summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--Lib/xmlrpc/server.py5
-rw-r--r--Misc/NEWS3
2 files changed, 7 insertions, 1 deletions
diff --git a/Lib/xmlrpc/server.py b/Lib/xmlrpc/server.py
index 24d8a6a..93df561 100644
--- a/Lib/xmlrpc/server.py
+++ b/Lib/xmlrpc/server.py
@@ -449,7 +449,10 @@ class SimpleXMLRPCRequestHandler(BaseHTTPRequestHandler):
L = []
while size_remaining:
chunk_size = min(size_remaining, max_chunk_size)
- L.append(self.rfile.read(chunk_size))
+ chunk = self.rfile.read(chunk_size)
+ if not chunk:
+ break
+ L.append(chunk)
size_remaining -= len(L[-1])
data = b''.join(L)
diff --git a/Misc/NEWS b/Misc/NEWS
index b70b097..6e95697 100644
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -13,6 +13,9 @@ Core and Builtins
Library
-------
+- Issue #14001: CVE-2012-0845: xmlrpc: Fix an endless loop in
+ SimpleXMLRPCServer upon malformed POST request.
+
- Issue #13885: CVE-2011-3389: the _ssl module would always disable the CBC
IV attack countermeasure.