Fix Issue6791 - Limit the HTTP header readline with _MAXLENGTH. Patch by Antoine Pitrou

author: Senthil Kumaran <orsenthil@gmail.com> 2010-12-18 16:55:23 (GMT)
committer: Senthil Kumaran <orsenthil@gmail.com> 2010-12-18 16:55:23 (GMT)
commit: 5466bf1c94d38e75bc053b0cfc163e2f948fe345 (patch)
tree: ee76b8a66c739f7b7d2b6cb747f1bf7cbd5181d6 /Lib/test
parent: 32e1771daf0ebbde326d91dede4b9cfae6e74f27 (diff)
download: cpython-5466bf1c94d38e75bc053b0cfc163e2f948fe345.zip
cpython-5466bf1c94d38e75bc053b0cfc163e2f948fe345.tar.gz
cpython-5466bf1c94d38e75bc053b0cfc163e2f948fe345.tar.bz2
2 files changed, 34 insertions, 0 deletions
diff --git a/Lib/test/test_httplib.py b/Lib/test/test_httplib.py
index 426995b..7dae65d 100644
--- a/Lib/test/test_httplib.py
+++ b/Lib/test/test_httplib.py
@@ -317,6 +317,33 @@ class BasicTest(TestCase):
         self.assertEqual("Basic realm=\"example\"",
                          resp.getheader("www-authenticate"))
 
+    # Test lines overflowing the max line size (_MAXLINE in http.client)
+
+    def test_overflowing_status_line(self):
+        body = "HTTP/1.1 200 Ok" + "k" * 65536 + "\r\n"
+        resp = client.HTTPResponse(FakeSocket(body))
+        self.assertRaises((client.LineTooLong, client.BadStatusLine), resp.begin)
+
+    def test_overflowing_header_line(self):
+        body = (
+            'HTTP/1.1 200 OK\r\n'
+            'X-Foo: bar' + 'r' * 65536 + '\r\n\r\n'
+        )
+        resp = client.HTTPResponse(FakeSocket(body))
+        self.assertRaises(client.LineTooLong, resp.begin)
+
+    def test_overflowing_chunked_line(self):
+        body = (
+            'HTTP/1.1 200 OK\r\n'
+            'Transfer-Encoding: chunked\r\n\r\n'
+            + '0' * 65536 + 'a\r\n'
+            'hello world\r\n'
+            '0\r\n'
+        )
+        resp = client.HTTPResponse(FakeSocket(body))
+        resp.begin()
+        self.assertRaises(client.LineTooLong, resp.read)
+
 class OfflineTest(TestCase):
     def test_responses(self):
         self.assertEqual(client.responses[client.NOT_FOUND], "Not Found")
diff --git a/Lib/test/test_httpservers.py b/Lib/test/test_httpservers.py
index 85b5ec4..19d3d17 100644
--- a/Lib/test/test_httpservers.py
+++ b/Lib/test/test_httpservers.py
@@ -573,6 +573,13 @@ class BaseHTTPRequestHandlerTestCase(unittest.TestCase):
         self.assertEqual(result[0], b'HTTP/1.1 414 Request-URI Too Long\r\n')
         self.assertFalse(self.handler.get_called)
 
+    def test_header_length(self):
+        # Issue #6791: same for headers
+        result = self.send_typical_request(
+            b'GET / HTTP/1.1\r\nX-Foo: bar' + b'r' * 65537 + b'\r\n\r\n')
+        self.assertEqual(result[0], b'HTTP/1.1 400 Line too long\r\n')
+        self.assertFalse(self.handler.get_called)
+
 class SimpleHTTPRequestHandlerTestCase(unittest.TestCase):
     """ Test url parsing """
     def setUp(self):
author	Senthil Kumaran <orsenthil@gmail.com>	2010-12-18 16:55:23 (GMT)
committer	Senthil Kumaran <orsenthil@gmail.com>	2010-12-18 16:55:23 (GMT)
commit	5466bf1c94d38e75bc053b0cfc163e2f948fe345 (patch)
tree	ee76b8a66c739f7b7d2b6cb747f1bf7cbd5181d6 /Lib/test
parent	32e1771daf0ebbde326d91dede4b9cfae6e74f27 (diff)
download	cpython-5466bf1c94d38e75bc053b0cfc163e2f948fe345.zip cpython-5466bf1c94d38e75bc053b0cfc163e2f948fe345.tar.gz cpython-5466bf1c94d38e75bc053b0cfc163e2f948fe345.tar.bz2