Issue #22419: Limit the length of incoming HTTP request in wsgiref server to 65536 bytes.

author: Senthil Kumaran <senthil@uthcode.com> 2014-09-17 08:27:06 (GMT)
committer: Senthil Kumaran <senthil@uthcode.com> 2014-09-17 08:27:06 (GMT)
commit: cdabc372345a8fd53f50329d88dc7747a80e95d9 (patch)
tree: 44a6d726699679ea5b0eb42c7be44e881abfe8bd /Misc
parent: c9cdd0ccadfaaac177ab7a866b979db3b073f660 (diff)
download: cpython-cdabc372345a8fd53f50329d88dc7747a80e95d9.zip
cpython-cdabc372345a8fd53f50329d88dc7747a80e95d9.tar.gz
cpython-cdabc372345a8fd53f50329d88dc7747a80e95d9.tar.bz2
2 files changed, 5 insertions, 0 deletions
diff --git a/Misc/ACKS b/Misc/ACKS
index 1ca0479..15125e5 100644
--- a/Misc/ACKS
+++ b/Misc/ACKS
@@ -268,6 +268,7 @@ Denver Coneybeare
 Phil Connell
 Juan José Conti
 Matt Conway
+Devin Cook
 David M. Cooke
 Jason R. Coombs
 Garrett Cooper
diff --git a/Misc/NEWS b/Misc/NEWS
index 2907c1c..b545a55 100644
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -21,6 +21,10 @@ Core and Builtins
 
 Library
 -------
+- Issue #22419: Limit the length of incoming HTTP request in wsgiref server to
+  65536 bytes and send a 414 error code for higher lengths. Patch contributed
+  by Devin Cook.
+
 - Lax cookie parsing in http.cookies could be a security issue when combined
   with non-standard cookie handling in some Web browsers.  Reported by
   Sergey Bobrov.
author	Senthil Kumaran <senthil@uthcode.com>	2014-09-17 08:27:06 (GMT)
committer	Senthil Kumaran <senthil@uthcode.com>	2014-09-17 08:27:06 (GMT)
commit	cdabc372345a8fd53f50329d88dc7747a80e95d9 (patch)
tree	44a6d726699679ea5b0eb42c7be44e881abfe8bd /Misc
parent	c9cdd0ccadfaaac177ab7a866b979db3b073f660 (diff)
download	cpython-cdabc372345a8fd53f50329d88dc7747a80e95d9.zip cpython-cdabc372345a8fd53f50329d88dc7747a80e95d9.tar.gz cpython-cdabc372345a8fd53f50329d88dc7747a80e95d9.tar.bz2