Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
C
cpython
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Kirill Smelkov
cpython
Commits
cdabc372
Commit
cdabc372
authored
Sep 17, 2014
by
Senthil Kumaran
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Issue #22419: Limit the length of incoming HTTP request in wsgiref server to 65536 bytes.
parent
c9cdd0cc
Changes
4
Hide whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
18 additions
and
1 deletion
+18
-1
Lib/test/test_wsgiref.py
Lib/test/test_wsgiref.py
+5
-0
Lib/wsgiref/simple_server.py
Lib/wsgiref/simple_server.py
+8
-1
Misc/ACKS
Misc/ACKS
+1
-0
Misc/NEWS
Misc/NEWS
+4
-0
No files found.
Lib/test/test_wsgiref.py
View file @
cdabc372
...
@@ -113,6 +113,11 @@ class IntegrationTests(TestCase):
...
@@ -113,6 +113,11 @@ class IntegrationTests(TestCase):
out
,
err
=
run_amock
()
out
,
err
=
run_amock
()
self
.
check_hello
(
out
)
self
.
check_hello
(
out
)
def
test_request_length
(
self
):
out
,
err
=
run_amock
(
data
=
"GET "
+
(
"x"
*
65537
)
+
" HTTP/1.0
\
n
\
n
"
)
self
.
assertEqual
(
out
.
splitlines
()[
0
],
"HTTP/1.0 414 Request-URI Too Long"
)
def
test_validated_hello
(
self
):
def
test_validated_hello
(
self
):
out
,
err
=
run_amock
(
validator
(
hello_app
))
out
,
err
=
run_amock
(
validator
(
hello_app
))
# the middleware doesn't support len(), so content-length isn't there
# the middleware doesn't support len(), so content-length isn't there
...
...
Lib/wsgiref/simple_server.py
View file @
cdabc372
...
@@ -113,7 +113,14 @@ class WSGIRequestHandler(BaseHTTPRequestHandler):
...
@@ -113,7 +113,14 @@ class WSGIRequestHandler(BaseHTTPRequestHandler):
def
handle
(
self
):
def
handle
(
self
):
"""Handle a single HTTP request"""
"""Handle a single HTTP request"""
self
.
raw_requestline
=
self
.
rfile
.
readline
()
self
.
raw_requestline
=
self
.
rfile
.
readline
(
65537
)
if
len
(
self
.
raw_requestline
)
>
65536
:
self
.
requestline
=
''
self
.
request_version
=
''
self
.
command
=
''
self
.
send_error
(
414
)
return
if
not
self
.
parse_request
():
# An error code has been sent, just exit
if
not
self
.
parse_request
():
# An error code has been sent, just exit
return
return
...
...
Misc/ACKS
View file @
cdabc372
...
@@ -268,6 +268,7 @@ Denver Coneybeare
...
@@ -268,6 +268,7 @@ Denver Coneybeare
Phil Connell
Phil Connell
Juan José Conti
Juan José Conti
Matt Conway
Matt Conway
Devin Cook
David M. Cooke
David M. Cooke
Jason R. Coombs
Jason R. Coombs
Garrett Cooper
Garrett Cooper
...
...
Misc/NEWS
View file @
cdabc372
...
@@ -21,6 +21,10 @@ Core and Builtins
...
@@ -21,6 +21,10 @@ Core and Builtins
Library
Library
-------
-------
-
Issue
#
22419
:
Limit
the
length
of
incoming
HTTP
request
in
wsgiref
server
to
65536
bytes
and
send
a
414
error
code
for
higher
lengths
.
Patch
contributed
by
Devin
Cook
.
-
Lax
cookie
parsing
in
http
.
cookies
could
be
a
security
issue
when
combined
-
Lax
cookie
parsing
in
http
.
cookies
could
be
a
security
issue
when
combined
with
non
-
standard
cookie
handling
in
some
Web
browsers
.
Reported
by
with
non
-
standard
cookie
handling
in
some
Web
browsers
.
Reported
by
Sergey
Bobrov
.
Sergey
Bobrov
.
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment