Issue #14001: CVE-2012-0845: xmlrpc: Fix an endless loop in SimpleXMLRPCServer

upon malformed POST request.
parent 91de671e
...@@ -449,7 +449,10 @@ class SimpleXMLRPCRequestHandler(BaseHTTPRequestHandler): ...@@ -449,7 +449,10 @@ class SimpleXMLRPCRequestHandler(BaseHTTPRequestHandler):
L = [] L = []
while size_remaining: while size_remaining:
chunk_size = min(size_remaining, max_chunk_size) chunk_size = min(size_remaining, max_chunk_size)
L.append(self.rfile.read(chunk_size)) chunk = self.rfile.read(chunk_size)
if not chunk:
break
L.append(chunk)
size_remaining -= len(L[-1]) size_remaining -= len(L[-1])
data = b''.join(L) data = b''.join(L)
......
...@@ -13,6 +13,9 @@ Core and Builtins ...@@ -13,6 +13,9 @@ Core and Builtins
Library Library
------- -------
- Issue #14001: CVE-2012-0845: xmlrpc: Fix an endless loop in
SimpleXMLRPCServer upon malformed POST request.
- Issue #13885: CVE-2011-3389: the _ssl module would always disable the CBC - Issue #13885: CVE-2011-3389: the _ssl module would always disable the CBC
IV attack countermeasure. IV attack countermeasure.
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment