Commit b7414e0f authored by Berker Peksag's avatar Berker Peksag

Issue #16037: HTTPMessage.readheaders() raises an HTTPException when more

than 100 headers are read.

Patch by Jyrki Pulliainen and Daniel Eriksson.
parent c468abaf
...@@ -215,6 +215,10 @@ MAXAMOUNT = 1048576 ...@@ -215,6 +215,10 @@ MAXAMOUNT = 1048576
# maximal line length when calling readline(). # maximal line length when calling readline().
_MAXLINE = 65536 _MAXLINE = 65536
# maximum amount of headers accepted
_MAXHEADERS = 100
class HTTPMessage(mimetools.Message): class HTTPMessage(mimetools.Message):
def addheader(self, key, value): def addheader(self, key, value):
...@@ -271,6 +275,8 @@ class HTTPMessage(mimetools.Message): ...@@ -271,6 +275,8 @@ class HTTPMessage(mimetools.Message):
elif self.seekable: elif self.seekable:
tell = self.fp.tell tell = self.fp.tell
while True: while True:
if len(hlist) > _MAXHEADERS:
raise HTTPException("got more than %d headers" % _MAXHEADERS)
if tell: if tell:
try: try:
startofline = tell() startofline = tell()
......
...@@ -262,6 +262,13 @@ class BasicTest(TestCase): ...@@ -262,6 +262,13 @@ class BasicTest(TestCase):
if resp.read() != "": if resp.read() != "":
self.fail("Did not expect response from HEAD request") self.fail("Did not expect response from HEAD request")
def test_too_many_headers(self):
headers = '\r\n'.join('Header%d: foo' % i for i in xrange(200)) + '\r\n'
text = ('HTTP/1.1 200 OK\r\n' + headers)
s = FakeSocket(text)
r = httplib.HTTPResponse(s)
self.assertRaises(httplib.HTTPException, r.begin)
def test_send_file(self): def test_send_file(self):
expected = 'GET /foo HTTP/1.1\r\nHost: example.com\r\n' \ expected = 'GET /foo HTTP/1.1\r\nHost: example.com\r\n' \
'Accept-Encoding: identity\r\nContent-Length:' 'Accept-Encoding: identity\r\nContent-Length:'
......
...@@ -19,6 +19,9 @@ Core and Builtins ...@@ -19,6 +19,9 @@ Core and Builtins
Library Library
------- -------
- Issue #16037: HTTPMessage.readheaders() raises an HTTPException when more
than 100 headers are read. Patch by Jyrki Pulliainen and Daniel Eriksson.
- Issue #21580: Now Tkinter correctly handles binary "data" and "maskdata" - Issue #21580: Now Tkinter correctly handles binary "data" and "maskdata"
configure options of tkinter.PhotoImage. configure options of tkinter.PhotoImage.
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment