mirrors/cpython
1
0
Fork 0
mirror of https://github.com/python/cpython.git synced 2025-09-25 09:50:37 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 13

Merged revisions 87373,87381 via svnmerge from

Browse source 
svn+ssh://pythondev@svn.python.org/python/branches/py3k

........
  r87373 | senthil.kumaran | 2010-12-18 17:55:23 +0100 (sam., 18 déc. 2010) | 3 lines

  Fix Issue6791 - Limit the HTTP header readline with _MAXLENGTH. Patch by Antoine Pitrou
........
  r87381 | antoine.pitrou | 2010-12-18 18:59:18 +0100 (sam., 18 déc. 2010) | 3 lines

  NEWS entry for r87373
........
This commit is contained in:
Antoine Pitrou 2010-12-18 18:04:38 +00:00
parent a2eb94b1cf
commit ff1bbba92a
5 changed files with 68 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

29
Lib/http/client.py
View file

@ -203,6 +203,9 @@ responses = {
# maximal amount of data to read at one time in _safe_read # maximal amount of data to read at one time in _safe_read
MAXAMOUNT = 1048576 MAXAMOUNT = 1048576
# maximal line length when calling readline().
_MAXLINE = 65536
class HTTPMessage(email.message.Message): class HTTPMessage(email.message.Message):
# XXX The only usage of this method is in # XXX The only usage of this method is in
# http.server.CGIHTTPRequestHandler. Maybe move the code there so # http.server.CGIHTTPRequestHandler. Maybe move the code there so
@ -245,7 +248,9 @@ def parse_headers(fp, _class=HTTPMessage):
""" """
headers = [] headers = []
while True: while True:
line = fp.readline() line = fp.readline(_MAXLINE + 1)
if len(line) > _MAXLINE:
raise LineTooLong("header line")
headers.append(line) headers.append(line)
if line in (b'\r\n', b'\n', b''): if line in (b'\r\n', b'\n', b''):
break break
@ -349,7 +354,10 @@ class HTTPResponse(io.RawIOBase):
break break
# skip the header from the 100 response # skip the header from the 100 response
while True: while True:
skip = self.fp.readline().strip() skip = self.fp.readline(_MAXLINE + 1)
if len(skip) > _MAXLINE:
raise LineTooLong("header line")
skip = skip.strip()
if not skip: if not skip:
break break
if self.debuglevel > 0: if self.debuglevel > 0:
@ -525,7 +533,9 @@ class HTTPResponse(io.RawIOBase):
value = [] value = []
while True: while True:
if chunk_left is None: if chunk_left is None:
line = self.fp.readline() line = self.fp.readline(_MAXLINE + 1)
if len(line) > _MAXLINE:
raise LineTooLong("chunk size")
i = line.find(b";") i = line.find(b";")
if i >= 0: if i >= 0:
line = line[:i] # strip chunk-extensions line = line[:i] # strip chunk-extensions
@ -560,7 +570,9 @@ class HTTPResponse(io.RawIOBase):
# read and discard trailer up to the CRLF terminator # read and discard trailer up to the CRLF terminator
### note: we shouldn't have any trailers! ### note: we shouldn't have any trailers!
while True: while True:
line = self.fp.readline() line = self.fp.readline(_MAXLINE + 1)
if len(line) > _MAXLINE:
raise LineTooLong("trailer line")
if not line: if not line:
# a vanishingly small number of sites EOF without # a vanishingly small number of sites EOF without
# sending the trailer # sending the trailer
@ -703,7 +715,9 @@ class HTTPConnection:
raise socket.error("Tunnel connection failed: %d %s" % (code, raise socket.error("Tunnel connection failed: %d %s" % (code,
message.strip())) message.strip()))
while True: while True:
line = response.fp.readline() line = response.fp.readline(_MAXLINE + 1)
if len(line) > _MAXLINE:
raise LineTooLong("header line")
if line == b'\r\n': if line == b'\r\n':
break break
@ -1133,6 +1147,11 @@ class BadStatusLine(HTTPException):
self.args = line, self.args = line,
self.line = line self.line = line
class LineTooLong(HTTPException):
def __init__(self, line_type):
HTTPException.__init__(self, "got more than %d bytes when reading %s"
% (_MAXLINE, line_type))
# for backwards compatibility # for backwards compatibility
error = HTTPException error = HTTPException

4
Lib/http/server.py
View file

@ -314,8 +314,12 @@ class BaseHTTPRequestHandler(socketserver.StreamRequestHandler):
self.command, self.path, self.request_version = command, path, version self.command, self.path, self.request_version = command, path, version
# Examine the headers and look for a Connection directive. # Examine the headers and look for a Connection directive.
try:
self.headers = http.client.parse_headers(self.rfile, self.headers = http.client.parse_headers(self.rfile,
_class=self.MessageClass) _class=self.MessageClass)
except http.client.LineTooLong:
self.send_error(400, "Line too long")
return False
conntype = self.headers.get('Connection', "") conntype = self.headers.get('Connection', "")
if conntype.lower() == 'close': if conntype.lower() == 'close':

28
Lib/test/test_httplib.py
View file

@ -303,6 +303,34 @@ class BasicTest(TestCase):
self.assertEqual("Basic realm=\"example\"", self.assertEqual("Basic realm=\"example\"",
resp.getheader("www-authenticate")) resp.getheader("www-authenticate"))
# Test lines overflowing the max line size (_MAXLINE in http.client)
def test_overflowing_status_line(self):
self.skipTest("disabled for HTTP 0.9 support")
body = "HTTP/1.1 200 Ok" + "k" * 65536 + "\r\n"
resp = client.HTTPResponse(FakeSocket(body))
self.assertRaises((client.LineTooLong, client.BadStatusLine), resp.begin)
def test_overflowing_header_line(self):
body = (
'HTTP/1.1 200 OK\r\n'
'X-Foo: bar' + 'r' * 65536 + '\r\n\r\n'
)
resp = client.HTTPResponse(FakeSocket(body))
self.assertRaises(client.LineTooLong, resp.begin)
def test_overflowing_chunked_line(self):
body = (
'HTTP/1.1 200 OK\r\n'
'Transfer-Encoding: chunked\r\n\r\n'
+ '0' * 65536 + 'a\r\n'
'hello world\r\n'
'0\r\n'
)
resp = client.HTTPResponse(FakeSocket(body))
resp.begin()
self.assertRaises(client.LineTooLong, resp.read)
class OfflineTest(TestCase): class OfflineTest(TestCase):
def test_responses(self): def test_responses(self):
self.assertEqual(client.responses[client.NOT_FOUND], "Not Found") self.assertEqual(client.responses[client.NOT_FOUND], "Not Found")

7
Lib/test/test_httpservers.py
View file

@ -144,6 +144,13 @@ class BaseHTTPRequestHandlerTestCase(unittest.TestCase):
self.assertEqual(result[0], b'HTTP/1.1 414 Request-URI Too Long\r\n') self.assertEqual(result[0], b'HTTP/1.1 414 Request-URI Too Long\r\n')
self.assertFalse(self.handler.get_called) self.assertFalse(self.handler.get_called)
def test_header_length(self):
# Issue #6791: same for headers
result = self.send_typical_request(
b'GET / HTTP/1.1\r\nX-Foo: bar' + b'r' * 65537 + b'\r\n\r\n')
self.assertEqual(result[0], b'HTTP/1.1 400 Line too long\r\n')
self.assertFalse(self.handler.get_called)
class BaseHTTPServerTestCase(BaseTestCase): class BaseHTTPServerTestCase(BaseTestCase):
class request_handler(NoLogRequestHandler, BaseHTTPRequestHandler): class request_handler(NoLogRequestHandler, BaseHTTPRequestHandler):

3
Misc/NEWS
View file

@ -24,6 +24,9 @@ Core and Builtins
Library Library
------- -------
- Issue #6791: Limit header line length (to 65535 bytes) in http.client
and http.server, to avoid denial of services from the other party.
- Issue #10404: Use ctl-button-1 on OSX for the context menu in Idle. - Issue #10404: Use ctl-button-1 on OSX for the context menu in Idle.
- Issue #4188: Avoid creating dummy thread objects when logging operations - Issue #4188: Avoid creating dummy thread objects when logging operations