Issue #16037: HTTPMessage.readheaders() raises an HTTPException when more than

100 headers are read. Adapted from patch by Jyrki Pulliainen.
2025-08-03 08:34:29 +00:00 · 2014-09-30 14:08:04 +02:00 · 2014-09-30 14:08:04 +02:00 · f0746ca463
commit f0746ca463
parent ec3c103520
4 changed files with 18 additions and 2 deletions
--- a/Lib/http/client.py
+++ b/Lib/http/client.py
@ -206,6 +206,8 @@ MAXAMOUNT = 1048576

 # maximal line length when calling readline().
 _MAXLINE = 65536
+_MAXHEADERS = 100
+

 class HTTPMessage(email.message.Message):
    # XXX The only usage of this method is in
@ -253,6 +255,8 @@ def parse_headers(fp, _class=HTTPMessage):
        if len(line) > _MAXLINE:
            raise LineTooLong("header line")
        headers.append(line)
+        if len(headers) > _MAXHEADERS:
+            raise HTTPException("got more than %d headers" % _MAXHEADERS)
        if line in (b'\r\n', b'\n', b''):
            break
    hstring = b''.join(headers).decode('iso-8859-1')