Commit 8681f091 authored by Georg Brandl's avatar Georg Brandl

Issue #22419: Limit the length of incoming HTTP request in wsgiref server to

65536 bytes and send a 414 error code for higher lengths. Patch contributed
by Devin Cook.
parent 629eb689
......@@ -114,6 +114,11 @@ class IntegrationTests(TestCase):
out, err = run_amock()
self.check_hello(out)
def test_request_length(self):
out, err = run_amock(data=b"GET " + (b"x" * 65537) + b" HTTP/1.0\n\n")
self.assertEqual(out.splitlines()[0],
b"HTTP/1.0 414 Request-URI Too Long")
def test_validated_hello(self):
out, err = run_amock(validator(hello_app))
# the middleware doesn't support len(), so content-length isn't there
......
......@@ -114,7 +114,14 @@ class WSGIRequestHandler(BaseHTTPRequestHandler):
def handle(self):
"""Handle a single HTTP request"""
self.raw_requestline = self.rfile.readline()
self.raw_requestline = self.rfile.readline(65537)
if len(self.raw_requestline) > 65536:
self.requestline = ''
self.request_version = ''
self.command = ''
self.send_error(414)
return
if not self.parse_request(): # An error code has been sent, just exit
return
......
......@@ -219,6 +219,7 @@ Denver Coneybeare
Geremy Condra
Juan José Conti
Matt Conway
Devin Cook
David M. Cooke
Jason R. Coombs
Garrett Cooper
......
......@@ -10,6 +10,10 @@ What's New in Python 3.2.6?
Library
-------
- Issue #22419: Limit the length of incoming HTTP request in wsgiref server to
65536 bytes and send a 414 error code for higher lengths. Patch contributed
by Devin Cook.
- Issue #22517: When a io.BufferedRWPair object is deallocated, clear its
weakrefs.
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment