Fix Issue6791 - Limit the HTTP header readline with _MAXLENGTH. Patch by Antoine Pitrou
diff --git a/Lib/test/test_httplib.py b/Lib/test/test_httplib.py
index 426995b..7dae65d 100644
--- a/Lib/test/test_httplib.py
+++ b/Lib/test/test_httplib.py
@@ -317,6 +317,33 @@
self.assertEqual("Basic realm=\"example\"",
resp.getheader("www-authenticate"))
+ # Test lines overflowing the max line size (_MAXLINE in http.client)
+
+ def test_overflowing_status_line(self):
+ body = "HTTP/1.1 200 Ok" + "k" * 65536 + "\r\n"
+ resp = client.HTTPResponse(FakeSocket(body))
+ self.assertRaises((client.LineTooLong, client.BadStatusLine), resp.begin)
+
+ def test_overflowing_header_line(self):
+ body = (
+ 'HTTP/1.1 200 OK\r\n'
+ 'X-Foo: bar' + 'r' * 65536 + '\r\n\r\n'
+ )
+ resp = client.HTTPResponse(FakeSocket(body))
+ self.assertRaises(client.LineTooLong, resp.begin)
+
+ def test_overflowing_chunked_line(self):
+ body = (
+ 'HTTP/1.1 200 OK\r\n'
+ 'Transfer-Encoding: chunked\r\n\r\n'
+ + '0' * 65536 + 'a\r\n'
+ 'hello world\r\n'
+ '0\r\n'
+ )
+ resp = client.HTTPResponse(FakeSocket(body))
+ resp.begin()
+ self.assertRaises(client.LineTooLong, resp.read)
+
class OfflineTest(TestCase):
def test_responses(self):
self.assertEqual(client.responses[client.NOT_FOUND], "Not Found")
diff --git a/Lib/test/test_httpservers.py b/Lib/test/test_httpservers.py
index 85b5ec4..19d3d17 100644
--- a/Lib/test/test_httpservers.py
+++ b/Lib/test/test_httpservers.py
@@ -573,6 +573,13 @@
self.assertEqual(result[0], b'HTTP/1.1 414 Request-URI Too Long\r\n')
self.assertFalse(self.handler.get_called)
+ def test_header_length(self):
+ # Issue #6791: same for headers
+ result = self.send_typical_request(
+ b'GET / HTTP/1.1\r\nX-Foo: bar' + b'r' * 65537 + b'\r\n\r\n')
+ self.assertEqual(result[0], b'HTTP/1.1 400 Line too long\r\n')
+ self.assertFalse(self.handler.get_called)
+
class SimpleHTTPRequestHandlerTestCase(unittest.TestCase):
""" Test url parsing """
def setUp(self):