Issue #22419: Limit the length of incoming HTTP request in wsgiref server to

65536 bytes and send a 414 error code for higher lengths. Patch contributed by Devin Cook.
author: Georg Brandl <georg@python.org> 2014-09-30 12:56:46 (GMT)
committer: Georg Brandl <georg@python.org> 2014-09-30 12:56:46 (GMT)
commit: 860c367c29eb557930099a7cc7fe297a259275f6 (patch)
tree: f1b368e97e9ca6d9be8fd55872d46a0e65627456 /Lib/wsgiref/simple_server.py
parent: 21bf3f942be920f3b051f6af43f7c37b9aa5cff3 (diff)
download: cpython-860c367c29eb557930099a7cc7fe297a259275f6.zip
cpython-860c367c29eb557930099a7cc7fe297a259275f6.tar.gz
cpython-860c367c29eb557930099a7cc7fe297a259275f6.tar.bz2
1 files changed, 8 insertions, 1 deletions
diff --git a/Lib/wsgiref/simple_server.py b/Lib/wsgiref/simple_server.py
index af82f95..9c4a83d 100644
--- a/Lib/wsgiref/simple_server.py
+++ b/Lib/wsgiref/simple_server.py
@@ -114,7 +114,14 @@ class WSGIRequestHandler(BaseHTTPRequestHandler):
     def handle(self):
         """Handle a single HTTP request"""
 
-        self.raw_requestline = self.rfile.readline()
+        self.raw_requestline = self.rfile.readline(65537)
+        if len(self.raw_requestline) > 65536:
+            self.requestline = ''
+            self.request_version = ''
+            self.command = ''
+            self.send_error(414)
+            return
+
         if not self.parse_request(): # An error code has been sent, just exit
             return
author	Georg Brandl <georg@python.org>	2014-09-30 12:56:46 (GMT)
committer	Georg Brandl <georg@python.org>	2014-09-30 12:56:46 (GMT)
commit	860c367c29eb557930099a7cc7fe297a259275f6 (patch)
tree	f1b368e97e9ca6d9be8fd55872d46a0e65627456 /Lib/wsgiref/simple_server.py
parent	21bf3f942be920f3b051f6af43f7c37b9aa5cff3 (diff)
download	cpython-860c367c29eb557930099a7cc7fe297a259275f6.zip cpython-860c367c29eb557930099a7cc7fe297a259275f6.tar.gz cpython-860c367c29eb557930099a7cc7fe297a259275f6.tar.bz2