Commit f0746ca4 authored by Georg Brandl's avatar Georg Brandl

Issue #16037: HTTPMessage.readheaders() raises an HTTPException when more than

100 headers are read.  Adapted from patch by Jyrki Pulliainen.
parent ec3c1035
...@@ -169,8 +169,8 @@ The following exceptions are raised as appropriate: ...@@ -169,8 +169,8 @@ The following exceptions are raised as appropriate:
A subclass of :exc:`HTTPException`. Raised if a server responds with a HTTP A subclass of :exc:`HTTPException`. Raised if a server responds with a HTTP
status code that we don't understand. status code that we don't understand.
The constants defined in this module are:
The constants defined in this module are:
.. data:: HTTP_PORT .. data:: HTTP_PORT
......
...@@ -206,6 +206,8 @@ MAXAMOUNT = 1048576 ...@@ -206,6 +206,8 @@ MAXAMOUNT = 1048576
# maximal line length when calling readline(). # maximal line length when calling readline().
_MAXLINE = 65536 _MAXLINE = 65536
_MAXHEADERS = 100
class HTTPMessage(email.message.Message): class HTTPMessage(email.message.Message):
# XXX The only usage of this method is in # XXX The only usage of this method is in
...@@ -253,6 +255,8 @@ def parse_headers(fp, _class=HTTPMessage): ...@@ -253,6 +255,8 @@ def parse_headers(fp, _class=HTTPMessage):
if len(line) > _MAXLINE: if len(line) > _MAXLINE:
raise LineTooLong("header line") raise LineTooLong("header line")
headers.append(line) headers.append(line)
if len(headers) > _MAXHEADERS:
raise HTTPException("got more than %d headers" % _MAXHEADERS)
if line in (b'\r\n', b'\n', b''): if line in (b'\r\n', b'\n', b''):
break break
hstring = b''.join(headers).decode('iso-8859-1') hstring = b''.join(headers).decode('iso-8859-1')
......
...@@ -272,6 +272,15 @@ class BasicTest(TestCase): ...@@ -272,6 +272,15 @@ class BasicTest(TestCase):
if resp.read(): if resp.read():
self.fail("Did not expect response from HEAD request") self.fail("Did not expect response from HEAD request")
def test_too_many_headers(self):
headers = '\r\n'.join('Header%d: foo' % i
for i in range(client._MAXHEADERS + 1)) + '\r\n'
text = ('HTTP/1.1 200 OK\r\n' + headers)
s = FakeSocket(text)
r = client.HTTPResponse(s)
self.assertRaisesRegex(client.HTTPException,
r"got more than \d+ headers", r.begin)
def test_send_file(self): def test_send_file(self):
expected = (b'GET /foo HTTP/1.1\r\nHost: example.com\r\n' expected = (b'GET /foo HTTP/1.1\r\nHost: example.com\r\n'
b'Accept-Encoding: identity\r\nContent-Length:') b'Accept-Encoding: identity\r\nContent-Length:')
......
++++++++++ +++++++++++
Python News Python News
+++++++++++ +++++++++++
...@@ -10,6 +10,9 @@ What's New in Python 3.2.6? ...@@ -10,6 +10,9 @@ What's New in Python 3.2.6?
Library Library
------- -------
- Issue #16037: HTTPMessage.readheaders() raises an HTTPException when more than
100 headers are read. Adapted from patch by Jyrki Pulliainen.
- Issue #18709: Fix CVE-2013-4238. The SSL module now handles NULL bytes - Issue #18709: Fix CVE-2013-4238. The SSL module now handles NULL bytes
inside subjectAltName correctly. Formerly the module has used OpenSSL's inside subjectAltName correctly. Formerly the module has used OpenSSL's
GENERAL_NAME_print() function to get the string represention of ASN.1 GENERAL_NAME_print() function to get the string represention of ASN.1
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment