af24d15ec23eba8 (patch)
treed179e4aed041ebcb70ac9adbd9d37002b0aa6bcb /Lib/test/test_httpservers.py
parent12de8ac215f2c5e5a4ed30033183fc34b5f1635f (diff)
downloadcpython-c492437922d82b21972a31184af24d15ec23eba8.zip
cpython-c492437922d82b21972a31184af24d15ec23eba8.tar.gz
cpython-c492437922d82b21972a31184af24d15ec23eba8.tar.bz2
Issue #10714: Limit length of incoming request in http.server to 65536 bytes
for security reasons. Initial patch by Ross Lagerwall.
Diffstat (limited to 'Lib/test/test_httpservers.py')
-rw-r--r--Lib/test/test_httpservers.py6
1 files changed, 6 insertions, 0 deletions
diff --git a/Lib/test/test_httpservers.py b/Lib/test/test_httpservers.py
index b03637c..85b5ec4 100644
--- a/Lib/test/test_httpservers.py
+++ b/Lib/test/test_httpservers.py
@@ -566,6 +566,12 @@ class BaseHTTPRequestHandlerTestCase(unittest.TestCase):
self.assertEqual(sum(r == b'Connection: close\r\n' for r in result[1:-1]), 1)
self.handler = usual_handler # Restore to avoid breaking any subsequent tests.
+ def test_request_length(self):
+ # Issue #10714: huge request lines are discarded, to avoid Denial
+ # of Service attacks.
+ result = self.send_typical_request(b'GET ' + b'x' * 65537)
+ self.assertEqual(result[0], b'HTTP/1.1 414 Request-URI Too Long\r\n')
+ self.assertFalse(self.handler.get_called)
class SimpleHTTPRequestHandlerTestCase(unittest.TestCase):
""" Test url parsing """
generated by cgit v0.12 at 2024-12-02 22:11:25 (GMT)