bpo-39603: Prevent header injection in http methods (GH-18485)

reject control chars in http method in http.client.putrequest to prevent http header injection (cherry picked from commit 8ca8a2e8fb068863c1138f07e3098478ef8be12e) Co-authored-by: AMIR <31338382+amiremohamadi@users.noreply.github.com>
author: Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com> 2020-07-18 20:41:55 (GMT)
committer: GitHub <noreply@github.com> 2020-07-18 20:41:55 (GMT)
commit: 27b811057ff5e93b68798e278c88358123efdc71 (patch)
tree: 14a2e7e3ae4b8e17e8e577d9c503d18920f89f4b /Misc/NEWS.d/next
parent: f92544483fc724b7e9ac11b2ee86b38e069cc70f (diff)
download: cpython-27b811057ff5e93b68798e278c88358123efdc71.zip
cpython-27b811057ff5e93b68798e278c88358123efdc71.tar.gz
cpython-27b811057ff5e93b68798e278c88358123efdc71.tar.bz2
1 files changed, 2 insertions, 0 deletions
diff --git a/Misc/NEWS.d/next/Security/2020-02-12-14-17-39.bpo-39603.Gt3RSg.rst b/Misc/NEWS.d/next/Security/2020-02-12-14-17-39.bpo-39603.Gt3RSg.rst
new file mode 100644
index 0000000..990affc
--- /dev/null
+++ b/Misc/NEWS.d/next/Security/2020-02-12-14-17-39.bpo-39603.Gt3RSg.rst
@@ -0,0 +1,2 @@
+Prevent http header injection by rejecting control characters in
+http.client.putrequest(...).
author	Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com>	2020-07-18 20:41:55 (GMT)
committer	GitHub <noreply@github.com>	2020-07-18 20:41:55 (GMT)
commit	27b811057ff5e93b68798e278c88358123efdc71 (patch)
tree	14a2e7e3ae4b8e17e8e577d9c503d18920f89f4b /Misc/NEWS.d/next
parent	f92544483fc724b7e9ac11b2ee86b38e069cc70f (diff)
download	cpython-27b811057ff5e93b68798e278c88358123efdc71.zip cpython-27b811057ff5e93b68798e278c88358123efdc71.tar.gz cpython-27b811057ff5e93b68798e278c88358123efdc71.tar.bz2