diff options
| author | Senthil Kumaran <senthil@uthcode.com> | 2014-09-17 08:27:06 (GMT) |
|---|---|---|
| committer | Senthil Kumaran <senthil@uthcode.com> | 2014-09-17 08:27:06 (GMT) |
| commit | cdabc372345a8fd53f50329d88dc7747a80e95d9 (patch) | |
| tree | 44a6d726699679ea5b0eb42c7be44e881abfe8bd /Lib | |
| parent | c9cdd0ccadfaaac177ab7a866b979db3b073f660 (diff) | |
| download | cpython-cdabc372345a8fd53f50329d88dc7747a80e95d9.zip cpython-cdabc372345a8fd53f50329d88dc7747a80e95d9.tar.gz cpython-cdabc372345a8fd53f50329d88dc7747a80e95d9.tar.bz2 | |
Issue #22419: Limit the length of incoming HTTP request in wsgiref server to 65536 bytes.
Diffstat (limited to 'Lib')
| -rw-r--r-- | Lib/test/test_wsgiref.py | 5 | ||||
| -rw-r--r-- | Lib/wsgiref/simple_server.py | 9 |
2 files changed, 13 insertions, 1 deletions
diff --git a/Lib/test/test_wsgiref.py b/Lib/test/test_wsgiref.py index 401d784..40fc35e 100644 --- a/Lib/test/test_wsgiref.py +++ b/Lib/test/test_wsgiref.py @@ -113,6 +113,11 @@ class IntegrationTests(TestCase): out, err = run_amock() self.check_hello(out) + def test_request_length(self): + out, err = run_amock(data="GET " + ("x" * 65537) + " HTTP/1.0\n\n") + self.assertEqual(out.splitlines()[0], + "HTTP/1.0 414 Request-URI Too Long") + def test_validated_hello(self): out, err = run_amock(validator(hello_app)) # the middleware doesn't support len(), so content-length isn't there diff --git a/Lib/wsgiref/simple_server.py b/Lib/wsgiref/simple_server.py index 12119ea..35b98d1 100644 --- a/Lib/wsgiref/simple_server.py +++ b/Lib/wsgiref/simple_server.py @@ -113,7 +113,14 @@ class WSGIRequestHandler(BaseHTTPRequestHandler): def handle(self): """Handle a single HTTP request""" - self.raw_requestline = self.rfile.readline() + self.raw_requestline = self.rfile.readline(65537) + if len(self.raw_requestline) > 65536: + self.requestline = '' + self.request_version = '' + self.command = '' + self.send_error(414) + return + if not self.parse_request(): # An error code has been sent, just exit return |