From ec1712a1662282c909b4cd4cc0c7486646bc9246 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Charles-Fran=C3=A7ois=20Natali?= <neologix@free.fr>
Date: Sat, 18 Feb 2012 14:42:57 +0100
Subject: Issue #14001: CVE-2012-0845: xmlrpc: Fix an endless loop in
 SimpleXMLRPCServer upon malformed POST request.

---
 Lib/xmlrpc/server.py | 5 ++++-
 Misc/NEWS            | 3 +++
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/Lib/xmlrpc/server.py b/Lib/xmlrpc/server.py
index 24d8a6a..93df561 100644
--- a/Lib/xmlrpc/server.py
+++ b/Lib/xmlrpc/server.py
@@ -449,7 +449,10 @@ class SimpleXMLRPCRequestHandler(BaseHTTPRequestHandler):
             L = []
             while size_remaining:
                 chunk_size = min(size_remaining, max_chunk_size)
-                L.append(self.rfile.read(chunk_size))
+                chunk = self.rfile.read(chunk_size)
+                if not chunk:
+                    break
+                L.append(chunk)
                 size_remaining -= len(L[-1])
             data = b''.join(L)
 
diff --git a/Misc/NEWS b/Misc/NEWS
index b70b097..6e95697 100644
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -13,6 +13,9 @@ Core and Builtins
 Library
 -------
 
+- Issue #14001: CVE-2012-0845: xmlrpc: Fix an endless loop in
+  SimpleXMLRPCServer upon malformed POST request.
+
 - Issue #13885: CVE-2011-3389: the _ssl module would always disable the CBC
   IV attack countermeasure.
 
-- 
cgit v0.12