Issue #14001: CVE-2012-0845: xmlrpc: Fix an endless loop in SimpleXMLRPCServer

upon malformed POST request.
2025-11-25 12:44:13 +00:00 · 2012-02-18 14:42:57 +01:00 · 2012-02-18 14:42:57 +01:00 · ec1712a166
commit ec1712a166
parent 2f7b286a8c
2 changed files with 7 additions and 1 deletions
--- a/Lib/xmlrpc/server.py
+++ b/Lib/xmlrpc/server.py
@ -449,7 +449,10 @@ class SimpleXMLRPCRequestHandler(BaseHTTPRequestHandler):
            L = []
            while size_remaining:
                chunk_size = min(size_remaining, max_chunk_size)
-                L.append(self.rfile.read(chunk_size))
+                chunk = self.rfile.read(chunk_size)
                if not chunk:
                    break
                L.append(chunk)
                size_remaining -= len(L[-1])
            data = b''.join(L)
--- a/Misc/NEWS
+++ b/Misc/NEWS
@ -13,6 +13,9 @@ Core and Builtins
 Library
 -------
 - Issue #14001: CVE-2012-0845: xmlrpc: Fix an endless loop in
  SimpleXMLRPCServer upon malformed POST request.
 - Issue #13885: CVE-2011-3389: the _ssl module would always disable the CBC
  IV attack countermeasure.